Jump to content

sirefef.ez trojan


Recommended Posts

I noticed this past weekend that Windows Security Essentials no longer seemed to be working on my computer. Ran MBAM and 2 infections were cleaned and removed.  However, still could not see Windows Security.  Installed a 30 day trial of Eset. It found numerous threats, some cleaned and removed. However, continue to receive notification that Win32 variant sirefef.ez trojan is found and unable to be cleaned.  Below are the two files requested. Hope you can help.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.7.2
Run by Chris Jacobs at 0:20:01 on 2013-07-04
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.907 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN

BHO: {19c672d9-54c1-4416-aa7a-696185cb77f6} - <orphaned>
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: {f599d514-765f-43c8-9347-cb54ba40073f} - <orphaned>
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\chris jacobs\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [steam] "c:\program files\steam\Steam.exe" -silent
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [AdobeBridge] <no file>
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [sigmatelSysTrayApp] stsystra.exe
mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [YeppStudioAgent] c:\program files\samsung\samsung media studio\SamsungMediaStudioAgent.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: WizmaxBackup_NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: WizmaxBackup_NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &Search - <no file>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.


















TCP: NameServer = 208.67.222.222 208.67.222.220
TCP: Interfaces\{9FDD0B95-0C23-4FD0-8212-413F03EE8815} : DHCPNameServer = 208.67.222.222 208.67.222.220
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax 2007\ic2007pp.dll
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - c:\program files\turbotax 2010\ic2010pp.dll
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\turbotax 2011\ic2011pp.dll
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - c:\program files\turbotax 2012\ic2012pp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\chris jacobs\application data\mozilla\firefox\profiles\kxgn1snm.default\


FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\chris jacobs\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\chris jacobs\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\chris jacobs\local settings\application data\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\chris jacobs\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\downloaded program files\npsoe.dll
FF - plugin: c:\windows\npMSDM.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.newTab - false

FF - user.js: extensions.zonealarm.id - a4400eaf0000000000000019d11d42c2
FF - user.js: extensions.zonealarm.instlDay - 15585
FF - user.js: extensions.zonealarm.vrsn - 1.6.7.4
FF - user.js: extensions.zonealarm.vrsni - 1.6.7.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.40:10:58
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001 tlbrid=ZoneAlarmSecurity
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN114534288226826-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2013-1-10 122240]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2013-1-10 105784]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2013-3-21 1341664]
R2 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\kodak\digital display\orbkodaklauncher\DllStartupService.exe [2009-5-14 98304]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-30 418376]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-5-14 3289208]
R2 TorchCrashHandler;Torch Crash Handler;c:\documents and settings\chris jacobs\local settings\application data\torch\update\TorchCrashHandler.exe [2013-6-20 1205088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-17 22856]
S2 5576;5576;\??\c:\docume~1\chrisj~1\locals~1\temp\5576.sys --> c:\docume~1\chrisj~1\locals~1\temp\5576.sys [?]
S2 5709;5709;\??\c:\docume~1\chrisj~1\locals~1\temp\5709.sys --> c:\docume~1\chrisj~1\locals~1\temp\5709.sys [?]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-17 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2013-07-04 02:30:56    6128760    ----a-w-    c:\program files\mozilla firefox\browser\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-07-04 02:30:55    74136    ----a-w-    c:\program files\mozilla firefox\breakpadinjector.dll
2013-07-04 02:30:55    263576    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-07-04 02:30:55    19352    ----a-w-    c:\program files\mozilla firefox\AccessibleMarshal.dll
2013-07-04 01:20:26    --------    d-----w-    c:\windows\LastGood.Tmp
2013-07-04 01:16:04    9728    ------w-    c:\windows\system32\rwnh.dll
2013-07-04 01:16:04    10752    ------w-    c:\windows\system32\smtpapi.dll
2013-07-04 01:16:02    81920    ------w-    c:\windows\system32\ieencode.dll
2013-07-04 01:16:02    1327320    ------w-    c:\program files\msn\msncorefiles\install\msnsusii.exe
2013-07-04 01:16:01    884712    ------w-    c:\program files\msn\msncorefiles\install\msn9components\digcore.exe
2013-07-04 01:16:00    966656    ------w-    c:\program files\msn\msncorefiles\oobe\obemetal.dll
2013-07-04 01:16:00    86016    ------w-    c:\program files\msn\msncorefiles\oobe\obepopc.dll
2013-07-04 01:16:00    77824    ------w-    c:\program files\msn\msncorefiles\oobe\obemtllc.dll
2013-07-04 01:16:00    229376    ------w-    c:\program files\msn\msncorefiles\oobe\obelog.dll
2013-07-04 01:16:00    11053008    ------w-    c:\program files\msn\msncorefiles\install\msn9components\msncli.exe
2013-07-04 01:15:12    19569    ----a-w-    c:\windows\000001_.tmp
2013-07-01 16:54:44    --------    d-----w-    c:\documents and settings\chris jacobs\local settings\application data\ESET
2013-07-01 16:17:22    --------    d-----w-    c:\program files\ESET
2013-07-01 05:42:12    --------    d-----w-    c:\program files\Microsoft ActiveSync
2013-07-01 04:43:23    --------    dc-h--w-    c:\windows\ie8
2013-07-01 04:38:18    --------    d-----w-    c:\program files\Microsoft Download Manager
2013-07-01 04:17:50    --------    d-----w-    C:\WINSSLog
2013-07-01 03:27:45    --------    d--h--w-    c:\windows\msdownld.tmp
2013-06-28 16:28:28    --------    d-----w-    c:\documents and settings\all users\application data\AVS4YOU
2013-06-28 16:28:16    --------    d-----w-    c:\documents and settings\chris jacobs\application data\AVS4YOU
2013-06-28 16:27:31    --------    d-----w-    c:\program files\AVS4YOU
2013-06-28 16:26:30    1700352    ----a-w-    c:\windows\system32\GdiPlus.dll
2013-06-28 16:26:30    --------    d-----w-    c:\program files\common files\AVSMedia
2013-06-28 16:26:29    --------    d-----w-    C:\AVSVideoEditor
2013-06-28 14:03:30    --------    d-----w-    c:\documents and settings\chris jacobs\application data\.technic
2013-06-28 13:27:01    7068072    ----a-w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ff0b931e-3306-4452-a5c1-fd27bd249e02}\mpengine.dll
2013-06-27 12:34:04    7068072    ----a-w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-06-25 01:32:16    --------    d-----w-    c:\documents and settings\all users\application data\TorchCrashHandler
2013-06-25 01:31:14    --------    d-----w-    c:\documents and settings\chris jacobs\local settings\application data\Torch
2013-06-25 01:21:45    --------    d-----w-    c:\documents and settings\chris jacobs\local settings\application data\iLivid
2013-06-25 01:14:22    --------    d-----w-    c:\program files\CheckPoint
2013-06-23 02:13:04    --------    d-----w-    C:\Fraps
2013-06-10 03:07:26    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-06-10 03:04:49    --------    d-----w-    c:\program files\Microsoft Security Client
.
==================== Find3M  ====================
.
2013-06-12 20:31:37    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 20:31:37    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-03 01:30:20    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-04-10 01:31:19    1876352    ----a-w-    c:\windows\system32\win32k.sys
.
============= FINISH:  0:22:30.14 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 30/01/2007 11:57:37 PM
System Uptime: 03/07/2013 9:55:23 PM (3 hours ago)
.
Motherboard: Dell Inc.           |  | 0WG855
Processor: Intel® Core2 CPU          6400  @ 2.13GHz | Microprocessor | 2128/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 293 GiB total, 93.761 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&38E4B95F&0&0001
Manufacturer:
Name:
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&38E4B95F&0&0001
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS6
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ATI Catalyst Install Manager
ATI Catalyst Registration
ATI Parental Control & Encoder
AVS Video Editor 6
BioShock
Black's Digital Solution Studio
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Easy-PhotoPrint EX
Canon Easy-PhotoPrint Pro
Canon Easy-WebPrint EX
Canon G.726 WMP-Decoder
Canon MG6100 series MP Drivers
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 4.0
Canon My Printer
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Solution Menu EX
Canon Utilities Digital Photo Professional 3.10
Canon Utilities EOS Sample Music
Canon Utilities EOS Utility
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
Canon Utilities Movie Uploader for YouTube
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
CCScore
Clone Wars
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell CinePlayer
Dell Driver Reset Tool
Dell Support 3.2.1
Dell System Restore
DivX Web Player
DVD-MovieAlbumSE 3 for DVDCAM
EPSON Printer Software
ESET NOD32 Antivirus
ESPNMotion
ESSBrwr
ESSCDBK
ESSgui
ESSini
ESSPCD
ESSTOOLS
Europa Universalis III
EZface ActiveX 210
Fraps (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
Graboid Video 3.05
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iLivid
Intel® Matrix Storage Manager
Intel® PRO Network Connections
InterActual Player
iTunes
Java 7 Update 7
Java Auto Updater
Java 6 Update 33
KEDDS
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Logitech Gaming Software
Malwarebytes Anti-Malware version 1.75.0.1300
Managed DirectX (0900)
MCU
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Download Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2010
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Security Client
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 14
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works 6-9 Converter
Microsoft WSE 3.0 Runtime
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Musicnotes Player
Musicnotes Software Suite 1.0
Nancy Drew: The Captive Curse
Nancy Drew: The Curse of Blackmoor Manor
netbrdg
On2 VP3 Video for Windows Codec
Origin
Otto
PDF Settings CS6
Picasa 3
Picture Package Music Transfer
PSE10 STI Installer
PunkBuster Services
QuickTax 2006
QuickTax 2007
QuickTax 2008
QuickTax 2009
QuickTime
QuickTime for Windows (32-bit)
Race Day Demo Version
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
RPS CRT
Samsung Media Studio
SecondLife (remove only)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SHASTA
Shockwave
Sibelius Scorch (ActiveX Only)
Sid Meier's Civilization V
skin0001
Skype Click to Call
Skype™ 6.3
Smart Menus (Windows Live Toolbar)
Sonic Activation Module
Sonic Encoders
Sony Picture Utility
Spelling Dictionaries Support For Adobe Reader 9
staticcr
Steam
swMSM
TeamViewer 5
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Late Night
Tiger Woods PGA TOUR 2004
Torch
TurboTax 2010
TurboTax 2011
TurboTax 2012
UltimateGamesBar
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.762
VisualBee for Microsoft PowerPoint
VLC media player 2.0.7
VoiceOver Kit
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Mail
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]
Windows Media Player 11
Windows PowerShell 1.0
Windows Search 4.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR 4.20 (32-bit)
WIRELESS
YP-U1
ZoneAlarm Free Firewall
ZoneAlarm LTD Toolbar
.
==== Event Viewer Messages From Past Week ========
.
30/06/2013 1:37:09 PM, error: Service Control Manager [7023]  - The Network Location Awareness (NLA) service terminated with the following error:  The specified procedure could not be found.
30/06/2013 1:37:09 PM, error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
30/06/2013 1:37:09 PM, error: Service Control Manager [7000]  - The Security Services Driver (x86) service failed to start due to the following error:  The system cannot find the file specified.
30/06/2013 1:37:09 PM, error: Service Control Manager [7000]  - The Microsoft Antimalware Service service failed to start due to the following error:  The file can not be accessed by the system.
30/06/2013 1:37:09 PM, error: Service Control Manager [7000]  - The 5709 service failed to start due to the following error:  The system cannot find the file specified.
30/06/2013 1:37:09 PM, error: Service Control Manager [7000]  - The 5576 service failed to start due to the following error:  The system cannot find the file specified.
28/06/2013 12:28:45 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).
28/06/2013 10:03:27 AM, error: Service Control Manager [7031]  - The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.
.
==== End Of File ===========================
 

Link to post
Share on other sites

  • Replies 96
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

Please run the following steps and post back the logs and we'll see if we can get you cleaned up.

 

 

STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder.



Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02

Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt



STEP 03

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus





STEP 04

Please download AdwCleaner by Xplode to your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • If prompted by the User Account Control click Yes to allow it to run.
  • Under Actions click on the Delete button.
  • Click OK on all prompts.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the entire contents of that logfile to your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.



STEP 05

button_eos.gif

Please go here to run the online antivirus scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


 

 

Thanks

Link to post
Share on other sites

I have completed steps 1 and 2 and have posted the two logs produced after the second scan. The first scan found numerous threats. Cleaned and restarted computer. Second scan resulted in no threats found. I will now proceed to step 3.

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.04.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Chris Jacobs :: KJACOBS [administrator]

04/07/2013 11:09:46 PM
mbar-log-2013-07-04 (23-09-46).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 403266
Time elapsed: 52 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

---------------------------------------

 

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_33

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.128000 GHz
Memory total: 2145230848, free: 1107853312

Downloaded database version: v2013.07.04.10
Initializing...
------------ Kernel report ------------
     07/04/2013 22:08:23
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
iaStor.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\e1e5132.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\pfc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\drivers\WmBEnum.sys
\SystemRoot\system32\drivers\WmXlCore.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\system32\DRIVERS\eamon.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\System32\Drivers\NDISRD.SYS
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\epfwtdir.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\secdrv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR7
Upper Device Object: 0xffffffff8a052560
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000070\
Lower Device Object: 0xffffffff8a1eed10
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR6
Upper Device Object: 0xffffffff8a054808
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006f\
Lower Device Object: 0xffffffff8a091030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR5
Upper Device Object: 0xffffffff8a0403c0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006e\
Lower Device Object: 0xffffffff89fc55d0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff8a1e5030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006d\
Lower Device Object: 0xffffffff8a06c030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8ac456b0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xffffffff8ac46030
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8ac456b0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ac45488, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8ac456b0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ac46030, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "c:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\1028_Dell_DIM_DXP061.mrk" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_DIM_DXP061.mrk" is compressed (flags = 1)
File C:\WINDOWS\system32\drivers\afd.sys --> [Forged file]
Replacement file found for a file C:\WINDOWS\system32\drivers\afd.sys
Infected: C:\WINDOWS\system32\drivers\afd.sys --> [unknown.Rootkit.Driver]
Read File: File "c:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\Hdaudio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\Hdaudio.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E686F016

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 96327

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 96390  Numsec = 615305565
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Other (0xdb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 615401955  Numsec = 9735390

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8a1e5030, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a19c418, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a1e5030, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a06c030, DeviceName: \Device\0000006d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8a0403c0, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a194c78, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a0403c0, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89fc55d0, DeviceName: \Device\0000006e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff8a054808, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a1a41e8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a054808, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a091030, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff8a052560, DeviceName: \Device\Harddisk4\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89fe3750, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a052560, DeviceName: \Device\Harddisk4\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a1eed10, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\
------------ End ----------
Read File: File "c:\Documents and Settings\All Users\Application Data\OrbNetworks\Logs\OrbErrors.log" is compressed (flags = 1)
Infected: c:\windows\$ntuninstallkb44159$\2484680806\l\00000004.@ --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb44159$\2484680806\l\201d3dde --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb44159$\2484680806\l\6715e287 --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb44159$\2484680806\l\76603ac3 --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb44159$\2484680806\l\pdmzmplg --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb44159$\2484680806\u\00000004.@ --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb44159$\2484680806\u\00000008.@ --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb44159$\2484680806\u\000000cb.@ --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb44159$\2484680806\u\80000000.@ --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb44159$\2484680806\u\80000032.@ --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb44159$\2484680806\l --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb44159$\2484680806\u --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb44159$\2484680806 --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb44159$\2484680806\@ --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb44159$\2484680806\desktop.ini --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb44159$\2960219481 --> [backdoor.0Access]
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_33

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.128000 GHz
Memory total: 2145230848, free: 1074208768

Initializing...
------------ Kernel report ------------
     07/04/2013 23:09:27
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
imofugc.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
iaStor.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\e1e5132.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\pfc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\drivers\WmBEnum.sys
\SystemRoot\system32\drivers\WmXlCore.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\system32\DRIVERS\eamon.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\System32\Drivers\NDISRD.SYS
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\epfwtdir.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\secdrv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR7
Upper Device Object: 0xffffffff8a06d030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000070\
Lower Device Object: 0xffffffff89eca030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR6
Upper Device Object: 0xffffffff8a217030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006f\
Lower Device Object: 0xffffffff89eccea0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR5
Upper Device Object: 0xffffffff89ee84b0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006e\
Lower Device Object: 0xffffffff89ecdea0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff89f064b0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006d\
Lower Device Object: 0xffffffff89ece460
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8abed030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xffffffff8abee030
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8abed030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8abef4b8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8abed030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8abee030, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "c:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\1028_Dell_DIM_DXP061.mrk" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_DIM_DXP061.mrk" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\Hdaudio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\Hdaudio.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E686F016

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 96327

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 96390  Numsec = 615305565
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Other (0xdb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 615401955  Numsec = 9735390

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff89f064b0, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a008800, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89f064b0, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89ece460, DeviceName: \Device\0000006d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff89ee84b0, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89fa7570, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89ee84b0, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89ecdea0, DeviceName: \Device\0000006e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff8a217030, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89f4e668, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a217030, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89eccea0, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff8a06d030, DeviceName: \Device\Harddisk4\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89fa83d8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a06d030, DeviceName: \Device\Harddisk4\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89eca030, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\
------------ End ----------
Read File: File "c:\Documents and Settings\All Users\Application Data\OrbNetworks\Logs\OrbErrors.log" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_1_96390_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
 

 

Link to post
Share on other sites

Logs from Step 3 - Junkware Removal Tool

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Chris Jacobs on 05/07/2013 at  0:35:18.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\visualbee
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\visualbee
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\menuext\&search
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3268494



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\visualbee"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\trymedia"
Successfully deleted: [Folder] "C:\Documents and Settings\Chris Jacobs\Application Data\agi"
Successfully deleted: [Folder] "C:\Documents and Settings\Chris Jacobs\Application Data\iwin"
Successfully deleted: [Folder] "C:\Documents and Settings\Chris Jacobs\Application Data\pricegong"
Successfully deleted: [Folder] "C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\ilivid"
Successfully deleted: [Folder] "C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\kiwee toolbar"
Failed to delete: [Folder] "C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\torch"
Successfully deleted: [Folder] "C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\visualbeeclient"
Successfully deleted: [Folder] "C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\visualbeeexe"
Successfully deleted: [Folder] "C:\Program Files\agi"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\wiseconvert"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Documents and Settings\Chris Jacobs\Application Data\mozilla\firefox\profiles\kxgn1snm.default\user.js
Successfully deleted the following from C:\Documents and Settings\Chris Jacobs\Application Data\mozilla\firefox\profiles\kxgn1snm.default\prefs.js

user_pref("CT3268494_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1357187929503,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}

user_pref("Smartbar.ConduitSearchEngineList", "");
user_pref("Smartbar.ConduitSearchUrlList", "");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3268494");






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/07/2013 at  0:38:31.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Step 4 - AdwCleaner log

 

# User : Chris Jacobs - KJACOBS
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Chris Jacobs\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****

File Deleted : C:\DOCUME~1\CHRISJ~1\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Documents and Settings\Chris Jacobs\Start Menu\Programs\iLivid.lnk
Folder Deleted : C:\Documents and Settings\Chris Jacobs\Application Data\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Katherine Jacobs\Application Data\AGI
Folder Deleted : C:\Documents and Settings\Katherine Jacobs\Application Data\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Documents and Settings\Katherine Jacobs\Local Settings\Application Data\Kiwee Toolbar
Folder Deleted : C:\Documents and Settings\Katherine Jacobs\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\LocalService\Application Data\AGI
Folder Deleted : C:\Documents and Settings\NetworkService\Application Data\AGI
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\Binary Noise\mPlayer\kiwee_toolbar_installer.exe
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Documents and Settings\Katherine Jacobs\Application Data\Mozilla\Firefox\Profiles\a33np8gi.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Chris Jacobs\Application Data\Mozilla\Firefox\Profiles\kxgn1snm.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Documents and Settings\Katherine Jacobs\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Hannah Jacobs\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [5214 octets] - [05/07/2013 00:58:40]

########## EOF - C:\AdwCleaner[s1].txt - [5274 octets] ##########
 

Link to post
Share on other sites

  • Root Admin

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.

Link to post
Share on other sites

Unfortunately I wasn't able to copy the online scanner log as the computer rebooted sometime overnight. As I have the 30day trial version of Eset. I ran that scan and copied the log below. No threats were found.  I will now do the TDSSkiller.

 

Scan Log
Version of virus signature database: 8529 (20130705)
Date: 05/07/2013  Time: 8:55:03 AM
Scanned disks, folders and files: Operating memory;Boot sector;C:\Boot sector;C:\;D:\Boot sector;D:\;E:\Boot sector;E:\;G:\Boot sector;G:\;H:\Boot sector;H:\;I:\Boot sector;I:\;J:\Boot sector;J:\
MBR sector of the 1. physical disk - error opening [4]
MBR sector of the 2. physical disk - error opening [4]
MBR sector of the 3. physical disk - error opening [4]
MBR sector of the 4. physical disk - error opening [4]
C:\pagefile.sys - error opening [4]
C:\Documents and Settings\Aidan Jacobs\Local Settings\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\Microsoft\Outlook Express\Inbox.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Alison Jacobs\Local Settings\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\Microsoft\Outlook Express\Inbox.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Alison Jacobs\Local Settings\Temporary Internet Files\Content.IE5\ETM345QF\install207[1].cab » CAB » setup.exe - archive damaged - the file could not be extracted.
C:\Documents and Settings\Alison Jacobs\Local Settings\Temporary Internet Files\Content.IE5\ETM345QF\install207[1].cab » CAB » setup.inf - archive damaged - the file could not be extracted.
C:\Documents and Settings\Alison Jacobs\Local Settings\Temporary Internet Files\Content.IE5\ETM345QF\pie2d[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Documents and Settings\Alison Jacobs\Local Settings\Temporary Internet Files\Content.IE5\M298GKXG\site_994x700_31fps[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Documents and Settings\Alison Jacobs\Local Settings\Temporary Internet Files\Content.IE5\W5Q74TU7\032708-160x600-imvupinkbox[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Documents and Settings\Alison Jacobs\My Documents\My Pictures\Dana's Riding\Pics from Dana\FW__Drill_Drill_Drill.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Alison Jacobs\My Documents\My Pictures\School Stuff\Smiths Falls, ON - Google Maps.mht » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » CmnIds.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/arrow_right.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/btn_signup_52x20.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/more_info.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/sidetable_bottom.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/sidetable_bottom_red.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/sidetable_top.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/sidetable_top_red.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/transpix.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/watermark_mys_150x130.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » oemcfg.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » OEMIds.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » valert.htm - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » valert_old.htm - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » hs~valert.htm - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudActiveSecurity.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudActiveSecurity.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch6.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch6.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch7.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch7.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango1.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\Chris Jacobs\Application Data\Apple Computer\MobileSync\Backup\f8cd2196fed70385f934c5807f93f259d99d488f\210c2449631f0e19a71c9dbe86751b67fc3cb423 » GZIP » 210c2449631f0e19a71c9dbe86751b67fc3cb423 - archive damaged
C:\Documents and Settings\Chris Jacobs\Application Data\Apple Computer\MobileSync\Backup\f8cd2196fed70385f934c5807f93f259d99d488f\3b36fd89117b710162c318e6a7645551cdc6feb2 » GZIP » 3b36fd89117b710162c318e6a7645551cdc6feb2 - archive damaged
C:\Documents and Settings\Chris Jacobs\Application Data\Apple Computer\MobileSync\Backup\f8cd2196fed70385f934c5807f93f259d99d488f\42c0765ede75cf399464b71895601410359ed536 » GZIP » 42c0765ede75cf399464b71895601410359ed536 - archive damaged
C:\Documents and Settings\Chris Jacobs\Application Data\Apple Computer\MobileSync\Backup\f8cd2196fed70385f934c5807f93f259d99d488f\b4405a0c071f00433fb7bdb3f79cc5c412bc9dea » GZIP » b4405a0c071f00433fb7bdb3f79cc5c412bc9dea - archive damaged
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Google\Update\1.3.21.145\GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\Microsoft\Outlook Express\Cottages.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\Microsoft\Outlook Express\Horse Camp.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\Microsoft\Outlook Express\Inbox.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\Microsoft\Outlook Express\Registration Stuffs.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\Microsoft\Outlook Express\Tax Receipts.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Identities\{7436A169-E6B7-4BC8-BBDF-60C7E2EAFA1E}\Microsoft\Outlook Express\Baseball.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Identities\{7436A169-E6B7-4BC8-BBDF-60C7E2EAFA1E}\Microsoft\Outlook Express\Hockey.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Identities\{7436A169-E6B7-4BC8-BBDF-60C7E2EAFA1E}\Microsoft\Outlook Express\Inbox.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Identities\{7436A169-E6B7-4BC8-BBDF-60C7E2EAFA1E}\Microsoft\Outlook Express\Sent Items.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Deleted Items\22234CCB-00000021.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Deleted Items\2CE31851-0000001F.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Deleted Items\2D671A88-00000022.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Deleted Items\38704E74-0000001E.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Deleted Items\4945065F-00000020.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Deleted Items\4D604CE0-00000024.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Deleted Items\543D5A06-00000023.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\004E27D8-00000056.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\01017178-0000002D.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\05845DF4-0000003F.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\05E36B80-00000068.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\079D516A-00000022.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\086A78EA-00000046.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\09DD1649-00000029.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\0AF158D4-00000067.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\0D681EA2-00000037.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\0EC055AD-00000054.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\0FA67478-00000038.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\0FB83446-0000004F.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\13CB5025-0000002A.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\13D63565-00000058.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\14AD393E-0000003A.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\175D7B6A-00000060.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\1AB156EE-00000055.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\1ACA7D5F-00000031.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\1B0826C2-00000032.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\1D930363-0000005D.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\1F76305A-00000066.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\2081732E-00000064.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\215666C4-00000065.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\217B0381-00000069.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\22213ED9-0000005A.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\2A611220-00000045.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\2C6D2C30-0000005F.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\2CAB40ED-00000036.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\368A05C4-0000006C.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\376A5F56-00000049.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\3B8E3266-0000005C.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\3E9439E1-00000059.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\404D1A78-00000042.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\407F0584-0000006D.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\40D27425-00000052.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\411B5EAF-00000040.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\457E0BF2-00000044.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\46A024BA-0000004B.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\474660A4-0000006B.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\48997BD7-00000030.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\49A04E9E-00000063.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\4A2276F2-0000003D.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\4A5922E9-0000004A.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\4A7028F7-0000002C.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\4B871C3E-0000006E.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\4C663AA7-00000057.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\4D4B4965-0000004E.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\4E286DB5-00000021.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\4FA62EB6-00000024.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\59825CE2-00000047.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\59FC6675-00000053.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\5AB450B6-0000003C.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\5C125606-00000025.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\5E0C6991-0000001F.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\603F2FB1-0000001E.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\618D0138-00000051.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\62F84E78-0000003E.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\63EE0A7D-0000004D.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\658E274B-00000027.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\66AD1A66-0000002F.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\683E158B-0000006A.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\6C9865E3-00000039.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\6D23024F-00000062.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\6EB22F44-00000043.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\6FBA3DD2-00000061.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\70FB70F4-00000048.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\76A20A4B-00000033.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\7A5E0689-0000004C.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\7C00378D-0000002E.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\7C790BAC-0000005B.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\7CFC38D5-00000026.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\7D3071F7-00000020.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\7D466B83-0000002B.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Inbox\7FBC5D6E-00000035.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Junk E-mail\41BB26E9-00000002.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Junk E-mail\41BB26E9-00000004.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Junk E-mail\6DF15AF1-00000001.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Junk E-mail\6DF15AF1-00000003.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Junk E-mail\6DF15AF1-00000005.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Junk E-mail\6DF15AF1-00000006.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Junk E-mail\6DF15AF1-00000007.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Sent Items\00294823-00000001.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Sent Items\00294823-00000009.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Rogers Yahoo!\Sent Items\5C067854-0000000A.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Sentinel\WLMailSearchSentinel.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\053F5653-00000005.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\133659C4-00000001.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\287408A5-00000003.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\2B46626A-00000002.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items\33146CF3-00000004.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Drafts\12181AF7-00000001.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Cottages\10A32654-00000006.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Cottages\22F743A1-00000001.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Cottages\6ACC629E-00000005.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Cottages\6BDD14F1-00000003.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Cottages\70E358B0-00000004.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Cottages\7F540F23-00000002.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Horse Camp\01792DCE-00000004.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Horse Camp\0F096DEF-00000011.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Horse Camp\267E5DBE-00000012.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Horse Camp\29A721A6-00000010.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Horse Camp\2D6E6AA5-00000008.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Horse Camp\300C6845-00000006.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Horse Camp\32342601-00000005.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Horse Camp\32C42867-0000000D.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Horse Camp\33F83F69-00000003.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Horse Camp\3735569C-0000000C.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Horse Camp\3D9E1E46-0000000E.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Horse Camp\3E0B2DED-00000009.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Horse Camp\3E7950EF-0000000A.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Horse Camp\494B1528-00000001.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Horse Camp\53554741-0000000F.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Horse Camp\5F296DD5-0000000B.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Horse Camp\62874B39-00000002.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Horse Camp\687B2967-00000007.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Registratio f57\180A4F58-00000004.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Registratio f57\269A27C6-00000002.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Registratio f57\27BB7912-00000001.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Registratio f57\3FB8416B-00000005.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Registratio f57\42CB6E75-00000006.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Registratio f57\52874DD2-00000007.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Tax Receipts\13027845-00000002.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Tax Receipts\1DC41399-00000007.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Tax Receipts\32B57161-00000004.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Tax Receipts\6D3A57C4-00000006.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Tax Receipts\72B14A51-00000001.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Tax Receipts\74857F51-00000005.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\Tax Receipts\7E3B45CA-00000003.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Recovered items\12-21-2010  823\Outbox\67844AE1-F103D2E7.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\035D0A10-0000000D.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\03FA60D1-00000015.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\07BE20B1-00000008.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\0B5E7C38-00000009.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\0D513C2C-00000005.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\0D8067A2-00000011.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\166216A7-00000007.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\18107335-00000012.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\1C8B5572-00000001.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\23CB5E83-00000002.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\2B120EE1-0000000F.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\33154E2A-00000014.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\39300701-00000010.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\42F50B7F-00000006.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\4A464BA9-00000003.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\552B066F-00000016.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\5C90448C-0000000C.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\61A90719-00000013.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\62BD60E6-0000000A.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\702664AD-00000004.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\76341403-0000000E.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items\7A71362D-0000000B.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris Jacobs\Local Settings\temp\{4654FC1D-41A8-4978-9EB6-2EB90016E459}\GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive
C:\Documents and Settings\Chris Jacobs\Local Settings\temp\{6E8BD0C6-4C17-4502-8F1D-3B361D571D7E}\GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive
C:\Documents and Settings\Guest\Local Settings\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\Microsoft\Outlook Express\Inbox.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Hannah Jacobs\Local Settings\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\Microsoft\Outlook Express\Inbox.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Katherine Jacobs\Application Data\Apple Computer\iTunes\iPod Software Updates\iPod_1.0.2_37A20067.ipsw.download » ZIP » Firmware.MSE - archive damaged - the file could not be extracted.
C:\Documents and Settings\Katherine Jacobs\Application Data\Apple Computer\iTunes\iPod Software Updates\iPod_1.0.2_37A20067.ipsw.download » ZIP »  - archive damaged
C:\Documents and Settings\Katherine Jacobs\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000005 » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Documents and Settings\Katherine Jacobs\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000028 » NSIS » InstallManagerApp.exe - archive damaged - the file could not be extracted.
C:\Documents and Settings\Katherine Jacobs\Local Settings\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\Microsoft\Outlook Express\Inbox.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Katherine Jacobs\Local Settings\Application Data\Microsoft\Windows Live Mail\Sentinel\WLMailSearchSentinel.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6GZXKRU3\MediaPlayer[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6S93X00O\flowplayer-3.2.7[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FJG6FQZA\InstreamAdBroker_2013_06_11_00_06[2].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VB9EB1CW\MediaPlayerCAHH9J55.swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XPVCPZHI\admanager[5].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XPVCPZHI\MediaPlayer[3].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZH9CL6TJ\flowplayer-3.2.7[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZH9CL6TJ\flowplayer-3.2.7[2].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\C7S9O0KX\Flowplayer_Hiro[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S4I6F2Q5\ES_10971[1].swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\Program Files\Common Files\Wise Installation Wizard\WIS41EBC322660F4D16A0DF53147210CBDB_4_3_32_3239.MSI » MSI » Cabs.w1.cab » CAB » SHDS.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Wise Installation Wizard\WIS41EBC322660F4D16A0DF53147210CBDB_4_3_32_3239.MSI » MSI » Cabs.w1.cab » CAB » initrd.gz2 » GZIP » initrd_ » CPIO »  - archive damaged
C:\Program Files\GameNutt_2s\bar\1.bin\chrome\2sffxtbr.jar » ZIP »  - archive damaged
C:\Program Files\Microsoft Security Client\DbgHelp.dll - error opening [4]
C:\Program Files\Microsoft Security Client\EppManifest.dll - error opening [4]
C:\Program Files\Microsoft Security Client\LegitLib.dll - error opening [4]
C:\Program Files\Microsoft Security Client\MpAsDesc.dll - error opening [4]
C:\Program Files\Microsoft Security Client\MpClient.dll - error opening [4]
C:\Program Files\Microsoft Security Client\MpCmdRun.exe - error opening [4]
C:\Program Files\Microsoft Security Client\MpCommu.dll - error opening [4]
C:\Program Files\Microsoft Security Client\mpevmsg.dll - error opening [4]
C:\Program Files\Microsoft Security Client\MpOAv.dll - error opening [4]
C:\Program Files\Microsoft Security Client\MpRTP.dll - error opening [4]
C:\Program Files\Microsoft Security Client\MpSvc.dll - error opening [4]
C:\Program Files\Microsoft Security Client\MsMpCom.dll - error opening [4]
C:\Program Files\Microsoft Security Client\MsMpEng.exe - error opening [4]
C:\Program Files\Microsoft Security Client\MsMpLics.dll - error opening [4]
C:\Program Files\Microsoft Security Client\MsMpRes.dll - error opening [4]
C:\Program Files\Microsoft Security Client\msseces.exe - error opening [4]
C:\Program Files\Microsoft Security Client\MsseWat.dll - error opening [4]
C:\Program Files\Microsoft Security Client\Setup.exe - error opening [4]
C:\Program Files\Microsoft Security Client\SetupRes.dll - error opening [4]
C:\Program Files\Microsoft Security Client\shellext.dll - error opening [4]
C:\Program Files\Microsoft Security Client\SqmApi.dll - error opening [4]
C:\Program Files\Microsoft Security Client\SymSrv.dll - error opening [4]
C:\Program Files\Microsoft Security Client\SymSrv.yes - error opening [4]
C:\WINDOWS\system32\spool\drivers\w32x86\3\EB5ST000.DAT » CAB » \LPT_t\Ebplpt.dll - archive damaged - the file could not be extracted.
C:\WINDOWS\system32\spool\drivers\w32x86\3\EB5ST000.DAT » CAB » \LPT_s\ECBTEG.DLL - archive damaged - the file could not be extracted.
C:\WINDOWS\system32\spool\drivers\w32x86\3\EB5ST000.DAT » CAB » \LPTW2K_s\EBPMON2.DLL - archive damaged - the file could not be extracted.
C:\WINDOWS\system32\spool\drivers\w32x86\3\EB5ST000.DAT » CAB » \LPTW2K_s\ebpport.dat - archive damaged - the file could not be extracted.
C:\WINDOWS\system32\spool\drivers\w32x86\3\EB5ST000.DAT » CAB » \LPTNT_s\ebppmon.dll - archive damaged - the file could not be extracted.
C:\WINDOWS\system32\spool\drivers\w32x86\3\EB5ST000.DAT » CAB » \LPT95_s\EBPMON.DLL - archive damaged - the file could not be extracted.
C:\WINDOWS\system32\spool\drivers\w32x86\3\EB5ST000.DAT » CAB » \LPT95_s\ebpport.dat - archive damaged - the file could not be extracted.
C:\WINDOWS\system32\spool\drivers\w32x86\3\EB5ST000.DAT » CAB » \Etc\EBAPI.ini - archive damaged - the file could not be extracted.
C:\WINDOWS\system32\spool\drivers\w32x86\3\EB5ST000.DAT » CAB » \EBAPI16_s\Ebapi162.dll - archive damaged - the file could not be extracted.
C:\WINDOWS\system32\spool\drivers\w32x86\3\EB5ST000.DAT » CAB » \EBAPI16_s\EBAPI2HS.EXE - archive damaged - the file could not be extracted.
C:\WINDOWS\system32\spool\drivers\w32x86\3\EB5ST000.DAT » CAB » \BASE_t\STMSetup.exe - archive damaged - the file could not be extracted.
C:\WINDOWS\system32\spool\drivers\w32x86\3\EB5ST000.DAT » CAB » \BASE_t\STMSetup.ex0 - archive damaged - the file could not be extracted.
C:\WINDOWS\system32\spool\drivers\w32x86\3\EB5ST000.DAT » CAB » \BASE_s\ebapi2.dll - archive damaged - the file could not be extracted.
C:\WINDOWS\system32\spool\drivers\w32x86\3\EB5ST000.DAT » CAB » \AGENT2_t\SAgent2.exe - archive damaged - the file could not be extracted.
Boot sector of disk D: - error opening [4]
D:\ - error opening [4]
Boot sector of disk E: - error opening [4]
E:\ - error opening [4]
Boot sector of disk G: - error opening [4]
G:\ - error opening [4]
Boot sector of disk H: - error opening [4]
H:\ - error opening [4]
Boot sector of disk I: - error opening [4]
I:\ - error opening [4]
Boot sector of disk J: - error opening [4]
J:\ - error opening [4]
Number of scanned objects: 564681
Number of threats found: 0
Time of completion: 10:28:45 AM  Total scanning time: 5622 sec (01:33:42)

Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.
 

Link to post
Share on other sites

Having difficulty sending the TDSSKiller Log. When I try to post the entire log, I receive a message that post is too big.  Here is the last bit of the log. Let me know if you need the entire log and how I can send it to you.

 

18:35:06.0500 4508  Scan finished
18:35:06.0500 4508  ============================================================
18:35:06.0609 4500  Detected object count: 11
18:35:06.0609 4500  Actual detected object count: 11
18:35:35.0578 4500  CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
18:35:35.0578 4500  CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:35:35.0578 4500  DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
18:35:35.0578 4500  DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:35:35.0593 4500  IAANTMON ( UnsignedFile.Multi.Generic ) - skipped by user
18:35:35.0593 4500  IAANTMON ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:35:35.0593 4500  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:35:35.0593 4500  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:35:35.0593 4500  KodakDigitalDisplayService ( UnsignedFile.Multi.Generic ) - skipped by user
18:35:35.0593 4500  KodakDigitalDisplayService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:35:35.0593 4500  MHN ( UnsignedFile.Multi.Generic ) - skipped by user
18:35:35.0593 4500  MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:35:35.0593 4500  MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:35:35.0593 4500  MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:35:35.0593 4500  NAL ( UnsignedFile.Multi.Generic ) - skipped by user
18:35:35.0593 4500  NAL ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:35:35.0593 4500  NDISRD ( UnsignedFile.Multi.Generic ) - skipped by user
18:35:35.0593 4500  NDISRD ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:35:35.0593 4500  pfc ( UnsignedFile.Multi.Generic ) - skipped by user
18:35:35.0593 4500  pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:35:35.0593 4500  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
18:35:35.0593 4500  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:35:40.0015 3608  Deinitialize success

Link to post
Share on other sites

All was working well, but I just came back and it seems the computer has lost its connection to our network. Not really sure what is happening as I am using my daughter's computer that is connected to the same wireless network. Even odder as the router/modem is plugged into the computer.

Link to post
Share on other sites

  • Root Admin

Please run the following and let me know if it corrects it or not.

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.

Link to post
Share on other sites

I cannot access the internet on the computer we have been working on, but managed to complete the MiniToolBox by copying the program via a USB stick.  Here is the report.

 

MiniToolBox by Farbar  Version: 16-06-2013
Ran by Chris Jacobs (administrator) on 06-07-2013 at 11:44:57
Running from "C:\Documents and Settings\Chris Jacobs\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

 

Could not flush the DNS Resolver Cache: Function failed during execution.

 

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Intel® 82566DC Gigabit Network Connection = Local Area Connection (Connected)

# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

popd
# End of interface IP configuration

 

Windows IP Configuration

 

        Host Name . . . . . . . . . . . . : KJacobs

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Broadcast

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

 

Ethernet adapter Local Area Connection:

 

        Connection-specific DNS Suffix  . : phub.net.cable.rogers.com

        Description . . . . . . . . . . . : Intel® 82566DC Gigabit Network Connection

        Physical Address. . . . . . . . . : 00-19-D1-1D-42-C2

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 0.0.0.0

        Subnet Mask . . . . . . . . . . . : 0.0.0.0

        Default Gateway . . . . . . . . . :

        DHCP Server . . . . . . . . . . . : 192.168.0.1

        DNS Servers . . . . . . . . . . . : 208.67.222.222

                                            208.67.222.220

        NetBIOS over Tcpip. . . . . . . . : Disabled

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

 

Pinging 127.0.0.1 with 32 bytes of data:

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 d1 1d 42 c2 ...... Intel® 82566DC Gigabit Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
  255.255.255.255  255.255.255.255  255.255.255.255               2   1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/06/2013 11:37:35 AM) (Source: Media Center Extender Services) (User: )
Description: ERROR: Device Service Listener - UDP networking failed. Error code 0x80072742.

Error: (07/06/2013 11:37:26 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (07/06/2013 10:03:59 AM) (Source: Application Error) (User: )
Description: Faulting application civilizationv.exe, version 1.0.2.44, faulting module msvcr90.dll, version 9.0.30729.6161, fault address 0x0005beae.
Processing media-specific event for [civilizationv.exe!ws!]

Error: (07/06/2013 09:00:50 AM) (Source: Application Error) (User: )
Description: Faulting application civilizationv.exe, version 1.0.2.44, faulting module msvcr90.dll, version 9.0.30729.6161, fault address 0x0005beae.
Processing media-specific event for [civilizationv.exe!ws!]

Error: (07/06/2013 08:56:16 AM) (Source: Media Center Extender Services) (User: )
Description: ERROR: Device Service Listener - UDP networking failed. Error code 0x80072742.

Error: (07/06/2013 08:56:04 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (07/05/2013 11:14:51 PM) (Source: Media Center Extender Services) (User: )
Description: ERROR: Device Service Listener - UDP networking failed. Error code 0x80072742.

Error: (07/05/2013 11:14:47 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (07/05/2013 11:07:15 PM) (Source: Application Hang) (User: )
Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/05/2013 11:04:34 PM) (Source: Media Center Extender Services) (User: )
Description: ERROR: Device Service Listener - UDP networking failed. Error code 0x80072742.

System errors:
=============
Error: (07/06/2013 11:37:42 AM) (Source: Service Control Manager) (User: )
Description: The 5576 service failed to start due to the following error:
%%2

Error: (07/06/2013 10:09:30 AM) (Source: Service Control Manager) (User: )
Description: The AFD service failed to start due to the following error:
%%2001

Error: (07/06/2013 10:09:30 AM) (Source: Service Control Manager) (User: )
Description: The AFD service failed to start due to the following error:
%%2001

Error: (07/06/2013 10:09:30 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error:
%%2001

Error: (07/06/2013 10:09:30 AM) (Source: Service Control Manager) (User: )
Description: The AFD service failed to start due to the following error:
%%2001

Error: (07/06/2013 10:09:30 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error:
%%2001

Error: (07/06/2013 10:09:30 AM) (Source: Service Control Manager) (User: )
Description: The AFD service failed to start due to the following error:
%%2001

Error: (07/06/2013 10:03:21 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error:
%%2001

Error: (07/06/2013 10:03:21 AM) (Source: Service Control Manager) (User: )
Description: The AFD service failed to start due to the following error:
%%2001

Error: (07/06/2013 08:58:59 AM) (Source: Service Control Manager) (User: )
Description: The AFD service failed to start due to the following error:
%%2001

Microsoft Office Sessions:
=========================
Error: (07/06/2013 11:37:35 AM) (Source: Media Center Extender Services)(User: )
Description: UDP0x80072742

Error: (07/06/2013 11:37:26 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (07/06/2013 10:03:59 AM) (Source: Application Error)(User: )
Description: civilizationv.exe1.0.2.44msvcr90.dll9.0.30729.61610005beae

Error: (07/06/2013 09:00:50 AM) (Source: Application Error)(User: )
Description: civilizationv.exe1.0.2.44msvcr90.dll9.0.30729.61610005beae

Error: (07/06/2013 08:56:16 AM) (Source: Media Center Extender Services)(User: )
Description: UDP0x80072742

Error: (07/06/2013 08:56:04 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (07/05/2013 11:14:51 PM) (Source: Media Center Extender Services)(User: )
Description: UDP0x80072742

Error: (07/05/2013 11:14:47 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (07/05/2013 11:07:15 PM) (Source: Application Hang)(User: )
Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (07/05/2013 11:04:34 PM) (Source: Media Center Extender Services)(User: )
Description: UDP0x80072742

=========================== Installed Programs ============================

Adobe AIR (Version: 2.7.1.19610)
Adobe Community Help (Version: 3.5.23)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Photoshop CS6 (Version: 13.0)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 11.6 (Version: 11.6.6.636)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft Print Creations (Version: 2.8.255.384)
ATI Catalyst Install Manager (Version: 3.0.795.0)
ATI Catalyst Registration (Version: 3.00.0000)
ATI Parental Control & Encoder (Version: 3.0)
AVS Video Editor 6 (Version: 6.3.3.235)
BioShock (Version: 2.5.0000)
Black's Digital Solution Studio (Version: 2.6.8.704)
Bonjour (Version: 3.0.0.10)
Canon Camera Access Library (Version: 8.2.0.1)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.3.0.11)
Canon Easy-PhotoPrint EX
Canon Easy-PhotoPrint Pro
Canon Easy-WebPrint EX
Canon G.726 WMP-Decoder (Version: 1.0.1.3)
Canon MG6100 series MP Drivers
Canon MOV Decoder (Version: 1.8.0.7)
Canon MOV Encoder (Version: 1.6.0.1)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.7.0.4)
Canon MP Navigator EX 4.0
Canon My Printer
Canon RAW Image Task for ZoomBrowser EX (Version: 2.4.0.7)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.6.0.9)
Canon Solution Menu EX
Canon Utilities Digital Photo Professional 3.10 (Version: 3.10.2.0)
Canon Utilities EOS Sample Music (Version: 1.0.0.204)
Canon Utilities EOS Utility (Version: 2.10.2.0)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (Version: 1.0.0.10)
Canon Utilities Movie Uploader for YouTube (Version: 1.2.0.7)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities Picture Style Editor (Version: 1.9.0.0)
Canon Utilities ZoomBrowser EX (Version: 6.7.0.24)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.5.0.9)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.0910.2122.36517)
Catalyst Control Center InstallProxy (Version: 2010.0910.2122.36517)
CCC Help English (Version: 2010.0910.2121.36517)
ccc-core-static (Version: 2010.0910.2122.36517)
ccc-utility (Version: 2010.0910.2122.36517)
CCScore (Version: 7.00.0000.0001)
Clone Wars
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Critical Update for Windows Media Player 11 (KB959772)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell CinePlayer (Version: 3.0)
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Support 3.2.1 (Version: 5.5.2087)
Dell System Restore (Version: 2.00.0000)
DivX Web Player (Version: 1.4.3)
DVD-MovieAlbumSE 3 for DVDCAM
EPSON Printer Software
ERUNT 1.1j
ESET NOD32 Antivirus (Version: 6.0.316.0)
ESET Online Scanner v3
ESPNMotion (Version: 2.1.6.0011)
ESSBrwr (Version: 8.00.0000.0001)
ESSCDBK (Version: 8.00.0000.0001)
ESSgui (Version: 8.00.0000.0001)
ESSini (Version: 8.00.0000.0001)
ESSPCD (Version: 7.01.0000.0001)
ESSTOOLS (Version: 5.00.0000.0004)
Europa Universalis III
EZface ActiveX 210 (Version: 2.1.0)
Fraps (remove only)
Google Talk Plugin (Version: 2.1.8.0)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Graboid Video 3.05 (Version: 3.05)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
Intel® Matrix Storage Manager
Intel® PRO Network Connections (Version: )
InterActual Player
iTunes (Version: 11.0.2.26)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java 6 Update 33 (Version: 6.0.330)
KEDDS (Version: 1.04.0000.0005)
kgcbaby (Version: 5.03.0000.0002)
kgchday (Version: 5.03.0000.0002)
kgchlwn (Version: 5.03.0000.0002)
kgcinvt (Version: 5.03.0000.0003)
kgckids (Version: 6.03.0001.0001)
kgcmove (Version: 6.03.0001.0001)
kgcvday (Version: 5.03.0000.0002)
Logitech Gaming Software (Version: 4.40)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Managed DirectX (0900) (Version: 4.09.00.0900)
MCU (Version: 1.00.0000)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Download Manager (Version: 1.2.1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.6029.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works 6-9 Converter (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
MobileMe Control Panel (Version: 3.1.5.0)
Move Networks Media Player for Internet Explorer
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSN
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.00.3883.8)
Musicnotes Player
Musicnotes Software Suite 1.0 (Version: 1.1)
Nancy Drew: The Captive Curse (Version: 8.0.0.30162)
Nancy Drew: The Curse of Blackmoor Manor
netbrdg (Version: 7.01.0000.0001)
On2 VP3 Video for Windows Codec
Origin (Version: 8.2.2.2413)
Otto
PDF Settings CS6 (Version: 11.0)
Picasa 3 (Version: 3.9)
Picture Package Music Transfer (Version: 1.1.00.11270)
PSE10 STI Installer (Version: 10.0)
PunkBuster Services (Version: 0.986)
QuickTax 2006
QuickTax 2007 (Version: 1.00.0000)
QuickTax 2008 (Version: 1.00.0000)
QuickTax 2009 (Version: 1.00.0000)
QuickTime (Version: 7.73.80.64)
QuickTime for Windows (32-bit)
Race Day Demo Version
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.6)
RealUpgrade 1.1 (Version: 1.1.0)
RPS CRT (Version: 7.0.28)
Samsung Media Studio
SecondLife (remove only)
SHASTA (Version: 7.01.0000.0001)
Sibelius Scorch (ActiveX Only) (Version: 5.2.1)
Sid Meier's Civilization V
skin0001 (Version: 8.00.0000.0001)
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.3 (Version: 6.3.105)
Smart Menus (Windows Live Toolbar) (Version: 03.01.0146)
Sonic Activation Module (Version: 1.0)
Sonic Encoders (Version: 1.00)
Sony Picture Utility (Version: 3.0.01.12110)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
staticcr (Version: 8.00.0000.0001)
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
TeamViewer 5 (Version: 5.1.10408 )
The Sims™ 3 (Version: 1.42.130)
The Sims™ 3 Ambitions (Version: 4.10.1)
The Sims™ 3 Late Night (Version: 6.0.81)
Tiger Woods PGA TOUR 2004
Torch (Version: 25.0.0.3646)
TurboTax 2010 (Version: 1.00.0000)
TurboTax 2011 (Version: 1.00.0000)
TurboTax 2012 (Version: 1.00.0000)
UltimateGamesBar
Unity Web Player (Version: 2.6.1f3_31223)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
VisualBee for Microsoft PowerPoint (Version: V3.6)
VLC media player 2.0.7 (Version: 2.0.7)
VoiceOver Kit (Version: 1.42.128.0)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Mail
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]
Windows PowerShell 1.0 (Version: 1)
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
WIRELESS (Version: 7.02.0000.0001)
YP-U1 (Version: )
ZoneAlarm Free Firewall (Version: 10.2.078.000)

========================= Devices: ================================

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 2045.85 MB
Available physical RAM: 1144.51 MB
Total Pagefile: 3938.29 MB
Available Pagefile: 3166.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.69 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:293.4 GB) (Free:93.5 GB) NTFS
4 Drive f: (KINGSTON) (Removable) (Total:3.73 GB) (Free:3.65 GB) FAT32

========================= Users: ========================================

User accounts for \\KJACOBS

Administrator            Aidan Jacobs             Alison Jacobs           
Chris Jacobs             Guest                    Hannah Jacobs           
HelpAssistant            Katherine Jacobs         kodak                   
SUPPORT_388945a0        

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini030610-01.dmp
C:\WINDOWS\Minidump\Mini041611-01.dmp
C:\WINDOWS\Minidump\Mini050210-01.dmp
C:\WINDOWS\Minidump\Mini051510-01.dmp
C:\WINDOWS\Minidump\Mini101710-01.dmp
C:\WINDOWS\Minidump\Mini101810-01.dmp
C:\WINDOWS\Minidump\Mini102410-01.dmp
C:\WINDOWS\Minidump\Mini102710-01.dmp
C:\WINDOWS\Minidump\Mini102910-01.dmp
C:\WINDOWS\Minidump\Mini110110-01.dmp
C:\WINDOWS\Minidump\Mini110609-01.dmp

**** End of log ****

Link to post
Share on other sites

  • Root Admin

Yes this computer shows its not getting an IP

IP Address. . . . . . . . . . . . : 0.0.0.0

Subnet Mask . . . . . . . . . . . : 0.0.0.0

It also shows some important networking files are not set correctly.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Chris Jacobs (administrator) on 06-07-2013 21:30:12
Running from C:\Documents and Settings\Chris Jacobs\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Orb Networks, Inc.) C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
() C:\Program Files\Dell\Media Experience\DMXLauncher.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
() C:\WINDOWS\system32\PnkBstrA.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(TorchMedia Inc.) C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe [67584 2005-09-29] (Microsoft Corporation)
HKLM\...\Run: [sigmatelSysTrayApp] stsystra.exe [x]
HKLM\...\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [151552 2006-07-06] (Intel Corporation)
HKLM\...\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe [94208 2005-10-05] ()
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-12-14] (Apple Inc.)
HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe [40960 2005-09-12] ()
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2516296 2010-03-24] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup [249856 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe"  -osboot [296096 2012-08-10] (RealNetworks, Inc.)
HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] ()
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [5078504 2013-03-21] (ESET)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [Google Update] "C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-30] (Google Inc.)
HKCU\...\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent [1641896 2013-06-06] (Valve Corporation)
HKCU\...\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [18672232 2013-02-28] (Skype Technologies S.A.)
HKCU\...\Run: [AdobeBridge]  [x]
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8HP&PC=UP62
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=UP62
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {093d18f3-98c6-4e68-b6c0-9da816681fcf} URL =
BHO: No Name - {19c672d9-54c1-4416-aa7a-696185cb77f6} -  No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {f599d514-765f-43c8-9347-cb54ba40073f} -  No File
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU -No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU -Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU -No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files\TurboTax 2012\ic2012pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.222.220

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Chris Jacobs\Application Data\Mozilla\Firefox\Profiles\kxgn1snm.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @GameNutt_2s.com/Plugin - C:\Program Files\GameNutt_2s\bar\1.bin\NP2sStub.dll No File
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @soe.sony.com/installer,version=1.0.3 - C:\WINDOWS\Downloaded Program Files\npsoe.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\Chris Jacobs\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Documents and Settings\Chris Jacobs\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Documents and Settings\Chris Jacobs\Application Data\Mozilla\Firefox\Profiles\kxgn1snm.default\searchplugins\visualbee-v1-customized-web-search.xml
FF Extension: No Name - C:\Documents and Settings\Chris Jacobs\Application Data\Mozilla\Extensions\mozswing@mozswing.org
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [2sffxtbr@GameNutt_2s.com] C:\Program Files\GameNutt_2s\bar\1.bin
FF Extension: UltimateGamesBar - C:\Program Files\GameNutt_2s\bar\1.bin
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\Chris Jacobs\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\Chris Jacobs\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Unity Player) - C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (SOE Web Installer) - C:\WINDOWS\Downloaded Program Files\npsoe.dll ()
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Docs) - C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Torch Share) - C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof\1.0.0.3604_0
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0
CHR Extension: (Gmail) - C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1341664 2013-03-21] (ESET)
R2 KodakDigitalDisplayService; C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [98304 2009-05-14] (Orb Networks, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [66872 2010-11-08] ()
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-05-14] (Skype Technologies S.A.)
R2 TorchCrashHandler; C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe [1205088 2013-06-20] (TorchMedia Inc.)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

S1 AFD; C:\Windows\System32\drivers\afd.sys [138496 2011-08-17] ()
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [5417472 2010-09-10] (ATI Technologies Inc.)
S3 DSproct; C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [4864 2006-01-10] (GTek Technologies Ltd.)
R1 eamon; C:\Windows\System32\DRIVERS\eamon.sys [161368 2013-01-10] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [122240 2013-01-10] (ESET)
R1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [105784 2013-01-10] (ESET)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [24064 2006-06-05] (Intel Corporation )
U1 NDISRD; C:\Windows\System32\Drivers\NDISRD.sys [24576 2009-06-22] (NT Kernel Resources)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [9856 2003-01-09] (Padus, Inc.)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1156648 2006-07-24] (SigmaTel, Inc.)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [10144 2004-04-14] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [21280 2004-04-14] (Logitech Inc.)
S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [5600 2004-04-14] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [44064 2004-04-14] (Logitech Inc.)
S2 5576; \??\C:\DOCUME~1\CHRISJ~1\LOCALS~1\Temp\5576.sys [x]
S2 5709; \??\C:\DOCUME~1\CHRISJ~1\LOCALS~1\Temp\5709.sys [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S2 RPSKT; system32\DRIVERS\rp_skt32.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2013-07-06 21:29 - 2013-07-06 21:29 - 00000000 ____D C:\FRST
2013-07-05 03:04 - 2013-07-05 03:04 - 00013049 ____A C:\Windows\KB2485663.log
2013-07-05 03:04 - 2013-07-05 03:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2485663$
2013-07-05 03:00 - 2013-07-05 03:00 - 00007443 ____A C:\Windows\KB923561.log
2013-07-05 03:00 - 2013-07-05 03:00 - 00000000 __HDC C:\Windows\$NtUninstallKB923561$
2013-07-05 00:58 - 2013-07-05 00:59 - 00005343 ____A C:\AdwCleaner[s1].txt
2013-07-05 00:35 - 2013-07-05 00:35 - 00000000 ____D C:\Windows\ERUNT
2013-07-05 00:34 - 2013-07-05 00:34 - 00000000 ____D C:\JRT
2013-07-04 22:02 - 2013-07-04 22:03 - 00000000 ____D C:\Program Files\ERUNT
2013-07-03 22:30 - 2013-07-03 23:37 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\Windows\$NtUninstallKB952954$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\Windows\$NtUninstallKB952287$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\Windows\$NtUninstallKB951748$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\Windows\$NtUninstallKB951698$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\Windows\$NtUninstallKB951376-v2$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\Windows\$NtUninstallKB951376$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\Windows\$NtUninstallKB951066$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\Windows\$NtUninstallKB950974$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\Windows\$NtUninstallKB950762$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\Windows\$NtUninstallKB946648$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\Windows\$NtUninstallKB938464$
2013-07-03 21:16 - 2008-04-14 05:41 - 00081920 ____N (Microsoft Corporation) C:\Windows\System32\ieencode.dll
2013-07-03 21:15 - 2006-12-29 00:31 - 00019569 ____A C:\Windows\000001_.tmp
2013-07-02 19:34 - 2013-07-06 14:59 - 00000292 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3363229072-3021304974-548893752-1007.job
2013-07-01 12:17 - 2013-07-05 01:13 - 00000000 ____D C:\Program Files\ESET
2013-07-01 01:42 - 2013-07-01 01:42 - 00000000 ____D C:\Program Files\Microsoft ActiveSync
2013-07-01 00:43 - 2013-07-01 01:49 - 00000000 __HDC C:\Windows\ie8
2013-07-01 00:38 - 2013-07-01 00:38 - 00000000 ____D C:\Program Files\Microsoft Download Manager
2013-07-01 00:17 - 2013-07-01 00:17 - 00000000 ____D C:\WINSSLog
2013-06-30 23:27 - 2013-06-30 23:29 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-06-28 12:27 - 2013-06-28 12:27 - 00000000 ____D C:\Program Files\AVS4YOU
2013-06-28 12:26 - 2013-06-28 12:28 - 00000000 ____D C:\AVSVideoEditor
2013-06-28 12:26 - 2013-06-28 12:27 - 00000000 ____D C:\Program Files\Common Files\AVSMedia
2013-06-28 12:26 - 2011-06-23 13:26 - 01700352 ____A (Microsoft Corporation) C:\Windows\System32\GdiPlus.dll
2013-06-24 21:14 - 2013-06-24 21:14 - 00000000 ____D C:\Program Files\CheckPoint
2013-06-24 17:39 - 2013-06-24 17:40 - 00000000 ____D C:\Program Files\WinRAR
2013-06-22 22:13 - 2013-06-23 13:03 - 00000000 ____D C:\Fraps
2013-06-13 00:09 - 2013-06-13 00:09 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-13 00:03 - 2013-07-05 03:02 - 00024435 ____A C:\Windows\KB2838727-IE8.log
2013-06-12 16:06 - 2013-06-13 00:09 - 00015785 ____A C:\Windows\KB2839229.log
2013-06-09 23:15 - 2013-06-30 18:03 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-06-09 23:07 - 2013-05-02 11:28 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-06-09 23:04 - 2013-06-09 23:05 - 00000000 ____D C:\Program Files\Microsoft Security Client

==================== One Month Modified Files and Folders ========

2013-07-06 21:29 - 2013-07-06 21:29 - 00000000 ____D C:\FRST
2013-07-06 21:09 - 2011-05-26 17:14 - 00001006 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3363229072-3021304974-548893752-1007UA.job
2013-07-06 21:09 - 2011-05-26 17:14 - 00000954 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3363229072-3021304974-548893752-1007Core.job
2013-07-06 20:31 - 2012-03-29 20:20 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-06 15:01 - 2013-03-09 21:10 - 00000000 ____D C:\Program Files\Steam
2013-07-06 14:59 - 2013-07-02 19:34 - 00000292 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3363229072-3021304974-548893752-1007.job
2013-07-06 14:59 - 2005-08-16 06:18 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-07-06 14:58 - 2005-08-16 06:40 - 01252575 ____A C:\Windows\WindowsUpdate.log
2013-07-06 14:58 - 2005-08-16 06:35 - 00000159 ____A C:\Windows\wiadebug.log
2013-07-06 14:58 - 2005-08-16 06:35 - 00000000 ____A C:\Windows\wiaservc.log
2013-07-06 14:57 - 2005-08-16 06:49 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-06 13:01 - 2010-11-06 16:48 - 00524288 ____A C:\Windows\System32\config\ACEEvent.evt
2013-07-06 13:01 - 2005-08-16 06:49 - 00032352 ____A C:\Windows\SchedLgU.Txt
2013-07-06 10:10 - 2012-09-30 17:54 - 00207900 ____A C:\Windows\setupapi.log
2013-07-05 23:38 - 2005-08-16 06:33 - 02997747 ____A C:\Windows\FaxSetup.log
2013-07-05 23:38 - 2005-08-16 06:33 - 01462982 ____A C:\Windows\ocgen.log
2013-07-05 23:38 - 2005-08-16 06:33 - 01363477 ____A C:\Windows\iis6.log
2013-07-05 23:38 - 2005-08-16 06:33 - 01361628 ____A C:\Windows\tsoc.log
2013-07-05 23:38 - 2005-08-16 06:33 - 00966887 ____A C:\Windows\comsetup.log
2013-07-05 23:38 - 2005-08-16 06:33 - 00923446 ____A C:\Windows\msmqinst.log
2013-07-05 23:38 - 2005-08-16 06:33 - 00594975 ____A C:\Windows\ntdtcsetup.log
2013-07-05 23:38 - 2005-08-16 06:33 - 00557092 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-05 23:38 - 2005-08-16 06:33 - 00528172 ____A C:\Windows\netfxocm.log
2013-07-05 23:38 - 2005-08-16 06:33 - 00339113 ____A C:\Windows\MedCtrOC.log
2013-07-05 23:38 - 2005-08-16 06:33 - 00159456 ____A C:\Windows\ocmsn.log
2013-07-05 23:38 - 2005-08-16 06:33 - 00148037 ____A C:\Windows\msgsocm.log
2013-07-05 23:38 - 2005-08-16 06:33 - 00145910 ____A C:\Windows\tabletoc.log
2013-07-05 23:38 - 2005-08-16 06:33 - 00004635 ____A C:\Windows\imsins.log
2013-07-05 23:38 - 2005-08-16 06:22 - 00000000 ____D C:\Windows\System32\inetsrv
2013-07-05 18:27 - 2012-08-10 12:07 - 00000300 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3363229072-3021304974-548893752-1007.job
2013-07-05 03:04 - 2013-07-05 03:04 - 00013049 ____A C:\Windows\KB2485663.log
2013-07-05 03:04 - 2013-07-05 03:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2485663$
2013-07-05 03:04 - 2007-01-25 09:16 - 00000000 ___HD C:\Windows\$hf_mig$
2013-07-05 03:04 - 2005-08-16 06:33 - 00001355 ____A C:\Windows\imsins.BAK
2013-07-05 03:03 - 2009-12-09 11:02 - 00026979 ____A C:\Windows\KB973904.log
2013-07-05 03:03 - 2005-08-16 06:18 - 00001208 ____A C:\Windows\win.ini
2013-07-05 03:02 - 2013-06-13 00:03 - 00024435 ____A C:\Windows\KB2838727-IE8.log
2013-07-05 03:02 - 2005-08-16 06:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-05 03:01 - 2011-04-16 12:33 - 00017101 ____A C:\Windows\KB2510531-IE8.log
2013-07-05 03:01 - 2009-10-28 20:54 - 00000000 ____D C:\Windows\ie8updates
2013-07-05 03:01 - 2005-08-16 23:04 - 00632237 ____A C:\Windows\updspapi.log
2013-07-05 03:00 - 2013-07-05 03:00 - 00007443 ____A C:\Windows\KB923561.log
2013-07-05 03:00 - 2013-07-05 03:00 - 00000000 __HDC C:\Windows\$NtUninstallKB923561$
2013-07-05 02:00 - 2013-04-03 15:19 - 00000356 ____A C:\Windows\Tasks\AdobeAAMUpdater-1.0-KJACOBS-Chris Jacobs.job
2013-07-05 01:13 - 2013-07-01 12:17 - 00000000 ____D C:\Program Files\ESET
2013-07-05 00:59 - 2013-07-05 00:58 - 00005343 ____A C:\AdwCleaner[s1].txt
2013-07-05 00:35 - 2013-07-05 00:35 - 00000000 ____D C:\Windows\ERUNT
2013-07-05 00:34 - 2013-07-05 00:34 - 00000000 ____D C:\JRT
2013-07-04 23:02 - 2011-03-24 10:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2524375$
2013-07-04 23:02 - 2005-08-16 06:22 - 00000000 _SHDC C:\Windows\$NtUninstallKB44159$
2013-07-04 22:31 - 2011-04-20 04:41 - 00001324 ____A C:\Windows\System32\d3d9caps.dat
2013-07-04 22:03 - 2013-07-04 22:02 - 00000000 ____D C:\Program Files\ERUNT
2013-07-04 22:03 - 2012-08-29 21:53 - 00000000 ____D C:\Windows\erdnt
2013-07-04 17:10 - 2012-08-16 22:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-03 23:37 - 2013-07-03 22:30 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-03 22:02 - 2005-08-16 23:10 - 00161704 ___AC C:\Windows\spupdsvc.log
2013-07-03 22:01 - 2008-09-23 21:26 - 00000352 ____A C:\Windows\spupdsvc.log.1.log
2013-07-03 22:01 - 2008-09-23 21:26 - 00000253 ____A C:\Windows\System32\spupdwxp.log
2013-07-03 22:01 - 2005-08-16 06:38 - 00161569 ____A C:\Windows\wmsetup.log
2013-07-03 22:01 - 2005-08-16 06:38 - 00001103 ___AC C:\Windows\DtcInstall.log
2013-07-03 21:54 - 2008-09-12 15:35 - 00731728 ____A C:\Windows\svcpack.log
2013-07-03 21:54 - 2005-08-16 06:22 - 00000000 ____D C:\Windows\security
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\Windows\$NtUninstallKB952954$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\Windows\$NtUninstallKB952287$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\Windows\$NtUninstallKB951748$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\Windows\$NtUninstallKB951698$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\Windows\$NtUninstallKB951376-v2$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\Windows\$NtUninstallKB951376$
2013-07-03 21:21 - 2008-08-23 10:00 - 00218980 ____A C:\Windows\KB952287.log
2013-07-03 21:21 - 2008-08-22 18:52 - 00037915 ____A C:\Windows\KB951072-v2.log
2013-07-03 21:21 - 2008-08-22 18:46 - 00226690 ____A C:\Windows\KB952954.log
2013-07-03 21:21 - 2008-07-09 04:35 - 00223762 ____A C:\Windows\KB951748.log
2013-07-03 21:21 - 2008-06-20 10:00 - 00210916 ____A C:\Windows\KB951376-v2.log
2013-07-03 21:21 - 2008-06-11 10:00 - 00210859 ____A C:\Windows\KB951376.log
2013-07-03 21:21 - 2008-06-10 22:33 - 00222068 ____A C:\Windows\KB951698.log
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\Windows\$NtUninstallKB951066$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\Windows\$NtUninstallKB950974$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\Windows\$NtUninstallKB950762$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\Windows\$NtUninstallKB946648$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\Windows\$NtUninstallKB938464$
2013-07-03 21:20 - 2008-09-10 10:00 - 00212975 ____A C:\Windows\KB938464.log
2013-07-03 21:20 - 2008-08-23 10:01 - 00220427 ____A C:\Windows\KB946648.log
2013-07-03 21:20 - 2008-08-23 10:00 - 00211902 ____A C:\Windows\KB951066.log
2013-07-03 21:20 - 2008-08-22 18:44 - 00225013 ____A C:\Windows\KB950974.log
2013-07-03 21:20 - 2008-06-11 10:00 - 00211215 ____A C:\Windows\KB950762.log
2013-07-03 21:20 - 2005-08-16 06:37 - 00000000 ____D C:\Program Files\Messenger
2013-07-03 21:17 - 2005-08-16 06:36 - 00000573 ___AC C:\Windows\cmsetacl.log
2013-07-03 21:16 - 2005-08-16 06:39 - 00003257 ___AC C:\Windows\sessmgr.setup.log
2013-07-03 21:16 - 2005-08-16 06:37 - 00000000 ____D C:\Program Files\MSN
2013-07-03 21:16 - 2005-08-16 06:22 - 00000000 ____D C:\Windows\Help
2013-07-03 21:15 - 2007-01-25 09:08 - 00000000 ____D C:\Windows\System32\ReinstallBackups
2013-07-02 15:43 - 2011-12-28 22:03 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2013-07-02 13:48 - 2008-09-13 14:37 - 00000000 ____D C:\Program Files\Nancy Drew
2013-07-01 17:14 - 2012-08-13 11:18 - 00001954 ____A C:\Windows\epplauncher.mif
2013-07-01 12:06 - 2007-01-25 09:27 - 00000000 ____D C:\Program Files\Google
2013-07-01 11:42 - 2008-01-30 19:03 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-07-01 02:15 - 2005-08-16 06:38 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-01 01:59 - 2005-08-16 06:27 - 03694712 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-01 01:57 - 2005-08-16 06:22 - 00000000 ____D C:\Windows\Media
2013-07-01 01:56 - 2009-07-05 19:11 - 00186214 ____A C:\Windows\ie8_main.log
2013-07-01 01:49 - 2013-07-01 00:43 - 00000000 __HDC C:\Windows\ie8
2013-07-01 01:49 - 2009-10-28 20:51 - 00350556 ____A C:\Windows\ie8.log
2013-07-01 01:42 - 2013-07-01 01:42 - 00000000 ____D C:\Program Files\Microsoft ActiveSync
2013-07-01 01:42 - 2007-01-25 09:29 - 00000376 ____A C:\Windows\ODBC.INI
2013-07-01 01:41 - 2005-08-16 06:40 - 00000000 ____D C:\Program Files\Common Files\System
2013-07-01 01:38 - 2005-08-16 06:22 - 00000000 ____D C:\Windows\system
2013-07-01 00:45 - 2011-12-14 11:05 - 00019449 ____A C:\Windows\KB2618444-IE8.log
2013-07-01 00:38 - 2013-07-01 00:38 - 00000000 ____D C:\Program Files\Microsoft Download Manager
2013-07-01 00:17 - 2013-07-01 00:17 - 00000000 ____D C:\WINSSLog
2013-07-01 00:07 - 2008-09-09 17:49 - 00000000 ____D C:\Program Files\Windows Live
2013-06-30 23:52 - 2012-08-10 09:51 - 00104792 ____A C:\Windows\ie8Uninst.log
2013-06-30 23:29 - 2013-06-30 23:27 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-06-30 22:19 - 2007-08-15 10:01 - 00000000 __HDC C:\Windows\$NtUninstallKB938828$
2013-06-30 18:13 - 2011-04-17 17:40 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-30 18:03 - 2013-06-09 23:15 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-06-28 12:28 - 2013-06-28 12:26 - 00000000 ____D C:\AVSVideoEditor
2013-06-28 12:27 - 2013-06-28 12:27 - 00000000 ____D C:\Program Files\AVS4YOU
2013-06-28 12:27 - 2013-06-28 12:26 - 00000000 ____D C:\Program Files\Common Files\AVSMedia
2013-06-25 00:13 - 2013-02-17 22:31 - 00065536 ____A C:\Windows\System32\config\OAlerts.evt
2013-06-24 21:14 - 2013-06-24 21:14 - 00000000 ____D C:\Program Files\CheckPoint
2013-06-24 17:40 - 2013-06-24 17:39 - 00000000 ____D C:\Program Files\WinRAR
2013-06-23 13:03 - 2013-06-22 22:13 - 00000000 ____D C:\Fraps
2013-06-15 16:45 - 2008-12-15 20:54 - 00000000 ____A C:\transcoding.log
2013-06-13 17:41 - 2013-03-09 21:10 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-06-13 00:09 - 2013-06-13 00:09 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-13 00:09 - 2013-06-12 16:06 - 00015785 ____A C:\Windows\KB2839229.log
2013-06-13 00:09 - 2005-08-16 06:33 - 00340543 ____A C:\Windows\plusoc.log
2013-06-13 00:09 - 2005-08-16 06:33 - 00164061 ____A C:\Windows\ehOCGen.log
2013-06-13 00:05 - 2011-04-18 07:21 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 16:31 - 2012-03-29 20:20 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 16:31 - 2011-06-22 17:55 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-09 23:05 - 2013-06-09 23:04 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-06-07 10:14 - 2007-01-31 14:25 - 00069868 ____A C:\Windows\DirectX.log

Files to move or delete:
====================
C:\Users\public\MyWebTattoo.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-07-2013
Ran by Chris Jacobs at 2013-07-06 21:30:45
Running from C:\Documents and Settings\Chris Jacobs\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

Adobe AIR (Version: 2.7.1.19610)
Adobe Community Help (Version: 3.5.23)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Photoshop CS6 (Version: 13.0)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 11.6 (Version: 11.6.6.636)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft Print Creations (Version: 2.8.255.384)
ATI Catalyst Install Manager (Version: 3.0.795.0)
ATI Catalyst Registration (Version: 3.00.0000)
ATI Parental Control & Encoder (Version: 3.0)
AVS Video Editor 6 (Version: 6.3.3.235)
BioShock (Version: 2.5.0000)
Black's Digital Solution Studio (Version: 2.6.8.704)
Bonjour (Version: 3.0.0.10)
Canon Camera Access Library (Version: 8.2.0.1)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.3.0.11)
Canon Easy-PhotoPrint EX
Canon Easy-PhotoPrint Pro
Canon Easy-WebPrint EX
Canon G.726 WMP-Decoder (Version: 1.0.1.3)
Canon MG6100 series MP Drivers
Canon MOV Decoder (Version: 1.8.0.7)
Canon MOV Encoder (Version: 1.6.0.1)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.7.0.4)
Canon MP Navigator EX 4.0
Canon My Printer
Canon RAW Image Task for ZoomBrowser EX (Version: 2.4.0.7)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.6.0.9)
Canon Solution Menu EX
Canon Utilities Digital Photo Professional 3.10 (Version: 3.10.2.0)
Canon Utilities EOS Sample Music (Version: 1.0.0.204)
Canon Utilities EOS Utility (Version: 2.10.2.0)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (Version: 1.0.0.10)
Canon Utilities Movie Uploader for YouTube (Version: 1.2.0.7)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities Picture Style Editor (Version: 1.9.0.0)
Canon Utilities ZoomBrowser EX (Version: 6.7.0.24)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.5.0.9)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.0910.2122.36517)
Catalyst Control Center InstallProxy (Version: 2010.0910.2122.36517)
CCC Help English (Version: 2010.0910.2121.36517)
ccc-core-static (Version: 2010.0910.2122.36517)
ccc-utility (Version: 2010.0910.2122.36517)
CCScore (Version: 7.00.0000.0001)
Clone Wars
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Critical Update for Windows Media Player 11 (KB959772)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell CinePlayer (Version: 3.0)
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Support 3.2.1 (Version: 5.5.2087)
Dell System Restore (Version: 2.00.0000)
DivX Web Player (Version: 1.4.3)
DVD-MovieAlbumSE 3 for DVDCAM
EPSON Printer Software
ERUNT 1.1j
ESET NOD32 Antivirus (Version: 6.0.316.0)
ESET Online Scanner v3
ESPNMotion (Version: 2.1.6.0011)
ESSBrwr (Version: 8.00.0000.0001)
ESSCDBK (Version: 8.00.0000.0001)
ESSgui (Version: 8.00.0000.0001)
ESSini (Version: 8.00.0000.0001)
ESSPCD (Version: 7.01.0000.0001)
ESSTOOLS (Version: 5.00.0000.0004)
Europa Universalis III
EZface ActiveX 210 (Version: 2.1.0)
Fraps (remove only)
Google Talk Plugin (Version: 2.1.8.0)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Graboid Video 3.05 (Version: 3.05)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
Intel® Matrix Storage Manager
Intel® PRO Network Connections (Version: )
InterActual Player
iTunes (Version: 11.0.2.26)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java 6 Update 33 (Version: 6.0.330)
KEDDS (Version: 1.04.0000.0005)
kgcbaby (Version: 5.03.0000.0002)
kgchday (Version: 5.03.0000.0002)
kgchlwn (Version: 5.03.0000.0002)
kgcinvt (Version: 5.03.0000.0003)
kgckids (Version: 6.03.0001.0001)
kgcmove (Version: 6.03.0001.0001)
kgcvday (Version: 5.03.0000.0002)
Logitech Gaming Software (Version: 4.40)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Managed DirectX (0900) (Version: 4.09.00.0900)
MCU (Version: 1.00.0000)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Download Manager (Version: 1.2.1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.6029.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works 6-9 Converter (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
MobileMe Control Panel (Version: 3.1.5.0)
Move Networks Media Player for Internet Explorer
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSN
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.00.3883.8)
Musicnotes Player
Musicnotes Software Suite 1.0 (Version: 1.1)
Nancy Drew: The Captive Curse (Version: 8.0.0.30162)
Nancy Drew: The Curse of Blackmoor Manor
netbrdg (Version: 7.01.0000.0001)
On2 VP3 Video for Windows Codec
Origin (Version: 8.2.2.2413)
Otto
PDF Settings CS6 (Version: 11.0)
Picasa 3 (Version: 3.9)
Picture Package Music Transfer (Version: 1.1.00.11270)
PSE10 STI Installer (Version: 10.0)
PunkBuster Services (Version: 0.986)
QuickTax 2006
QuickTax 2007 (Version: 1.00.0000)
QuickTax 2008 (Version: 1.00.0000)
QuickTax 2009 (Version: 1.00.0000)
QuickTime (Version: 7.73.80.64)
QuickTime for Windows (32-bit)
Race Day Demo Version
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.6)
RealUpgrade 1.1 (Version: 1.1.0)
RPS CRT (Version: 7.0.28)
Samsung Media Studio
SecondLife (remove only)
SHASTA (Version: 7.01.0000.0001)
Sibelius Scorch (ActiveX Only) (Version: 5.2.1)
Sid Meier's Civilization V
skin0001 (Version: 8.00.0000.0001)
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.3 (Version: 6.3.105)
Smart Menus (Windows Live Toolbar) (Version: 03.01.0146)
Sonic Activation Module (Version: 1.0)
Sonic Encoders (Version: 1.00)
Sony Picture Utility (Version: 3.0.01.12110)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
staticcr (Version: 8.00.0000.0001)
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
TeamViewer 5 (Version: 5.1.10408 )
The Sims™ 3 (Version: 1.42.130)
The Sims™ 3 Ambitions (Version: 4.10.1)
The Sims™ 3 Late Night (Version: 6.0.81)
Tiger Woods PGA TOUR 2004
Torch (HKCU Version: 25.0.0.3646)
TurboTax 2010 (Version: 1.00.0000)
TurboTax 2011 (Version: 1.00.0000)
TurboTax 2012 (Version: 1.00.0000)
UltimateGamesBar
Unity Web Player (HKCU Version: 2.6.1f3_31223)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
VisualBee for Microsoft PowerPoint (HKCU Version: V3.6)
VLC media player 2.0.7 (Version: 2.0.7)
VoiceOver Kit (Version: 1.42.128.0)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Mail
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]
Windows PowerShell 1.0 (Version: 1)
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
WIRELESS (Version: 7.02.0000.0001)
YP-U1 (Version: )
ZoneAlarm Free Firewall (Version: 10.2.078.000)

==================== Restore Points  =========================

==================== Hosts content: ==========================

2005-08-16 06:18 - 2012-08-29 22:10 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-KJACOBS-Chris Jacobs.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3363229072-3021304974-548893752-1007Core.job => C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3363229072-3021304974-548893752-1007UA.job => C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3363229072-3021304974-548893752-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3363229072-3021304974-548893752-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/06/2013 03:02:41 PM) (Source: Application Error) (User: )
Description: Faulting application civilizationv.exe, version 1.0.2.44, faulting module msvcr90.dll, version 9.0.30729.6161, fault address 0x0005beae.
Processing media-specific event for [civilizationv.exe!ws!]

Error: (07/06/2013 02:58:46 PM) (Source: Media Center Extender Services) (User: )
Description: ERROR: Device Service Listener - UDP networking failed. Error code 0x80072742.

Error: (07/06/2013 02:58:03 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (07/06/2013 11:37:35 AM) (Source: Media Center Extender Services) (User: )
Description: ERROR: Device Service Listener - UDP networking failed. Error code 0x80072742.

Error: (07/06/2013 11:37:26 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (07/06/2013 10:03:59 AM) (Source: Application Error) (User: )
Description: Faulting application civilizationv.exe, version 1.0.2.44, faulting module msvcr90.dll, version 9.0.30729.6161, fault address 0x0005beae.
Processing media-specific event for [civilizationv.exe!ws!]

Error: (07/06/2013 09:00:50 AM) (Source: Application Error) (User: )
Description: Faulting application civilizationv.exe, version 1.0.2.44, faulting module msvcr90.dll, version 9.0.30729.6161, fault address 0x0005beae.
Processing media-specific event for [civilizationv.exe!ws!]

Error: (07/06/2013 08:56:16 AM) (Source: Media Center Extender Services) (User: )
Description: ERROR: Device Service Listener - UDP networking failed. Error code 0x80072742.

Error: (07/06/2013 08:56:04 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (07/05/2013 11:14:51 PM) (Source: Media Center Extender Services) (User: )
Description: ERROR: Device Service Listener - UDP networking failed. Error code 0x80072742.

System errors:
=============
Error: (07/06/2013 09:29:48 PM) (Source: Service Control Manager) (User: )
Description: The AFD service failed to start due to the following error:
%%2001

Error: (07/06/2013 05:57:01 PM) (Source: Service Control Manager) (User: )
Description: The AFD service failed to start due to the following error:
%%2001

Error: (07/06/2013 11:37:42 AM) (Source: Service Control Manager) (User: )
Description: The 5576 service failed to start due to the following error:
%%2

Error: (07/06/2013 10:09:30 AM) (Source: Service Control Manager) (User: )
Description: The AFD service failed to start due to the following error:
%%2001

Error: (07/06/2013 10:09:30 AM) (Source: Service Control Manager) (User: )
Description: The AFD service failed to start due to the following error:
%%2001

Error: (07/06/2013 10:09:30 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error:
%%2001

Error: (07/06/2013 10:09:30 AM) (Source: Service Control Manager) (User: )
Description: The AFD service failed to start due to the following error:
%%2001

Error: (07/06/2013 10:09:30 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error:
%%2001

Error: (07/06/2013 10:09:30 AM) (Source: Service Control Manager) (User: )
Description: The AFD service failed to start due to the following error:
%%2001

Error: (07/06/2013 10:03:21 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error:
%%2001

Microsoft Office Sessions:
=========================
Error: (07/06/2013 03:02:41 PM) (Source: Application Error)(User: )
Description: civilizationv.exe1.0.2.44msvcr90.dll9.0.30729.61610005beae

Error: (07/06/2013 02:58:46 PM) (Source: Media Center Extender Services)(User: )
Description: UDP0x80072742

Error: (07/06/2013 02:58:03 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (07/06/2013 11:37:35 AM) (Source: Media Center Extender Services)(User: )
Description: UDP0x80072742

Error: (07/06/2013 11:37:26 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (07/06/2013 10:03:59 AM) (Source: Application Error)(User: )
Description: civilizationv.exe1.0.2.44msvcr90.dll9.0.30729.61610005beae

Error: (07/06/2013 09:00:50 AM) (Source: Application Error)(User: )
Description: civilizationv.exe1.0.2.44msvcr90.dll9.0.30729.61610005beae

Error: (07/06/2013 08:56:16 AM) (Source: Media Center Extender Services)(User: )
Description: UDP0x80072742

Error: (07/06/2013 08:56:04 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (07/05/2013 11:14:51 PM) (Source: Media Center Extender Services)(User: )
Description: UDP0x80072742

==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 2045.85 MB
Available physical RAM: 1215.72 MB
Total Pagefile: 3938.29 MB
Available Pagefile: 3154.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:293.4 GB) (Free:93.44 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: (KINGSTON) (Removable) (Total:3.73 GB) (Free:3.64 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: E686F016)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5 GB) - (Type=DB)

========================================================
Disk: 5 (Size: 4 GB) (Disk ID: 21285866)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.

fixlist.txt

Link to post
Share on other sites

I downloaded the fixlist and reran FRST selecting fix. Below is the fixlog. I was prompted to restart the computer which I have done

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-07-2013
Ran by Chris Jacobs at 2013-07-06 21:30:45
Running from C:\Documents and Settings\Chris Jacobs\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

Adobe AIR (Version: 2.7.1.19610)
Adobe Community Help (Version: 3.5.23)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Photoshop CS6 (Version: 13.0)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 11.6 (Version: 11.6.6.636)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft Print Creations (Version: 2.8.255.384)
ATI Catalyst Install Manager (Version: 3.0.795.0)
ATI Catalyst Registration (Version: 3.00.0000)
ATI Parental Control & Encoder (Version: 3.0)
AVS Video Editor 6 (Version: 6.3.3.235)
BioShock (Version: 2.5.0000)
Black's Digital Solution Studio (Version: 2.6.8.704)
Bonjour (Version: 3.0.0.10)
Canon Camera Access Library (Version: 8.2.0.1)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.3.0.11)
Canon Easy-PhotoPrint EX
Canon Easy-PhotoPrint Pro
Canon Easy-WebPrint EX
Canon G.726 WMP-Decoder (Version: 1.0.1.3)
Canon MG6100 series MP Drivers
Canon MOV Decoder (Version: 1.8.0.7)
Canon MOV Encoder (Version: 1.6.0.1)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.7.0.4)
Canon MP Navigator EX 4.0
Canon My Printer
Canon RAW Image Task for ZoomBrowser EX (Version: 2.4.0.7)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.6.0.9)
Canon Solution Menu EX
Canon Utilities Digital Photo Professional 3.10 (Version: 3.10.2.0)
Canon Utilities EOS Sample Music (Version: 1.0.0.204)
Canon Utilities EOS Utility (Version: 2.10.2.0)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (Version: 1.0.0.10)
Canon Utilities Movie Uploader for YouTube (Version: 1.2.0.7)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities Picture Style Editor (Version: 1.9.0.0)
Canon Utilities ZoomBrowser EX (Version: 6.7.0.24)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.5.0.9)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.0910.2122.36517)
Catalyst Control Center InstallProxy (Version: 2010.0910.2122.36517)
CCC Help English (Version: 2010.0910.2121.36517)
ccc-core-static (Version: 2010.0910.2122.36517)
ccc-utility (Version: 2010.0910.2122.36517)
CCScore (Version: 7.00.0000.0001)
Clone Wars
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Critical Update for Windows Media Player 11 (KB959772)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell CinePlayer (Version: 3.0)
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Support 3.2.1 (Version: 5.5.2087)
Dell System Restore (Version: 2.00.0000)
DivX Web Player (Version: 1.4.3)
DVD-MovieAlbumSE 3 for DVDCAM
EPSON Printer Software
ERUNT 1.1j
ESET NOD32 Antivirus (Version: 6.0.316.0)
ESET Online Scanner v3
ESPNMotion (Version: 2.1.6.0011)
ESSBrwr (Version: 8.00.0000.0001)
ESSCDBK (Version: 8.00.0000.0001)
ESSgui (Version: 8.00.0000.0001)
ESSini (Version: 8.00.0000.0001)
ESSPCD (Version: 7.01.0000.0001)
ESSTOOLS (Version: 5.00.0000.0004)
Europa Universalis III
EZface ActiveX 210 (Version: 2.1.0)
Fraps (remove only)
Google Talk Plugin (Version: 2.1.8.0)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Graboid Video 3.05 (Version: 3.05)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
Intel® Matrix Storage Manager
Intel® PRO Network Connections (Version: )
InterActual Player
iTunes (Version: 11.0.2.26)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java 6 Update 33 (Version: 6.0.330)
KEDDS (Version: 1.04.0000.0005)
kgcbaby (Version: 5.03.0000.0002)
kgchday (Version: 5.03.0000.0002)
kgchlwn (Version: 5.03.0000.0002)
kgcinvt (Version: 5.03.0000.0003)
kgckids (Version: 6.03.0001.0001)
kgcmove (Version: 6.03.0001.0001)
kgcvday (Version: 5.03.0000.0002)
Logitech Gaming Software (Version: 4.40)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Managed DirectX (0900) (Version: 4.09.00.0900)
MCU (Version: 1.00.0000)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Download Manager (Version: 1.2.1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.6029.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works 6-9 Converter (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
MobileMe Control Panel (Version: 3.1.5.0)
Move Networks Media Player for Internet Explorer
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSN
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.00.3883.8)
Musicnotes Player
Musicnotes Software Suite 1.0 (Version: 1.1)
Nancy Drew: The Captive Curse (Version: 8.0.0.30162)
Nancy Drew: The Curse of Blackmoor Manor
netbrdg (Version: 7.01.0000.0001)
On2 VP3 Video for Windows Codec
Origin (Version: 8.2.2.2413)
Otto
PDF Settings CS6 (Version: 11.0)
Picasa 3 (Version: 3.9)
Picture Package Music Transfer (Version: 1.1.00.11270)
PSE10 STI Installer (Version: 10.0)
PunkBuster Services (Version: 0.986)
QuickTax 2006
QuickTax 2007 (Version: 1.00.0000)
QuickTax 2008 (Version: 1.00.0000)
QuickTax 2009 (Version: 1.00.0000)
QuickTime (Version: 7.73.80.64)
QuickTime for Windows (32-bit)
Race Day Demo Version
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.6)
RealUpgrade 1.1 (Version: 1.1.0)
RPS CRT (Version: 7.0.28)
Samsung Media Studio
SecondLife (remove only)
SHASTA (Version: 7.01.0000.0001)
Sibelius Scorch (ActiveX Only) (Version: 5.2.1)
Sid Meier's Civilization V
skin0001 (Version: 8.00.0000.0001)
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.3 (Version: 6.3.105)
Smart Menus (Windows Live Toolbar) (Version: 03.01.0146)
Sonic Activation Module (Version: 1.0)
Sonic Encoders (Version: 1.00)
Sony Picture Utility (Version: 3.0.01.12110)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
staticcr (Version: 8.00.0000.0001)
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
TeamViewer 5 (Version: 5.1.10408 )
The Sims™ 3 (Version: 1.42.130)
The Sims™ 3 Ambitions (Version: 4.10.1)
The Sims™ 3 Late Night (Version: 6.0.81)
Tiger Woods PGA TOUR 2004
Torch (HKCU Version: 25.0.0.3646)
TurboTax 2010 (Version: 1.00.0000)
TurboTax 2011 (Version: 1.00.0000)
TurboTax 2012 (Version: 1.00.0000)
UltimateGamesBar
Unity Web Player (HKCU Version: 2.6.1f3_31223)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
VisualBee for Microsoft PowerPoint (HKCU Version: V3.6)
VLC media player 2.0.7 (Version: 2.0.7)
VoiceOver Kit (Version: 1.42.128.0)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Mail
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]
Windows PowerShell 1.0 (Version: 1)
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
WIRELESS (Version: 7.02.0000.0001)
YP-U1 (Version: )
ZoneAlarm Free Firewall (Version: 10.2.078.000)

==================== Restore Points  =========================

==================== Hosts content: ==========================

2005-08-16 06:18 - 2012-08-29 22:10 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-KJACOBS-Chris Jacobs.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3363229072-3021304974-548893752-1007Core.job => C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3363229072-3021304974-548893752-1007UA.job => C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3363229072-3021304974-548893752-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3363229072-3021304974-548893752-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/06/2013 03:02:41 PM) (Source: Application Error) (User: )
Description: Faulting application civilizationv.exe, version 1.0.2.44, faulting module msvcr90.dll, version 9.0.30729.6161, fault address 0x0005beae.
Processing media-specific event for [civilizationv.exe!ws!]

Error: (07/06/2013 02:58:46 PM) (Source: Media Center Extender Services) (User: )
Description: ERROR: Device Service Listener - UDP networking failed. Error code 0x80072742.

Error: (07/06/2013 02:58:03 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (07/06/2013 11:37:35 AM) (Source: Media Center Extender Services) (User: )
Description: ERROR: Device Service Listener - UDP networking failed. Error code 0x80072742.

Error: (07/06/2013 11:37:26 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (07/06/2013 10:03:59 AM) (Source: Application Error) (User: )
Description: Faulting application civilizationv.exe, version 1.0.2.44, faulting module msvcr90.dll, version 9.0.30729.6161, fault address 0x0005beae.
Processing media-specific event for [civilizationv.exe!ws!]

Error: (07/06/2013 09:00:50 AM) (Source: Application Error) (User: )
Description: Faulting application civilizationv.exe, version 1.0.2.44, faulting module msvcr90.dll, version 9.0.30729.6161, fault address 0x0005beae.
Processing media-specific event for [civilizationv.exe!ws!]

Error: (07/06/2013 08:56:16 AM) (Source: Media Center Extender Services) (User: )
Description: ERROR: Device Service Listener - UDP networking failed. Error code 0x80072742.

Error: (07/06/2013 08:56:04 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (07/05/2013 11:14:51 PM) (Source: Media Center Extender Services) (User: )
Description: ERROR: Device Service Listener - UDP networking failed. Error code 0x80072742.

System errors:
=============
Error: (07/06/2013 09:29:48 PM) (Source: Service Control Manager) (User: )
Description: The AFD service failed to start due to the following error:
%%2001

Error: (07/06/2013 05:57:01 PM) (Source: Service Control Manager) (User: )
Description: The AFD service failed to start due to the following error:
%%2001

Error: (07/06/2013 11:37:42 AM) (Source: Service Control Manager) (User: )
Description: The 5576 service failed to start due to the following error:
%%2

Error: (07/06/2013 10:09:30 AM) (Source: Service Control Manager) (User: )
Description: The AFD service failed to start due to the following error:
%%2001

Error: (07/06/2013 10:09:30 AM) (Source: Service Control Manager) (User: )
Description: The AFD service failed to start due to the following error:
%%2001

Error: (07/06/2013 10:09:30 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error:
%%2001

Error: (07/06/2013 10:09:30 AM) (Source: Service Control Manager) (User: )
Description: The AFD service failed to start due to the following error:
%%2001

Error: (07/06/2013 10:09:30 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error:
%%2001

Error: (07/06/2013 10:09:30 AM) (Source: Service Control Manager) (User: )
Description: The AFD service failed to start due to the following error:
%%2001

Error: (07/06/2013 10:03:21 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error:
%%2001

Microsoft Office Sessions:
=========================
Error: (07/06/2013 03:02:41 PM) (Source: Application Error)(User: )
Description: civilizationv.exe1.0.2.44msvcr90.dll9.0.30729.61610005beae

Error: (07/06/2013 02:58:46 PM) (Source: Media Center Extender Services)(User: )
Description: UDP0x80072742

Error: (07/06/2013 02:58:03 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (07/06/2013 11:37:35 AM) (Source: Media Center Extender Services)(User: )
Description: UDP0x80072742

Error: (07/06/2013 11:37:26 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (07/06/2013 10:03:59 AM) (Source: Application Error)(User: )
Description: civilizationv.exe1.0.2.44msvcr90.dll9.0.30729.61610005beae

Error: (07/06/2013 09:00:50 AM) (Source: Application Error)(User: )
Description: civilizationv.exe1.0.2.44msvcr90.dll9.0.30729.61610005beae

Error: (07/06/2013 08:56:16 AM) (Source: Media Center Extender Services)(User: )
Description: UDP0x80072742

Error: (07/06/2013 08:56:04 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (07/05/2013 11:14:51 PM) (Source: Media Center Extender Services)(User: )
Description: UDP0x80072742

==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 2045.85 MB
Available physical RAM: 1215.72 MB
Total Pagefile: 3938.29 MB
Available Pagefile: 3154.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:293.4 GB) (Free:93.44 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: (KINGSTON) (Removable) (Total:3.73 GB) (Free:3.64 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: E686F016)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5 GB) - (Type=DB)

========================================================
Disk: 5 (Size: 4 GB) (Disk ID: 21285866)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

Link to post
Share on other sites

After restart continue to get message that there is a Personal Firewall Problem (Error occurred while starting proxy server. Analysis of application protocols (POP3, HTTP) will not function.  There is also a new icon in the startup that looks like a building with a flag. When I mouse over it, it says PC at risk. 

Link to post
Share on other sites

Sorry I pasted the wrong file in my earlier post. Here is the result of the Fix.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-07-2013
Ran by Chris Jacobs at 2013-07-07 08:48:45 Run:1
Running from C:\Documents and Settings\Chris Jacobs\Desktop
Boot Mode: Normal

==============================================

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19c672d9-54c1-4416-aa7a-696185cb77f6} => Key deleted successfully.
HKCR\CLSID\{19c672d9-54c1-4416-aa7a-696185cb77f6} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f599d514-765f-43c8-9347-cb54ba40073f} => Key deleted successfully.
HKCR\CLSID\{f599d514-765f-43c8-9347-cb54ba40073f} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5 entry 000000000003\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
C:\AdwCleaner[s1].txt => Moved successfully.
C:\JRT => Moved successfully.
C:\Windows\000001_.tmp => Moved successfully.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\DbgHelp.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Drivers" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\EppManifest.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\LegitLib.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\mpevmsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpOAv.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpEng.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\msseces.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsseWat.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Setup.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SetupRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\shellext.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SqmApi.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SymSrv.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SymSrv.yes" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.

The system needs a manual reboot.

==== End of Fixlog ====

Link to post
Share on other sites

  • Root Admin

Please restart the computer now and run the following.

 

Please visit this webpage for instructions on downloading and running ComboFix: How to use ComboFix

Please make sure you disable your security applications before running ComboFix.

Once Combofix has completed it will produce and open a log file.  Please attach that log file to your next reply.
If needed the file can be located here:  C:\combofix.txt

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
 

Link to post
Share on other sites

Hi. I started to run ComboFix, but forgot that Windows Security Essentials was running. It had been disable previously. Now Combo Fix has alerted me that Security Essentials is active and I should disable it before continuing. I don't seem to be able to disable it. I have gone to Windows Security Centre and it won't let me turn off the virus protection. I have tried to open Windows Security Essentials, but it will not open. The warning from Combo Fix asks me to disable before clicking OK. There is not an option to cancel. Should I click OK to proceed with ComboFix or should I do something else.

Link to post
Share on other sites

I will rerun it now. We had a major power failure yesterday. Power was off for close to 24 hours. When I started the computer I received a message that Security Essentials isn't monitoring my PC because the program's service stopped. It indicated I should restart the program by pressing "Start Now". I did not as I wasn't certain it was really Windows Security Essential.

 

I proceeded to run ComboFix. Receive a Windows Application Error (0x0050005c referenced at memory 0x0050005c). I thought I disabled Windows Security Essentials, but received the message that it was running. I am now running the combofix. Program prompted a restart.  Here is the ComboFix log. 

 

Computer continues to show limited or no connectivity and that no firewall is enabled.

 

ComboFix 13-07-07.01 - Chris Jacobs 09/07/2013  22:39:09.2.2 - x86
Running from: c:\documents and settings\Chris Jacobs\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}s AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Chris Jacobs\Local Settings\Application Data\assembly\tmp
c:\windows\system32\frapsvid.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_5576
-------\Legacy_5709
-------\Service_5576
-------\Service_5709
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-10 to 2013-07-10  )))))))))))))))))))))))))))))))
.
.
2013-07-07 01:29 . 2013-07-07 12:49 -------- d-----w- C:\FRST
2013-07-05 04:35 . 2013-07-05 04:35 -------- d-----w- c:\windows\ERUNT
2013-07-05 02:02 . 2013-07-05 02:03 -------- d-----w- c:\program files\ERUNT
2013-07-04 01:56 . 2013-07-04 01:56 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2013-07-04 01:16 . 2008-04-14 09:41 81920 ------w- c:\windows\system32\ieencode.dll
2013-07-04 01:16 . 2007-04-03 04:12 1327320 ------w- c:\program files\MSN\msncorefiles\install\msnsusii.exe
2013-07-04 01:16 . 2007-04-03 04:04 884712 ------w- c:\program files\MSN\msncorefiles\install\msn9components\digcore.exe
2013-07-04 01:16 . 2008-04-14 09:40 966656 ------w- c:\program files\MSN\msncorefiles\oobe\obemetal.dll
2013-07-04 01:16 . 2008-04-14 09:40 86016 ------w- c:\program files\MSN\msncorefiles\oobe\obepopc.dll
2013-07-04 01:16 . 2008-04-14 09:40 229376 ------w- c:\program files\MSN\msncorefiles\oobe\obelog.dll
2013-07-04 01:16 . 2007-04-03 04:14 77824 ------w- c:\program files\MSN\msncorefiles\oobe\obemtllc.dll
2013-07-04 01:16 . 2007-04-03 04:09 11053008 ------w- c:\program files\MSN\msncorefiles\install\msn9components\msncli.exe
2013-07-01 16:54 . 2013-07-01 16:54 -------- d-----w- c:\documents and settings\Chris Jacobs\Local Settings\Application Data\ESET
2013-07-01 16:17 . 2013-07-05 05:13 -------- d-----w- c:\program files\ESET
2013-07-01 16:17 . 2013-07-01 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2013-07-01 05:42 . 2013-07-01 05:42 -------- d-----w- c:\program files\Microsoft ActiveSync
2013-07-01 04:43 . 2013-07-01 05:49 -------- dc-h--w- c:\windows\ie8
2013-07-01 04:38 . 2013-07-01 04:38 -------- d-----w- c:\program files\Microsoft Download Manager
2013-07-01 04:17 . 2013-07-01 04:17 -------- d-----w- C:\WINSSLog
2013-07-01 03:27 . 2013-07-01 03:29 -------- d--h--w- c:\windows\msdownld.tmp
2013-06-28 16:28 . 2013-06-28 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2013-06-28 16:28 . 2013-06-28 16:28 -------- d-----w- c:\documents and settings\Chris Jacobs\Application Data\AVS4YOU
2013-06-28 16:27 . 2013-06-28 16:27 -------- d-----w- c:\program files\AVS4YOU
2013-06-28 16:26 . 2013-06-28 16:27 -------- d-----w- c:\program files\Common Files\AVSMedia
2013-06-28 16:26 . 2011-06-23 17:26 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2013-06-28 16:26 . 2013-06-28 16:28 -------- d-----w- C:\AVSVideoEditor
2013-06-28 14:03 . 2013-06-28 14:04 -------- d-----w- c:\documents and settings\Chris Jacobs\Application Data\.technic
2013-06-28 13:27 . 2013-06-12 04:18 7068072 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF0B931E-3306-4452-A5C1-FD27BD249E02}\mpengine.dll
2013-06-27 12:34 . 2013-06-12 04:18 7068072 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-25 01:32 . 2013-07-10 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\TorchCrashHandler
2013-06-25 01:31 . 2013-07-05 04:36 -------- d-----w- c:\documents and settings\Chris Jacobs\Local Settings\Application Data\Torch
2013-06-25 01:14 . 2013-06-25 01:14 -------- d-----w- c:\program files\CheckPoint
2013-06-23 02:13 . 2013-06-23 17:03 -------- d-----w- C:\Fraps
2013-06-10 03:07 . 2013-05-02 15:28 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-06-10 03:04 . 2013-06-10 03:05 -------- d-----w- c:\program files\Microsoft Security Client
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 20:31 . 2012-03-30 00:20 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 20:31 . 2011-06-22 21:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:30 . 2005-08-16 10:18 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30 . 2005-08-16 10:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30 . 2005-08-16 10:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2005-08-16 10:18 385024 ----a-w- c:\windows\system32\html.iec
2013-05-03 01:30 . 2005-08-16 10:18 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2004-08-04 04:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2013-06-06 1641896]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18672232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-11 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"YeppStudioAgent"="c:\program files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-09-12 40960]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-08-10 296096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 5078504]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe  /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [10/01/2013 3:08 PM 122240]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10/01/2013 3:08 PM 105784]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21/03/2013 3:19 PM 1341664]
R2 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [14/05/2009 1:21 PM 98304]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [30/06/2013 6:12 PM 418376]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [14/05/2013 1:26 PM 3289208]
R2 TorchCrashHandler;Torch Crash Handler;c:\documents and settings\Chris Jacobs\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe [20/06/2013 9:54 AM 1205088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17/04/2011 5:40 PM 22856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17/04/2011 5:40 PM 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28/02/2013 7:09 PM 161384]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 1:37 PM 517096]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - NDISRD
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 20:31]
.
2013-07-05 c:\windows\Tasks\AdobeAAMUpdater-1.0-KJACOBS-Chris Jacobs.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2013-03-21 09:10]
.
2013-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3363229072-3021304974-548893752-1007Core.job
- c:\documents and settings\Chris Jacobs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-26 03:03]
.
2013-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3363229072-3021304974-548893752-1007UA.job
- c:\documents and settings\Chris Jacobs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-26 03:03]
.
2013-06-30 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 15:11]
.
2013-07-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3363229072-3021304974-548893752-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
2013-07-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3363229072-3021304974-548893752-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
Trusted Zone: brassring.com\sjobs
Trusted Zone: freerealms.com
Trusted Zone: microsoft.com\www.update
Trusted Zone: plaxo.com\www
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 208.67.222.222 208.67.222.220
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\TurboTax 2011\ic2011pp.dll
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - c:\program files\TurboTax 2012\ic2012pp.dll
FF - ProfilePath - c:\documents and settings\Chris Jacobs\Application Data\Mozilla\Firefox\Profiles\kxgn1snm.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
SafeBoot-58104361.sys
SafeBoot-MsMpSvc
AddRemove-Torch - c:\documents and settings\Chris Jacobs\Local Settings\Application Data\Torch\uninstall.exe
AddRemove-VisualBee for Microsoft PowerPoint - c:\documents and settings\Chris Jacobs\Local Settings\Application Data\VisualBeeExe\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-09 22:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3363229072-3021304974-548893752-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4f,f0,c1,db,95,ae,f7,27,e6,fd,32,e9,60,e2,5b,b8,5f,69,ea,fc,89,b2,63,
   2e,86,7f,1b,b8,ab,0c,79,d0,10,1a,57,f7,17,63,82,ca,0a,18,3c,46,e5,44,88,54,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_USERS\S-1-5-21-3363229072-3021304974-548893752-1007\Software\SecuROM\License information*]
"datasecu"=hex:8d,fc,6d,66,69,bd,ae,84,4a,b8,0d,af,93,16,c7,41,0e,17,47,01,47,
   7f,06,f5,97,0d,b3,c0,3d,2d,51,55,53,7e,2f,58,4e,1f,07,c5,af,97,b6,44,ac,ab,\
"rkeysecu"=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2700)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\stsystra.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Desktop Search\WindowsSearch.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2013-07-09  23:05:51 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-10 03:05
.
Pre-Run: 100,160,843,776 bytes free
Post-Run: 104,274,649,088 bytes free
.
- - End Of File - - F2A5F6807FAF003DC39C4DE44BBA7704
5CB90281D1A59B251F6603134774EEC3
Link to post
Share on other sites

  • Root Admin

That looks good. Combofix was able to remove some items.  Please run the following now.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.