Jump to content

alison2011

Honorary Members
  • Posts

    192
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    london uk
  • Interests
    facebook, fixing my computer until is ultra clean and ultra safe from infections hackers etc, feeding my cat and fussing him. like martina cole books.
  1. my signature is there because if you look through this thread you will see many questions i never got answers to and i never requested immediate support! my signature is merely a suggestion not an order!
  2. i now recall that the microsoft fix it program would not work because the windows desktop search was active so that is a current problem heuristic analysis still doesn't complete the scan in mbam scan, but no infections detected even if it did you still haven't explained to me how to access the clipboard to attach it to here i had problems finding the clipboard after i managed about a week ago to attach a scan log on to the clipboard have asked you previously to explain how i access the clipboard but you must have missed that question along with am i safe to install avast av free edition? i have gone ahead and installed avast! on the first installation scan it detected this: C:\program files\toshiba\toshiba applet\thotkey.exe severity: High Threat: win32:Malware-gen Action: Move to chest Result: green tick i am now running a scan where upon it reboots and scans all files etc before opening windows. It has found this: File C:\System Volume Information\_restore{7953D9EF-F7E4-41B1-AB0F-E8D629863461}\RP1026\A0224227.exe is infected by win32:Malware-gen i have clicked on option 2 to fix all automatically and it has been moved to chest. Now waiting for the rest of the scan to complete. i am sorry that i haven't waited for your say so in doing this Ron, but i have now sold this system and am posting it to the buyer on Monday around 12pm GMT (uk) i need to make sure the system has a solid AV on it and also to make sure all infections are gone! i have purposely not warned you of me having sold this system as i didn't want you to be pressured or rushed in helping me - if push comes to shove i will remove all of the programs i have installed since receiving your help like javaJRT FRST etc etc before sending to my buyer. All seems ok on the system except of course the mbam scanner not completing and not being able to run the microsoft fix it program due to not being able to uninstall the windows desktop search if you are able to help me fix both of these things within 36hrs then that would be great if not then i would like to thank you for all your help you have given me in getting this system as clean as your knowledge allowed
  3. ONLY the not being able to uninstall windows desktop search so i can do the fix windows desktop search direction! I would really like to know if i am safe to install Avast AV free edition? I will check if the mbam scanner will now complete and get back to you asap Ron
  4. i actually removed all avg files before the combo fix so they shouldn't be showing in my next logs
  5. ComboFix 14-09-11.01 - Heather 11/09/2014 18:12:59.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.396 [GMT 1:00] Running from: c:\documents and settings\Heather\Desktop\ComboFix.exe AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66} FW: AVG Internet Security 2014 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\1338750107.bdinstall.bin c:\documents and settings\All Users\Application Data\TEMP C:\Microsoft C:\Thumbs.db c:\windows\system32\Cache c:\windows\system32\Cache\075884af680ff6dc.fb c:\windows\system32\Cache\1c1bac9197030214.fb c:\windows\system32\Cache\227113dfa1ca894d.fb c:\windows\system32\Cache\3b9c3193a0f466ac.fb c:\windows\system32\Cache\44f8731177834a2f.fb c:\windows\system32\Cache\49fbbc5a8678d502.fb c:\windows\system32\Cache\613e8ce7ab7106af.fb c:\windows\system32\Cache\6195a63dd23bae46.fb c:\windows\system32\Cache\633a76311867bd11.fb c:\windows\system32\Cache\655ec530b55c9308.fb c:\windows\system32\Cache\691f14230153a9e1.fb c:\windows\system32\Cache\6cb409d7ac73d9f1.fb c:\windows\system32\Cache\7614bd6cfa99e546.fb c:\windows\system32\Cache\77664b6ccc36be9f.fb c:\windows\system32\Cache\875e0174e6f8b7c8.fb c:\windows\system32\Cache\881b3593316772f0.fb c:\windows\system32\Cache\98657d0579ae1930.fb c:\windows\system32\Cache\c4e10d1be905349b.fb c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb c:\windows\system32\Cache\d73a98e64df23733.fb c:\windows\system32\Cache\d9ca663388d21ec0.fb c:\windows\system32\Cache\f2cda51fd108941f.fb c:\windows\system32\Cache\f34d8db84131d925.fb c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2014-08-11 to 2014-09-11 ))))))))))))))))))))))))))))))) . . 2014-09-11 16:13 . 2014-09-11 16:13 -------- d-----w- c:\documents and settings\Heather\Local Settings\Application Data\Adobe 2014-09-07 04:28 . 2014-09-11 16:05 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-09-07 04:27 . 2014-09-08 13:34 54232 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-09-07 04:27 . 2014-09-07 04:27 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2014-09-07 04:27 . 2014-05-12 06:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-08-30 14:40 . 2014-08-30 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Reimage Protector 2014-08-30 14:40 . 2014-08-30 14:47 -------- d-----w- c:\program files\Reimage 2014-08-30 14:40 . 2014-08-30 14:49 -------- dc----w- C:\rei 2014-08-30 05:18 . 2014-08-30 05:18 -------- d-----w- c:\windows\system32\wbem\Repository 2014-08-29 04:24 . 2014-08-29 04:28 -------- dc----w- C:\AdwCleaner 2014-08-29 04:00 . 2014-08-29 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\MobileBrServ 2014-08-29 02:30 . 2014-08-29 02:30 -------- d-----w- c:\windows\ERUNT 2014-08-28 06:39 . 2014-07-22 21:21 47216 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll 2014-08-27 21:39 . 2014-09-10 19:45 -------- dc----w- C:\FRST 2014-08-27 04:19 . 2014-08-27 04:19 -------- d-----w- c:\program files\Malwarebytes Secure Backup 2014-08-27 03:08 . 2014-08-30 05:19 -------- d-----w- c:\documents and settings\mine 2014-08-27 00:52 . 2014-08-27 00:52 -------- d--h--w- c:\windows\PIF 2014-08-27 00:11 . 2014-08-27 00:11 -------- d-----w- c:\windows\Downloaded Installations 2014-08-21 18:47 . 2014-08-21 18:47 -------- d-----w- c:\documents and settings\Heather\Application Data\EPSON 2014-08-21 15:47 . 2009-04-30 23:00 15872 ----a-w- c:\windows\system32\escdev.dll 2014-08-21 15:47 . 2009-04-30 23:00 128392 ----a-w- c:\windows\system32\esdevapp.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-08-30 19:53 . 2013-12-03 07:30 71344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-08-30 19:53 . 2013-12-03 07:30 699568 -c--a-w- c:\windows\system32\FlashPlayerApp.exe 2014-07-14 10:26 . 2014-07-26 10:08 35640 ----a-w- c:\windows\system32\uxtuneup.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2011-05-22 00:17 . E62DBCCDF66DA3ED660CED32E70886C0 . 924632 . . [5.0] . . c:\windows\ERDNT\cache\firefox.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-13 1024000] "ACU"="c:\program files\Atheros\ACU.exe" [2008-04-14 450648] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2008-09-05 393216] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-09 159744] "DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-29 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-29 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-29 131072] "RTHDCPL"="RTHDCPL.EXE" [2008-10-29 16851456] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-08-19 417792] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904] "SOSUAUI"="c:\program files\Malwarebytes Secure Backup\sosuploadagent.exe" [2014-03-19 55704] "SMessaging"="c:\program files\Malwarebytes Secure Backup\SMessaging.exe" [2014-03-19 65432] "AccountCreatorRunner"="c:\program files\Malwarebytes Secure Backup\AccountCreatorRunner.exe" [2014-03-19 22424] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2008-09-08 5567800] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"= . R2 ReimageRealTimeProtector;Reimage Real Time Protector;c:\program files\Reimage\Reimage Protector\ReiGuard.exe [28/07/2014 20:12 5857128] R2 sagentservice;Offsite Online Backup Service;c:\program files\Malwarebytes Secure Backup\SAgent.Service.exe [19/03/2014 14:25 41880] R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26/03/2007 12:22 105856] R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19/02/2007 12:15 134016] R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [19/09/2008 08:26 5888] R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [19/09/2008 08:09 157696] R3 vodafone_K380x-z_dc_enum;vodafone_K380x-z_dc_enum;c:\windows\system32\drivers\vodafone_K380x-z_dc_enum.sys [20/05/2010 14:40 80000] S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys --> c:\windows\system32\drivers\BMLoad.sys [?] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [07/09/2014 05:27 1809720] S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [07/09/2014 05:27 860472] S2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\documents and settings\All Users\Application Data\MobileBrServ\mbbService.exe [29/08/2014 05:01 233344] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?] S3 filtertdidriver;filtertdidriver;c:\windows\system32\drivers\ewfiltertdidriver.sys --> c:\windows\system32\drivers\ewfiltertdidriver.sys [?] S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys --> c:\windows\system32\DRIVERS\ew_jucdcacm.sys [?] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [30/03/2012 00:46 72832] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [07/09/2014 05:27 54232] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [07/09/2014 05:27 23256] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [12/05/2011 02:02 27064] S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?] S3 SBRE;SBRE;c:\windows\system32\drivers\sbredrv.sys [18/06/2009 14:48 92464] S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [05/04/2014 03:35 13464] S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys --> c:\windows\system32\DRIVERS\ZTEusbnet.sys [?] S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [15/04/2011 17:22 105856] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-09-10 20:05 1088840 ----a-w- c:\program files\Google\Chrome\Application\39.0.2150.5\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-14 19:53] . 2014-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57] . 2014-09-11 c:\windows\Tasks\Online Backup Update Notifier.job - c:\program files\Malwarebytes Secure Backup\SUpdateNotifier.exe [2014-03-19 13:25] . 2014-09-08 c:\windows\Tasks\Reimage Reminder.job - c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2014-07-27 14:53] . 2014-09-11 c:\windows\Tasks\ReimageUpdater.job - c:\program files\Reimage\Reimage Protector\ReiGuard.exe [2014-07-28 19:12] . 2009-04-27 c:\windows\Tasks\System Restore.job - c:\windows\system32\Restore\rstrui.exe [2008-09-19 12:00] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Heather\Application Data\Mozilla\Firefox\Profiles\eh7yg0cn.default-1409207353012\ . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) Notify-SDWinLogon - SDWinLogon.dll . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-09-11 18:24 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2014-09-11 18:27:58 ComboFix-quarantined-files.txt 2014-09-11 17:27 ComboFix2.txt 2011-05-25 09:27 . Pre-Run: 90,161,405,952 bytes free Post-Run: 90,560,602,112 bytes free . - - End Of File - - 48040EA4453734388524B96B40C70494 8F558EB6672622401DA993E1E865C861
  6. the log is above attached directly under the photo's i attached it via more reply options i did state also above that i hoped you didn't miss it
  7. sorry the photos came up in multiples first time i have succeeded in attaching a log correctly - i am hoping you don't miss the log attached Would you please let me know when i will be safe to install Avast AV? i have removed all files named AVG!
  8. hi Ron i have found windows desktop search in my program files is there a way to disable it from the files and would you know which file? Will try & attach photos of windows desktop search files. also i see the porn sites in the above addition log here: (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2011-04-20 19:41 - 2013-10-16 10:46 - 00449016 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com
  9. i can see from this that the windows search is showing on the user acct (titled: mine) i set up to try and fix mbam back up let me know if i should go to that user acct to uninstall it also i see i have bad sites appearing again ie. porn etc Data\Windows Desktop Search 2014-08-27 04:11 - 2014-08-27 04:11 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Apple Computer
  10. Additional scan result of Farbar Recovery Scan Tool (x86) Version:26-08-2014 Ran by Heather at 2014-09-10 20:44:18 Running from C:\Documents and Settings\Heather\desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Internet Security 2014 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall (Disabled) {8decf618-9569-4340-b34a-d78d28969b66} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.) Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{8355F970-601D-442D-A79B-1D7DB4F24CAD}) (Version: 2.5.1.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Client Utility (HKLM\...\{16E8BF9A-B419-4A44-A020-30F8CFB84B9D}) (Version: - Atheros) Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.212.0819L - Chicony Electronics Co.,Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - ) EPSON SX510W Series Printer Uninstall (HKLM\...\EPSON SX510W Series) (Version: - SEIKO EPSON Corporation) FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version: - ) Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2145.4 - Google Inc.) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - ) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Malwarebytes Secure Backup (HKLM\...\{E8FF0AA9-9733-49D5-86B9-3FB75F9E4D60}) (Version: 5.12.2.745 - Malwarebytes Corporation) Map Button (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Internet Explorer Administration Kit 5 (HKLM\...\IEAK5) (Version: - ) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office XP Resource Kit Tools (HKLM\...\{95250409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6403.0 - Microsoft Corporation) Microsoft Search Enhancement Pack (Version: 3.0.127.0 - Microsoft Corporation) Hidden Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Mobile Broadband HL Service (HKLM\...\Mobile Broadband HL Service) (Version: 22.001.16.00.03 - Huawei Technologies Co.,Ltd) Mozilla Firefox 32.0 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0 (x86 en-US)) (Version: 32.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla) MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) OneCare Advisor (Windows Live Toolbar) (Version: 03.00.2038 - Microsoft Corporation) Hidden OutRun (HKLM\...\OutRun_is1) (Version: - GameFabrique) Pacman (remove only) (HKLM\...\Pacman) (Version: - JenkatGames) Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.) Popup Blocker (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.16.0001 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5699 - Realtek Semiconductor Corp.) Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.6.6.6 - Reimage) Revo Uninstaller 1.92 (HKLM\...\Revo Uninstaller) (Version: 1.92 - VS Revo Group) Revo Uninstaller Pro 2.5.3 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.3 - VS Revo Group, Ltd.) Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden Smart Menus (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden Speccy (HKLM\...\Speccy) (Version: 1.23 - Piriform) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics) Tabbed Browsing (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden TOSHIBA ConfigFree (HKLM\...\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}) (Version: 5.90.11A2 - ) TOSHIBA Direct Disc Writer (HKLM\...\{400830CA-F056-4BBE-80A3-9DF9CA4FB889}) (Version: 1.1.0.0a - TOSHIBA Corporation) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation) TOSHIBA Manuals (HKLM\...\{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}) (Version: 7.40 - TOSHIBA) Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.00.0002 - TOSHIBA) TOSHIBA Zooming Utility (HKLM\...\{64212898-097F-4F3F-AECA-6D34A7EF82DF}) (Version: 2.00.00.24f - TOSHIBA) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation) Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Outlook Toolbar (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live Toolbar (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Toolbar Feed Detector (Windows Live Toolbar) (Version: 03.01.0073 - Microsoft Corporation) Hidden Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2577866921-869302320-1379617784-1007_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation) ==================== Restore Points ========================= 13-06-2014 11:01:14 Software Distribution Service 3.0 09-07-2014 03:40:18 Software Distribution Service 3.0 24-07-2014 00:58:53 System Checkpoint 26-07-2014 09:41:32 Installed AVG PC TuneUp 2014 26-07-2014 09:51:18 Removed AVG PC TuneUp 2014 26-07-2014 09:52:02 Removed AVG PC TuneUp 2014 (en-US) 26-07-2014 09:53:31 Installed AVG PC TuneUp 2014 28-07-2014 10:40:42 Removed AVG PC TuneUp 2014 28-07-2014 10:43:10 Removed AVG PC TuneUp 2014 (en-US) 13-08-2014 11:45:13 Software Distribution Service 3.0 21-08-2014 15:25:19 Unsigned printer driver EPSON SX510W Series installed. 26-08-2014 23:13:06 Removed AVG 2014 26-08-2014 23:14:20 Removed AVG 2014 27-08-2014 03:03:58 Installed Malwarebytes Secure Backup 27-08-2014 03:05:30 Installed Malwarebytes Secure Backup 27-08-2014 04:18:55 Installed Malwarebytes Secure Backup 29-08-2014 03:54:24 Installed Windows XP KB959765. 29-08-2014 03:54:51 Installed Windows XP KB945436. 29-08-2014 04:01:37 Installed Windows XP KB959765. 29-08-2014 04:02:00 Installed Windows XP KB945436. 29-08-2014 07:18:41 Removed Java 7 Update 51 29-08-2014 10:00:30 Software Distribution Service 3.0 30-08-2014 05:14:10 Restore Operation 30-08-2014 14:04:11 Software Distribution Service 3.0 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2011-04-20 19:41 - 2013-10-16 10:46 - 00449016 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe Task: C:\WINDOWS\Tasks\Online Backup Update Notifier.job => C:\Program Files\Malwarebytes Secure Backup\SUpdateNotifier.exe Task: C:\WINDOWS\Tasks\Reimage Reminder.job => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe Task: C:\WINDOWS\Tasks\ReimageUpdater.job => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe Task: C:\WINDOWS\Tasks\System Restore.job => C:\WINDOWS\system32\Restore\rstrui.exe ==================== Loaded Modules (whitelisted) ============= 2014-08-29 05:01 - 2012-06-28 07:19 - 00233344 _____ () C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbservice.exe 2008-09-19 08:26 - 2004-11-05 17:24 - 00090112 _____ () C:\Program Files\TOSHIBA\ConfigFree\CFShlExt.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\WINDOWS\system32\wupdmgr.exe:SummaryInformation ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Atheros AR5007EG Wireless Network Adapter Description: Atheros AR5007EG Wireless Network Adapter Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Atheros Service: AR5416 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/10/2014 08:41:16 PM) (Source: Windows Search Service) (EventID: 1006) (User: ) Description: 50x80070715Search.MapPI Error: (09/10/2014 08:38:45 PM) (Source: Windows Search Service) (EventID: 1006) (User: ) Description: 50x80070715Search.MapPI Error: (09/10/2014 02:36:30 AM) (Source: Windows Search Service) (EventID: 1006) (User: ) Description: 50x80070715Search.MapPI Error: (09/10/2014 02:12:38 AM) (Source: Windows Search Service) (EventID: 1006) (User: ) Description: 50x80070715Search.MapPI Error: (09/10/2014 02:08:06 AM) (Source: Windows Search Service) (EventID: 1006) (User: ) Description: 50x80070715Search.MapPI Error: (09/09/2014 00:42:33 AM) (Source: Windows Search Service) (EventID: 1006) (User: ) Description: 50x80070715Search.MapPI Error: (09/09/2014 00:38:36 AM) (Source: Windows Search Service) (EventID: 1006) (User: ) Description: 50x80070715Search.MapPI Error: (09/08/2014 02:07:16 PM) (Source: Windows Search Service) (EventID: 1006) (User: ) Description: 50x80070715Search.MapPI Error: (09/08/2014 02:03:57 PM) (Source: Windows Search Service) (EventID: 1006) (User: ) Description: 50x80070715Search.MapPI Error: (09/08/2014 03:53:10 AM) (Source: Windows Search Service) (EventID: 1006) (User: ) Description: 50x80070715Search.MapPI System errors: ============= Error: (09/10/2014 08:41:20 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error 2147749155 (0x80040D23). Error: (09/10/2014 08:40:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Application Layer Gateway Service service failed to start due to the following error: %%1053 Error: (09/10/2014 08:40:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect. Error: (09/10/2014 08:39:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (09/10/2014 08:39:16 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (09/10/2014 08:38:52 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error 2147749155 (0x80040D23). Error: (09/10/2014 08:38:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: BMLoad Error: (09/10/2014 02:36:31 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error 2147749155 (0x80040D23). Error: (09/10/2014 02:12:41 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error 2147749155 (0x80040D23). Error: (09/10/2014 02:10:05 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel® Atom CPU N270 @ 1.60GHz Percentage of memory in use: 88% Total physical RAM: 1013.88 MB Available physical RAM: 116.16 MB Total Pagefile: 2445.1 MB Available Pagefile: 1591.57 MB Total Virtual: 2047.88 MB Available Virtual: 1928.68 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.79 GB) (Free:84.22 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 5417C78F) Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  11. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:26-08-2014 Ran by Heather (administrator) on CURLEWBIRDY on 10-09-2014 20:42:02 Running from C:\Documents and Settings\Heather\desktop Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Atheros) C:\WINDOWS\system32\acs.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe () C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbService.exe (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe (Malwarebytes Secure Backup) C:\Program Files\Malwarebytes Secure Backup\SAgent.Service.exe (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (TOSHIBA Corp.) C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corporation) C:\WINDOWS\system32\TODDSrv.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Secure Backup\mbsbscan.exe (Malwarebytes Secure Backup) C:\Program Files\Malwarebytes Secure Backup\SUpdateNotifier.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Atheros Communications, Inc.) C:\Program Files\Atheros\ACU.exe (TOSHIBA) C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Malwarebytes Secure Backup) C:\Program Files\Malwarebytes Secure Backup\SMessaging.exe (FileHippo.com) C:\Program Files\FileHippo.com\UpdateChecker.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1024000 2008-08-13] (Synaptics, Inc.) HKLM\...\Run: [ACU] => C:\Program Files\Atheros\ACU.exe [450648 2008-04-14] (Atheros Communications, Inc.) HKLM\...\Run: [THotkey] => C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [393216 2008-09-05] (TOSHIBA) HKLM\...\Run: [smoothView] => C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [159744 2007-04-09] (TOSHIBA Corporation) HKLM\...\Run: [DDWMon] => C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [495616 2007-04-26] (TOSHIBA Corporation) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16851456 2008-10-29] (Realtek Semiconductor Corp.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-08-19] (Chicony) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM\...\Run: [sOSUAUI] => C:\Program Files\Malwarebytes Secure Backup\sosuploadagent.exe [55704 2014-03-19] (Malwarebytes Secure Backup) HKLM\...\Run: [sMessaging] => C:\Program Files\Malwarebytes Secure Backup\SMessaging.exe [65432 2014-03-19] (Malwarebytes Secure Backup) HKLM\...\Run: [AccountCreatorRunner] => C:\Program Files\Malwarebytes Secure Backup\AccountCreatorRunner.exe [22424 2014-03-19] (Malwarebytes Secure Backup) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0 HKLM\...\Policies\Explorer: [NoResolveSearch] 1 HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [5567800 2008-09-08] () HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation) HKU\.DEFAULT\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-2577866921-869302320-1379617784-1007\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com) HKU\S-1-5-21-2577866921-869302320-1379617784-1007\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-2577866921-869302320-1379617784-1007\...\Run: [EPSON SX510W Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE [199680 2008-11-20] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2577866921-869302320-1379617784-1007\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0 Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt FireFox: ======== FF ProfilePath: C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\eh7yg0cn.default-1409207353012 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npganymedenet.dll ( ) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-14] FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon Chrome: ======= CHR CustomProfile: C:\Documents and Settings\Heather\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Heather\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-19] CHR Extension: (Google Wallet) - C:\Documents and Settings\Heather\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-19] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACS; C:\WINDOWS\system32\acs.exe [467028 2008-04-14] (Atheros) [File not signed] S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [262320 2014-08-30] (Adobe Systems Incorporated) [File not signed] R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712 2009-06-05] (Apple Inc.) R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [390504 2011-08-31] (Apple Inc.) [File not signed] R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2005-01-17] (TOSHIBA CORPORATION) [File not signed] R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) [File not signed] R2 Mobile Broadband HL Service; C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbservice.exe [233344 2012-06-28] () S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-07-22] (Mozilla Foundation) [File not signed] R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [5857128 2014-07-28] (Reimage®) [File not signed] R2 sagentservice; C:\Program Files\Malwarebytes Secure Backup\SAgent.Service.exe [41880 2014-03-19] (Malwarebytes Secure Backup) [File not signed] R2 TAPPSRV; C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe [33792 2008-08-29] (TOSHIBA Corp.) [File not signed] R2 UxTuneUp; C:\WINDOWS\System32\uxtuneup.dll [35640 2014-07-14] (AVG) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1528928 2009-03-13] (Atheros Communications, Inc.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation) S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [54232 2014-09-08] (Malwarebytes Corporation) [File not signed] R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) [File not signed] R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-10] (Malwarebytes Corporation) [File not signed] S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) R2 Netdevio; C:\WINDOWS\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.) [File not signed] R3 RSUSBSTOR; C:\WINDOWS\System32\Drivers\RTS5121.sys [157696 2008-09-04] (Realtek Semiconductor Corp.) S3 SBRE; C:\WINDOWS\system32\drivers\SBREdrv.sys [92464 2009-06-18] (Sunbelt Software) S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-04-05] () R1 tcpipBM; C:\WINDOWS\system32\Drivers\tcpipBM.sys [24192 2009-12-15] (Bytemobile, Inc.) [File not signed] S3 tdcmdpst; C:\WINDOWS\System32\DRIVERS\tdcmdpst.sys [16128 2006-10-18] (TOSHIBA Corporation.) [File not signed] R2 tdudf; C:\WINDOWS\System32\DRIVERS\tdudf.sys [105856 2007-03-26] (TOSHIBA Corporation) R2 trudf; C:\WINDOWS\System32\DRIVERS\trudf.sys [134016 2007-02-19] (TOSHIBA Corporation) S3 UVCFTR; C:\WINDOWS\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.) R3 vodafone_K380x-z_dc_enum; C:\WINDOWS\System32\DRIVERS\vodafone_K380x-z_dc_enum.sys [80000 2010-05-20] (Vodafone) S3 ZTEusbvoice; C:\WINDOWS\System32\DRIVERS\ZTEusbvoice.sys [105856 2010-08-11] (ZTE Incorporated) S3 BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys [X] S3 BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys [X] S0 BMLoad; system32\drivers\BMLoad.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 filtertdidriver; system32\drivers\ewfiltertdidriver.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S4 IntelIde; No ImagePath S3 massfilter; system32\drivers\massfilter.sys [X] U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-14] (Microsoft Corporation) S3 PCASp50; System32\Drivers\PCASp50.sys [X] S3 Profos; \??\C:\Program Files\Softwin\BitDefender10\profos.sys [X] S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [X] U5 sdbus; C:\Windows\System32\Drivers\sdbus.sys [79232 2008-04-14] (Microsoft Corporation) U3 TlntSvr; No ImagePath S3 Tosrfcom; No ImagePath S3 Trufos; \??\C:\Program Files\Softwin\BitDefender10\trufos.sys [X] S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-10 20:42 - 2014-09-10 20:42 - 00015597 _____ () C:\Documents and Settings\Heather\desktop\FRST.txt 2014-09-10 02:19 - 2014-09-10 02:19 - 00002318 _____ () C:\WINDOWS\system32\ScanResults.xml 2014-09-10 02:08 - 2014-09-10 02:08 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings 2014-09-08 14:17 - 2014-09-08 14:17 - 00162010 _____ () C:\Documents and Settings\Heather\desktop\DIAG_MATS_NETWORK_global(1).DiagCab 2014-09-08 14:14 - 2014-09-08 14:14 - 00347816 _____ (Microsoft Corporation) C:\Documents and Settings\Heather\desktop\MicrosoftFixit.Search.RNP.1333612852258658.1.1.Run.exe 2014-09-07 05:28 - 2014-09-10 20:41 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-09-07 05:27 - 2014-09-08 14:34 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-09-07 05:27 - 2014-09-07 05:27 - 00000777 _____ () C:\Documents and Settings\All Users\desktop\Malwarebytes Anti-Malware.lnk 2014-09-07 05:27 - 2014-09-07 05:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-09-07 05:27 - 2014-09-07 05:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-07 05:27 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-09-07 05:23 - 2014-09-07 05:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Heather\desktop\mbam-setup-2.0.2.1012.exe 2014-09-06 20:53 - 2014-09-06 20:54 - 00321848 _____ (Malwarebytes Corporation) C:\Documents and Settings\Heather\desktop\mbam-clean-2.1.1.1001.exe 2014-09-05 01:51 - 2014-09-05 01:59 - 00028486 _____ () C:\Documents and Settings\Heather\desktop\Result.txt 2014-09-05 01:39 - 2014-09-05 01:40 - 00401920 _____ (Farbar) C:\Documents and Settings\Heather\desktop\MiniToolBox.exe 2014-09-02 16:16 - 2014-09-02 16:19 - 00000000 ____D () C:\Documents and Settings\Heather\desktop\Net Conf Fix 2014-09-02 16:05 - 2014-09-02 16:05 - 00000000 __SDC () C:\ComboFix 2014-08-30 15:48 - 2014-09-08 15:48 - 00000278 _____ () C:\WINDOWS\Tasks\Reimage Reminder.job 2014-08-30 15:47 - 2014-09-10 20:39 - 00000336 _____ () C:\WINDOWS\Tasks\ReimageUpdater.job 2014-08-30 15:40 - 2014-08-30 15:49 - 00000000 ___DC () C:\rei 2014-08-30 15:40 - 2014-08-30 15:47 - 00000000 ____D () C:\Program Files\Reimage 2014-08-30 15:40 - 2014-08-30 15:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Reimage Protector 2014-08-30 15:40 - 2014-08-30 15:40 - 00001749 _____ () C:\Documents and Settings\All Users\desktop\PC Scan & Repair by Reimage.lnk 2014-08-30 15:40 - 2014-08-30 15:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Reimage Repair 2014-08-30 15:34 - 2014-08-30 15:49 - 00000163 _____ () C:\WINDOWS\Reimage.ini 2014-08-29 12:43 - 2014-08-29 12:43 - 00004050 _____ () C:\Documents and Settings\Heather\desktop\fixlist.txt 2014-08-29 12:33 - 2014-08-29 07:52 - 01095168 ____C (Farbar) C:\Documents and Settings\Heather\desktop\FRST.exe 2014-08-29 08:38 - 2014-08-29 08:38 - 00006368 ____C () C:\JavaRa.log 2014-08-29 08:30 - 2014-08-29 08:31 - 00000000 ____D () C:\Documents and Settings\Heather\desktop\remove java 2014-08-29 06:35 - 2014-08-29 06:57 - 00048140 _____ () C:\Documents and Settings\Heather\desktop\Extras.Txt 2014-08-29 06:08 - 2014-08-29 06:57 - 00117946 _____ () C:\Documents and Settings\Heather\desktop\OTL.Txt 2014-08-29 05:43 - 2014-08-29 05:43 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Heather\desktop\OTL.exe 2014-08-29 05:24 - 2014-08-29 05:28 - 00000000 ___DC () C:\AdwCleaner 2014-08-29 05:23 - 2014-08-29 05:23 - 01364531 _____ () C:\Documents and Settings\Heather\desktop\AdwCleaner.exe 2014-08-29 05:05 - 2014-08-29 05:05 - 00000388 _____ () C:\WINDOWS\nsw.log 2014-08-29 05:00 - 2014-08-29 05:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MobileBrServ 2014-08-29 04:54 - 2014-08-29 05:02 - 00011345 _____ () C:\WINDOWS\KB945436.log 2014-08-29 04:53 - 2014-08-29 05:01 - 00007495 _____ () C:\WINDOWS\KB959765.log 2014-08-29 04:51 - 2014-08-29 05:05 - 00049586 _____ () C:\WINDOWS\setupapi.log 2014-08-29 03:30 - 2014-08-29 03:30 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-08-29 03:27 - 2014-08-29 03:27 - 01016261 _____ (Thisisu) C:\Documents and Settings\Heather\desktop\JRT.exe 2014-08-28 19:43 - 2014-08-30 08:34 - 00000120 _____ () C:\WINDOWS\setupact.log 2014-08-28 19:43 - 2014-08-28 19:43 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-08-28 07:37 - 2014-08-28 07:37 - 00000104 _____ () C:\Documents and Settings\Heather\desktop\Set Program Access and Defaults.lnk 2014-08-27 23:13 - 2014-09-05 02:08 - 00032041 _____ () C:\Documents and Settings\Heather\desktop\CheckResults.txt 2014-08-27 23:11 - 2014-08-27 23:12 - 01682416 _____ (Malwarebytes Corporation) C:\Documents and Settings\Heather\desktop\mbam-check-2.1.1.1001.exe 2014-08-27 22:39 - 2014-09-10 20:42 - 00000000 ___DC () C:\FRST 2014-08-27 05:20 - 2014-09-10 20:39 - 00000466 _____ () C:\WINDOWS\Tasks\Online Backup Update Notifier.job 2014-08-27 05:19 - 2014-08-27 05:19 - 00001752 _____ () C:\Documents and Settings\All Users\desktop\Malwarebytes Secure Backup.lnk 2014-08-27 05:19 - 2014-08-27 05:19 - 00000000 ____D () C:\Program Files\Malwarebytes Secure Backup 2014-08-27 05:19 - 2014-08-27 05:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes 2014-08-27 04:12 - 2014-08-27 04:12 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Mozilla 2014-08-27 04:12 - 2014-08-27 04:12 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Mozilla 2014-08-27 04:11 - 2014-08-27 04:11 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Windows Desktop Search 2014-08-27 04:11 - 2014-08-27 04:11 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Apple Computer 2014-08-27 04:10 - 2014-08-27 04:10 - 00000803 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Internet Explorer.lnk 2014-08-27 04:10 - 2014-08-27 04:10 - 00000797 _____ () C:\Documents and Settings\mine\Application Data\Launch Internet Explorer Browser.lnk 2014-08-27 04:10 - 2014-08-27 04:10 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Google 2014-08-27 04:09 - 2014-08-27 04:09 - 00000788 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Windows Media Player.lnk 2014-08-27 04:09 - 2014-08-27 04:09 - 00000782 _____ () C:\Documents and Settings\mine\desktop\Windows Media Player.lnk 2014-08-27 04:08 - 2014-08-30 06:19 - 00000000 ____D () C:\Documents and Settings\mine 2014-08-27 04:08 - 2014-08-30 06:14 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Temp 2014-08-27 04:08 - 2014-08-29 04:42 - 00000178 ___SH () C:\Documents and Settings\mine\ntuser.ini 2014-08-27 04:08 - 2014-08-28 09:50 - 00053240 _____ () C:\Documents and Settings\mine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-08-27 04:08 - 2014-08-27 04:10 - 00000000 ___RD () C:\Documents and Settings\mine\Start Menu\Programs\Accessories 2014-08-27 04:08 - 2013-11-27 09:17 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\TuneUp Software 2014-08-27 04:08 - 2013-11-27 09:16 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Avg2014 2014-08-27 04:08 - 2011-05-11 17:32 - 00000000 __SHD () C:\Documents and Settings\mine\IETldCache 2014-08-27 04:08 - 2009-08-01 00:34 - 00001599 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Remote Assistance.lnk 2014-08-27 04:08 - 2008-09-25 09:55 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Seven Zip 2014-08-27 04:08 - 2008-09-25 09:55 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Adobe 2014-08-27 04:08 - 2008-09-25 09:54 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Sun 2014-08-27 04:08 - 2008-09-25 09:54 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\InstallShield 2014-08-27 04:08 - 2008-09-25 09:54 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Adobe 2014-08-27 04:08 - 2008-09-19 08:35 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Microsoft Help 2014-08-27 04:08 - 2008-09-19 07:31 - 00000745 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Outlook Express.lnk 2014-08-27 03:54 - 2014-08-27 03:57 - 00000796 _____ () C:\Documents and Settings\Heather\desktop\unhide.txt 2014-08-27 01:52 - 2014-08-27 01:52 - 00000000 ___HD () C:\WINDOWS\PIF 2014-08-27 01:11 - 2014-08-27 01:11 - 00000000 ____D () C:\WINDOWS\Downloaded Installations 2014-08-21 19:47 - 2014-08-21 19:47 - 00000000 ____D () C:\Documents and Settings\Heather\Application Data\EPSON 2014-08-21 16:47 - 2014-08-21 16:47 - 00000665 _____ () C:\Documents and Settings\All Users\desktop\EPSON Scan.lnk 2014-08-21 16:47 - 2009-05-01 00:00 - 00128392 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esdevapp.exe 2014-08-21 16:47 - 2009-05-01 00:00 - 00015872 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\escdev.dll 2014-08-21 16:47 - 2008-11-17 00:00 - 00342016 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\eswiaud.dll 2014-08-21 16:25 - 2014-08-21 16:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EPSON 2014-08-21 16:25 - 2008-11-12 03:00 - 00093696 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_FLBFIE.DLL 2014-08-21 16:25 - 2008-11-12 03:00 - 00079360 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_FD4BFIE.DLL 2014-08-21 16:25 - 2007-04-10 01:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_DCINST.DLL 2014-08-21 15:18 - 2008-04-14 00:17 - 00025856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbprint.sys 2014-08-21 15:18 - 2008-04-14 00:17 - 00025856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys 2014-08-18 15:02 - 2007-06-22 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\PICSDK2.dll 2014-08-18 15:02 - 2007-06-22 00:10 - 00000097 _____ () C:\WINDOWS\system32\PICSDK.ini 2014-08-18 15:02 - 2006-10-31 00:10 - 00120992 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\EpPicPrt.dll 2014-08-18 15:02 - 2006-10-31 00:10 - 00071840 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\EPPicMgr.dll 2014-08-18 15:02 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\PICEntry.dll 2014-08-18 15:02 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\PICSDK.dll 2014-08-18 15:02 - 2005-06-01 00:20 - 00111932 _____ () C:\WINDOWS\system32\EPPICPrinterDB.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00031053 _____ () C:\WINDOWS\system32\EPPICPattern131.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00027417 _____ () C:\WINDOWS\system32\EPPICPattern121.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00026154 _____ () C:\WINDOWS\system32\EPPICPattern1.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00024903 _____ () C:\WINDOWS\system32\EPPICPattern3.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00021390 _____ () C:\WINDOWS\system32\EPPICPattern5.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00020148 _____ () C:\WINDOWS\system32\EPPICPattern2.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00013732 _____ () C:\WINDOWS\system32\EPPICLocal_EN.cfg 2014-08-18 15:02 - 2004-03-03 06:10 - 00011811 _____ () C:\WINDOWS\system32\EPPICPattern4.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00006442 _____ () C:\WINDOWS\system32\EPPICLocal_IT.cfg 2014-08-18 15:02 - 2004-03-03 06:10 - 00006347 _____ () C:\WINDOWS\system32\EPPICLocal_PT.cfg 2014-08-18 15:02 - 2004-03-03 06:10 - 00006347 _____ () C:\WINDOWS\system32\EPPICLocal_BP.cfg 2014-08-18 15:02 - 2004-03-03 06:10 - 00006335 _____ () C:\WINDOWS\system32\EPPICLocal_GE.cfg 2014-08-18 15:02 - 2004-03-03 06:10 - 00006195 _____ () C:\WINDOWS\system32\EPPICLocal_FR.cfg 2014-08-18 15:02 - 2004-03-03 06:10 - 00006195 _____ () C:\WINDOWS\system32\EPPICLocal_CF.cfg 2014-08-18 15:02 - 2004-03-03 06:10 - 00006122 _____ () C:\WINDOWS\system32\EPPICLocal_DU.cfg 2014-08-18 15:02 - 2004-03-03 06:10 - 00006103 _____ () C:\WINDOWS\system32\EPPICLocal_ES.cfg 2014-08-18 15:02 - 2004-03-03 06:10 - 00005817 _____ () C:\WINDOWS\system32\EPPICLocal_KO.cfg 2014-08-18 15:02 - 2004-03-03 06:10 - 00005436 _____ () C:\WINDOWS\system32\EPPICLocal_SC.cfg 2014-08-18 15:02 - 2004-03-03 06:10 - 00004943 _____ () C:\WINDOWS\system32\EPPICPattern6.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00002889 _____ () C:\WINDOWS\system32\EPPICLocal_RU.cfg 2014-08-18 15:02 - 2004-03-03 06:10 - 00002426 _____ () C:\WINDOWS\system32\EPPICLocal_TC.cfg 2014-08-18 15:02 - 2004-03-03 06:10 - 00001146 _____ () C:\WINDOWS\system32\EPPICPresetData_DU.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00001139 _____ () C:\WINDOWS\system32\EPPICPresetData_PT.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00001139 _____ () C:\WINDOWS\system32\EPPICPresetData_BP.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00001136 _____ () C:\WINDOWS\system32\EPPICPresetData_ES.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00001129 _____ () C:\WINDOWS\system32\EPPICPresetData_FR.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00001129 _____ () C:\WINDOWS\system32\EPPICPresetData_CF.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00001120 _____ () C:\WINDOWS\system32\EPPICPresetData_IT.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00001107 _____ () C:\WINDOWS\system32\EPPICPresetData_GE.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00001104 _____ () C:\WINDOWS\system32\EPPICPresetData_EN.dat 2014-08-18 14:55 - 2014-08-21 16:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\EPSON 2014-08-18 14:47 - 2014-08-21 16:47 - 00000000 ____D () C:\Program Files\epson ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-10 20:42 - 2014-09-10 20:42 - 00015597 _____ () C:\Documents and Settings\Heather\desktop\FRST.txt 2014-09-10 20:42 - 2014-08-27 22:39 - 00000000 ___DC () C:\FRST 2014-09-10 20:42 - 2010-10-06 09:55 - 00000000 ____D () C:\Documents and Settings\Heather\Local Settings\Temp 2014-09-10 20:41 - 2014-09-07 05:28 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-09-10 20:39 - 2014-08-30 15:47 - 00000336 _____ () C:\WINDOWS\Tasks\ReimageUpdater.job 2014-09-10 20:39 - 2014-08-27 05:20 - 00000466 _____ () C:\WINDOWS\Tasks\Online Backup Update Notifier.job 2014-09-10 20:39 - 2010-09-06 01:26 - 01937029 _____ () C:\WINDOWS\WindowsUpdate.log 2014-09-10 20:38 - 2010-09-06 03:16 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-09-10 20:38 - 2010-09-06 03:16 - 00000050 ____C () C:\WINDOWS\wiaservc.log 2014-09-10 20:38 - 2008-09-19 07:30 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-09-10 03:35 - 2011-06-21 02:24 - 00032650 _____ () C:\WINDOWS\SchedLgU.Txt 2014-09-10 03:35 - 2009-04-06 07:56 - 00000178 __SHC () C:\Documents and Settings\Heather\ntuser.ini 2014-09-10 03:35 - 2008-09-19 08:10 - 00524288 _____ () C:\WINDOWS\system32\config\ACS.evt 2014-09-10 02:53 - 2013-12-03 08:30 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-09-10 02:19 - 2014-09-10 02:19 - 00002318 _____ () C:\WINDOWS\system32\ScanResults.xml 2014-09-10 02:08 - 2014-09-10 02:08 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings 2014-09-10 02:07 - 2008-09-19 06:15 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl 2014-09-08 15:48 - 2014-08-30 15:48 - 00000278 _____ () C:\WINDOWS\Tasks\Reimage Reminder.job 2014-09-08 14:34 - 2014-09-07 05:27 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-09-08 14:17 - 2014-09-08 14:17 - 00162010 _____ () C:\Documents and Settings\Heather\desktop\DIAG_MATS_NETWORK_global(1).DiagCab 2014-09-08 14:14 - 2014-09-08 14:14 - 00347816 _____ (Microsoft Corporation) C:\Documents and Settings\Heather\desktop\MicrosoftFixit.Search.RNP.1333612852258658.1.1.Run.exe 2014-09-07 05:27 - 2014-09-07 05:27 - 00000777 _____ () C:\Documents and Settings\All Users\desktop\Malwarebytes Anti-Malware.lnk 2014-09-07 05:27 - 2014-09-07 05:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-09-07 05:27 - 2014-09-07 05:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-07 05:27 - 2010-12-16 02:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-09-07 05:24 - 2014-09-07 05:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Heather\desktop\mbam-setup-2.0.2.1012.exe 2014-09-06 20:54 - 2014-09-06 20:53 - 00321848 _____ (Malwarebytes Corporation) C:\Documents and Settings\Heather\desktop\mbam-clean-2.1.1.1001.exe 2014-09-05 02:15 - 2014-06-19 09:20 - 00001813 _____ () C:\Documents and Settings\All Users\desktop\Google Chrome.lnk 2014-09-05 02:08 - 2014-08-27 23:13 - 00032041 _____ () C:\Documents and Settings\Heather\desktop\CheckResults.txt 2014-09-05 01:59 - 2014-09-05 01:51 - 00028486 _____ () C:\Documents and Settings\Heather\desktop\Result.txt 2014-09-05 01:40 - 2014-09-05 01:39 - 00401920 _____ (Farbar) C:\Documents and Settings\Heather\desktop\MiniToolBox.exe 2014-09-02 16:19 - 2014-09-02 16:16 - 00000000 ____D () C:\Documents and Settings\Heather\desktop\Net Conf Fix 2014-09-02 16:05 - 2014-09-02 16:05 - 00000000 __SDC () C:\ComboFix 2014-09-02 16:05 - 2011-05-25 09:55 - 00000000 ___DC () C:\Qoobox 2014-08-30 20:53 - 2013-12-03 08:30 - 00699568 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-08-30 20:53 - 2013-12-03 08:30 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-08-30 17:17 - 2009-04-06 07:56 - 00000000 ____D () C:\Documents and Settings\Heather 2014-08-30 17:03 - 2008-09-19 07:31 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2014-08-30 15:49 - 2014-08-30 15:40 - 00000000 ___DC () C:\rei 2014-08-30 15:49 - 2014-08-30 15:34 - 00000163 _____ () C:\WINDOWS\Reimage.ini 2014-08-30 15:47 - 2014-08-30 15:40 - 00000000 ____D () C:\Program Files\Reimage 2014-08-30 15:47 - 2014-08-30 15:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Reimage Protector 2014-08-30 15:40 - 2014-08-30 15:40 - 00001749 _____ () C:\Documents and Settings\All Users\desktop\PC Scan & Repair by Reimage.lnk 2014-08-30 15:40 - 2014-08-30 15:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Reimage Repair 2014-08-30 08:34 - 2014-08-28 19:43 - 00000120 _____ () C:\WINDOWS\setupact.log 2014-08-30 06:19 - 2014-08-27 04:08 - 00000000 ____D () C:\Documents and Settings\mine 2014-08-30 06:19 - 2013-03-07 23:17 - 00000000 ____D () C:\Documents and Settings\ale 2014-08-30 06:19 - 2009-04-06 13:03 - 00000000 ____D () C:\Documents and Settings\Alison 2014-08-30 06:19 - 2008-09-19 07:30 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2014-08-30 06:19 - 2008-09-19 07:30 - 00000000 __SHD () C:\Documents and Settings\LocalService 2014-08-30 06:18 - 2008-09-19 07:25 - 00000000 ____D () C:\WINDOWS\Registration 2014-08-30 06:14 - 2014-08-27 04:08 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Temp 2014-08-29 21:39 - 2012-02-11 14:02 - 00326144 __SHC () C:\Documents and Settings\Heather\My Documents\Thumbs.db 2014-08-29 12:43 - 2014-08-29 12:43 - 00004050 _____ () C:\Documents and Settings\Heather\desktop\fixlist.txt 2014-08-29 08:38 - 2014-08-29 08:38 - 00006368 ____C () C:\JavaRa.log 2014-08-29 08:31 - 2014-08-29 08:30 - 00000000 ____D () C:\Documents and Settings\Heather\desktop\remove java 2014-08-29 07:52 - 2014-08-29 12:33 - 01095168 ____C (Farbar) C:\Documents and Settings\Heather\desktop\FRST.exe 2014-08-29 07:22 - 2009-04-19 14:01 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-08-29 06:57 - 2014-08-29 06:35 - 00048140 _____ () C:\Documents and Settings\Heather\desktop\Extras.Txt 2014-08-29 06:57 - 2014-08-29 06:08 - 00117946 _____ () C:\Documents and Settings\Heather\desktop\OTL.Txt 2014-08-29 05:43 - 2014-08-29 05:43 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Heather\desktop\OTL.exe 2014-08-29 05:28 - 2014-08-29 05:24 - 00000000 ___DC () C:\AdwCleaner 2014-08-29 05:23 - 2014-08-29 05:23 - 01364531 _____ () C:\Documents and Settings\Heather\desktop\AdwCleaner.exe 2014-08-29 05:05 - 2014-08-29 05:05 - 00000388 _____ () C:\WINDOWS\nsw.log 2014-08-29 05:05 - 2014-08-29 04:51 - 00049586 _____ () C:\WINDOWS\setupapi.log 2014-08-29 05:02 - 2014-08-29 04:54 - 00011345 _____ () C:\WINDOWS\KB945436.log 2014-08-29 05:01 - 2014-08-29 05:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MobileBrServ 2014-08-29 05:01 - 2014-08-29 04:53 - 00007495 _____ () C:\WINDOWS\KB959765.log 2014-08-29 04:44 - 2014-01-15 00:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-08-29 04:42 - 2014-08-27 04:08 - 00000178 ___SH () C:\Documents and Settings\mine\ntuser.ini 2014-08-29 03:30 - 2014-08-29 03:30 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-08-29 03:27 - 2014-08-29 03:27 - 01016261 _____ (Thisisu) C:\Documents and Settings\Heather\desktop\JRT.exe 2014-08-28 19:43 - 2014-08-28 19:43 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-08-28 09:50 - 2014-08-27 04:08 - 00053240 _____ () C:\Documents and Settings\mine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-08-28 07:39 - 2014-07-18 04:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-08-28 07:39 - 2014-01-15 00:05 - 00000730 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2014-08-28 07:39 - 2014-01-15 00:05 - 00000724 ____C () C:\Documents and Settings\All Users\desktop\Mozilla Firefox.lnk 2014-08-28 07:37 - 2014-08-28 07:37 - 00000104 _____ () C:\Documents and Settings\Heather\desktop\Set Program Access and Defaults.lnk 2014-08-28 07:29 - 2014-07-26 13:56 - 00000000 ____D () C:\Documents and Settings\Heather\desktop\Old Firefox Data 2014-08-28 01:41 - 2011-09-27 02:53 - 00001919 ____C () C:\WINDOWS\epplauncher.mif 2014-08-27 23:12 - 2014-08-27 23:11 - 01682416 _____ (Malwarebytes Corporation) C:\Documents and Settings\Heather\desktop\mbam-check-2.1.1.1001.exe 2014-08-27 06:47 - 2012-05-28 02:17 - 00005632 __SHC () C:\WINDOWS\Thumbs.db 2014-08-27 05:19 - 2014-08-27 05:19 - 00001752 _____ () C:\Documents and Settings\All Users\desktop\Malwarebytes Secure Backup.lnk 2014-08-27 05:19 - 2014-08-27 05:19 - 00000000 ____D () C:\Program Files\Malwarebytes Secure Backup 2014-08-27 05:19 - 2014-08-27 05:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes 2014-08-27 04:50 - 2014-02-12 16:01 - 00000000 ____D () C:\Program Files\Music Toolbar 2014-08-27 04:12 - 2014-08-27 04:12 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Mozilla 2014-08-27 04:12 - 2014-08-27 04:12 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Mozilla 2014-08-27 04:11 - 2014-08-27 04:11 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Windows Desktop Search 2014-08-27 04:11 - 2014-08-27 04:11 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Apple Computer 2014-08-27 04:10 - 2014-08-27 04:10 - 00000803 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Internet Explorer.lnk 2014-08-27 04:10 - 2014-08-27 04:10 - 00000797 _____ () C:\Documents and Settings\mine\Application Data\Launch Internet Explorer Browser.lnk 2014-08-27 04:10 - 2014-08-27 04:10 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Google 2014-08-27 04:10 - 2014-08-27 04:08 - 00000000 ___RD () C:\Documents and Settings\mine\Start Menu\Programs\Accessories 2014-08-27 04:09 - 2014-08-27 04:09 - 00000788 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Windows Media Player.lnk 2014-08-27 04:09 - 2014-08-27 04:09 - 00000782 _____ () C:\Documents and Settings\mine\desktop\Windows Media Player.lnk 2014-08-27 04:01 - 2008-09-19 08:21 - 00824206 ____C () C:\WINDOWS\system32\PerfStringBackup.INI 2014-08-27 03:57 - 2014-08-27 03:54 - 00000796 _____ () C:\Documents and Settings\Heather\desktop\unhide.txt 2014-08-27 03:16 - 2008-09-19 08:37 - 00000000 ____D () C:\Program Files\Microsoft.NET 2014-08-27 01:52 - 2014-08-27 01:52 - 00000000 ___HD () C:\WINDOWS\PIF 2014-08-27 01:11 - 2014-08-27 01:11 - 00000000 ____D () C:\WINDOWS\Downloaded Installations 2014-08-27 01:00 - 2014-04-25 00:59 - 00000682 _____ () C:\Documents and Settings\All Users\desktop\CCleaner.lnk 2014-08-27 01:00 - 2014-04-25 00:59 - 00000000 ____D () C:\Program Files\CCleaner 2014-08-27 00:15 - 2013-10-14 21:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014 2014-08-27 00:15 - 2010-12-18 00:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData 2014-08-27 00:13 - 2013-12-02 20:50 - 00000000 ___DC () C:\$AVG 2014-08-27 00:07 - 2014-03-31 12:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2014-08-27 00:03 - 2014-04-16 16:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar 2014-08-25 21:14 - 2014-04-16 16:18 - 00000000 ____D () C:\WINDOWS\system32\cache 2014-08-21 19:47 - 2014-08-21 19:47 - 00000000 ____D () C:\Documents and Settings\Heather\Application Data\EPSON 2014-08-21 16:47 - 2014-08-21 16:47 - 00000665 _____ () C:\Documents and Settings\All Users\desktop\EPSON Scan.lnk 2014-08-21 16:47 - 2014-08-21 16:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EPSON 2014-08-21 16:47 - 2014-08-18 14:47 - 00000000 ____D () C:\Program Files\epson 2014-08-21 16:47 - 2008-09-19 08:15 - 00000000 ____D () C:\WINDOWS\twain_32 2014-08-21 16:25 - 2014-08-18 14:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\EPSON 2014-08-13 13:14 - 2012-10-15 12:17 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk 2014-08-13 13:14 - 2009-10-18 17:19 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-08-13 13:05 - 2008-09-19 08:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help 2014-08-13 13:03 - 2013-07-12 22:27 - 00000000 ____D () C:\WINDOWS\system32\MRT Some content of TEMP: ==================== C:\Documents and Settings\Heather\Local Settings\Temp\ReimagePackage.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================
  12. mbam scan still not completing: objects scanned 501179 detected objects 0 time elapsed 00:34:41 root kits are enabled all is set correctly in the settings and mbam updates working fine - now switching notebook off until your next direction
  13. since doing the check disk for errors after rebooting i now have microsoft updates trying to install again on my xp i am running a mbam scan to see if it will complete and to see if i have any infections will update you a.s.a.p
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.