Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Motohelperservice.exe removed now No Internet


  • Please log in to reply

#1
jlurie

jlurie

    Member

  • Member
  • PipPip
  • 40 posts
I removed motohelperservice.exe from my computer and now I cannot connect to the internet.
  • 0

Advertisements


#2
jlurie

jlurie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
An email was opened up and there was a notice to download the attachment. We thought is was from a friend that we know, so we downloaded and opened up the file. We realized that it was Not from our friend and we tried to delete it. We were unsuccessful and started getting a message that motohelperservice.exe stopped responding. the window just stayed there so we moved the window out of the way on the desktop. I searched on the internet to see what motohelperservice was and where it may reside on the computer. I was able to delete motohelperservice from the folder.

We thought that everything was ok and we went to check our email and we could not get to the internet. I ran McAfee antivirus and malewarebytes and they found nothing. Now I do not know what to do. Any help would be greatly appreciated. Thanking you in advance


OTL logfile created on: 3/9/2014 1:27:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\ATS\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.95% Memory free
3.84 Gb Paging File | 3.08 Gb Available in Paging File | 80.26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 894.14 Gb Free Space | 95.99% Space Free | Partition Type: NTFS
Drive E: | 3.76 Gb Total Space | 3.71 Gb Free Space | 98.84% Space Free | Partition Type: FAT32

Computer Name: PWICP005 | User Name: ATS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/09 11:50:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ATS\Desktop\OTL.exe
PRC - [2014/02/19 13:17:38 | 001,387,328 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2014/02/19 13:13:32 | 000,807,800 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2014/02/02 19:01:54 | 000,487,501 | ---- | M] () -- C:\monitor.exe
PRC - [2014/01/21 10:29:18 | 001,078,312 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\fssm32.exe
PRC - [2014/01/21 10:29:16 | 000,585,256 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\fsgk32.exe
PRC - [2013/12/13 18:44:36 | 001,573,184 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
PRC - [2013/11/11 18:19:48 | 000,341,824 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2013/07/02 08:51:08 | 000,539,072 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\fsav32.exe
PRC - [2013/06/05 15:03:45 | 000,060,352 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Cbeyond Secure Desktop\ORSP Client\fsorsp.exe
PRC - [2013/04/18 16:58:08 | 000,574,272 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 17:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/01/13 15:27:32 | 001,216,512 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCcUxSys.exe
PRC - [2012/01/13 15:22:40 | 000,348,160 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCtrlCntr.exe
PRC - [2010/12/21 19:42:50 | 000,148,936 | ---- | M] (Pro Softnet Corporation) -- C:\Program Files\IDrive\IDriveE Service.exe
PRC - [2010/08/25 10:11:06 | 000,050,464 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/12/11 09:37:36 | 000,301,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Cbeyond Secure Desktop\Common\FSM32.EXE
PRC - [2009/12/11 09:37:36 | 000,186,992 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Cbeyond Secure Desktop\Common\FSMA32.EXE
PRC - [2009/12/11 09:37:34 | 000,088,688 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Cbeyond Secure Desktop\Common\FSHDLL32.EXE
PRC - [2009/12/11 09:36:20 | 000,522,864 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Cbeyond Secure Desktop\FWES\program\fsdfwd.exe
PRC - [2009/12/11 09:35:18 | 000,219,760 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\fsgk32st.exe
PRC - [2009/10/28 16:56:28 | 000,055,808 | ---- | M] (Sanford, L.P.) -- C:\Program Files\DYMO\DYMO Label Software\DLSService.exe
PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/31 14:01:38 | 000,159,744 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/08/27 17:25:52 | 001,662,976 | ---- | M] (D-Link) -- C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
PRC - [2007/01/19 12:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2006/11/03 20:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2004/10/10 23:54:06 | 000,589,824 | R--- | M] (VIA Technologies) -- C:\Program Files\VIA\RAID\raid_tool.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/12 19:34:08 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
MOD - [2014/02/12 19:26:31 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/02/12 19:26:07 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2014/02/02 19:01:54 | 000,487,501 | ---- | M] () -- C:\monitor.exe
MOD - [2013/12/12 19:46:00 | 008,001,344 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\WebUI.dll
MOD - [2013/10/16 23:17:10 | 000,185,168 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\libcurl-4.dll
MOD - [2013/05/16 20:26:52 | 000,145,216 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\zlibwapi.dll
MOD - [2013/05/16 20:26:10 | 000,182,080 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\unrar.dll
MOD - [2013/01/15 19:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\madexcept_.bpl
MOD - [2013/01/15 19:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\maddisAsm_.bpl
MOD - [2013/01/15 19:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\madbasic_.bpl
MOD - [2013/01/15 18:47:50 | 000,517,440 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\sqlite3.dll
MOD - [2011/11/17 14:23:44 | 000,030,888 | ---- | M] () -- C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\minifilter\hashlib_x86.dll
MOD - [2011/02/28 15:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2009/12/11 09:37:40 | 000,088,688 | ---- | M] () -- C:\Program Files\Cbeyond Secure Desktop\Common\OnDemandInstallWatcher.dll
MOD - [2009/12/11 09:37:18 | 000,236,144 | ---- | M] () -- \\?\c:\program files\cbeyond secure desktop\hips\fsumi.dll
MOD - [2009/12/11 09:36:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Cbeyond Secure Desktop\FSGUI\strres.eng
MOD - [2009/12/11 09:35:48 | 000,045,056 | ---- | M] () -- C:\Program Files\Cbeyond Secure Desktop\FSGUI\fsavures.eng
MOD - [2009/12/11 09:35:40 | 000,440,944 | ---- | M] () -- C:\Program Files\Cbeyond Secure Desktop\FSGUI\about.dll
MOD - [2009/12/11 09:35:40 | 000,088,688 | ---- | M] () -- C:\Program Files\Cbeyond Secure Desktop\FSGUI\aboutres.dll
MOD - [2009/12/11 09:35:12 | 000,036,864 | ---- | M] () -- C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\fsavhres.eng
MOD - [2009/12/11 09:34:34 | 000,215,664 | ---- | M] () -- c:\Program Files\Cbeyond Secure Desktop\DAAS2\daas2.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2007/08/20 18:41:12 | 000,233,472 | ---- | M] () -- C:\WINDOWS\system32\WlanApp.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\ucuzgscy\svcboot_dfynbyg.dll -- (svcboot_dfynbyg)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2014/02/21 11:58:05 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/19 13:13:32 | 000,807,800 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2014/02/02 19:00:18 | 000,034,244 | ---- | M] () [Auto | Stopped] -- C:\monitorsvc.exe -- (ProtectMonitor)
SRV - [2014/01/07 23:06:02 | 001,265,608 | ---- | M] (Objectify Media Inc) [On_Demand | Stopped] -- C:\Program Files\Web Protect\PCProtect.exe -- (PCProtect)
SRV - [2013/11/11 18:19:48 | 000,341,824 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2013/06/05 15:03:45 | 000,060,352 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Cbeyond Secure Desktop\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2013/04/18 16:58:08 | 000,574,272 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2013/03/01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/11/15 18:41:18 | 000,249,856 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010/12/21 19:42:50 | 000,148,936 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\Program Files\IDrive\IDriveE Service.exe -- (IDriveE Service)
SRV - [2010/08/25 10:11:06 | 000,050,464 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/04/27 23:36:44 | 000,679,936 | ---- | M] (Intuit, Inc.) [Disabled | Stopped] -- C:\Program Files\Intuit\QuickBooks Enterprise Solutions 11.0\QBDBMgrN.exe -- (QuickBooksDB21)
SRV - [2009/12/11 09:37:36 | 000,186,992 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Cbeyond Secure Desktop\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/12/11 09:36:20 | 000,522,864 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Cbeyond Secure Desktop\FWES\program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/12/11 09:35:18 | 000,219,760 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/19 12:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motusbdevice.sys -- (motusbdevice)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Motousbnet.sys -- (Motousbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motswch.sys -- (MotoSwitchService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\fetnd5.sys -- (FETNDIS)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motfilt.sys -- (BTCFilterService)
DRV - [2014/01/07 23:09:34 | 000,019,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pcwatch.sys -- (pcwatch)
DRV - [2013/11/19 17:10:56 | 000,031,776 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2013/11/19 17:10:56 | 000,017,360 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2013/10/28 12:00:00 | 000,415,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2013/10/18 09:48:28 | 005,444,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2013/10/18 09:48:12 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2013/10/18 09:48:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2013/07/10 08:55:19 | 000,145,856 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2013/03/23 16:51:44 | 000,247,968 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2013/01/07 23:03:19 | 000,016,512 | R--- | M] (Corechip Semiconductor, Inc. Co Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USB_Ethernet_Adaptor.sys -- (USB_Ethernet_Adaptor)
DRV - [2012/12/14 17:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/15 09:16:24 | 000,044,240 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fsbts.sys -- (fsbts)
DRV - [2011/03/28 16:22:30 | 001,034,240 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AE1200xp.sys -- (Linksys_adapter_H)
DRV - [2011/02/11 14:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2010/02/11 14:45:11 | 000,013,696 | ---- | M] (Skyhook Wireless) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wpsnuio.sys -- (Wpsnuio)
DRV - [2009/12/11 09:37:16 | 000,068,080 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\Cbeyond Secure Desktop\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/12/11 09:36:20 | 000,080,016 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fsdfw.sys -- (FSFW)
DRV - [2008/10/17 00:14:00 | 000,030,720 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)
DRV - [2008/05/22 03:34:10 | 000,082,432 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PciPPorts.sys -- (PciPPorts)
DRV - [2008/04/14 05:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/04/13 23:05:30 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2007/07/28 16:21:16 | 000,451,456 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2005/12/11 12:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005/01/28 02:48:58 | 002,310,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/12/16 17:25:24 | 000,075,904 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\viasraid.sys -- (viasraid)
DRV - [2004/08/03 15:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2001/08/17 04:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 04:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\AV, = http://www.altavista...search/web?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\FM, = http://www.filemirro...rch.src?file=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GGL, = http://www.google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSKB, = http://support.microsoft.com/?kbid=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = http://search.msn.com/results.asp?q=%s
IE - HKCU\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\8.8\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)


[2013/05/23 10:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/19 10:37:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/22 13:17:35 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2009/09/22 13:17:35 | 000,126,360 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2009/09/22 13:17:50 | 000,046,408 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\atmccli.dll
[2009/09/22 13:17:55 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2009/09/22 13:17:34 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - Extension: No name found = C:\Documents and Settings\ATS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\
CHR - Extension: No name found = C:\Documents and Settings\ATS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.1_0\

O1 HOSTS File: ([2002/12/31 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\8.8\iobitappsToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Produtools Forms Toolbar) - {76a747b4-edc6-46ff-8a5d-9ae61a889d5b} - C:\Program Files\Produtools_Forms\prxtbPro2.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\8.8\iobitappsToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Produtools Forms Toolbar) - {76a747b4-edc6-46ff-8a5d-9ae61a889d5b} - C:\Program Files\Produtools_Forms\prxtbPro2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [D-Link Wireless G WUA-1340] C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [DLSService] C:\Program Files\DYMO\DYMO Label Software\DLSService.exe (Sanford, L.P.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Cbeyond Secure Desktop\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Cbeyond Secure Desktop\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE File not found
O4 - HKCU..\Run: [braviax] C:\WINDOWS\system32\braviax.exe File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Attendance Rx.lnk = C:\Program Files\Acroprint\Attendance Rx\AttendanceRx.exe (Acroprint Time Recorder Co. (USA).)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\mswsock.dll File not found
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} https://www.cashcall...x86/capicom.dll (Settings Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.co...ploader_v10.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CC0AB0C-6CB3-4B42-8BF7-F5DCE1D32893}: NameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{384639DD-D86A-470A-A5A8-E01F5B9D3E7F}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5916A8F6-0CC0-4290-81C3-5853621DD25E}: NameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B8715F4-DB94-4F7E-8E15-1F496AA0FE13}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D54A83FC-EFB0-4C9A-95D6-D961D4E56F60}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBCE569A-C755-462E-B4AC-A3989D0FC177}: NameServer = 10.0.0.1
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 11.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {8FB2D6CA-E258-48CF-9DAB-EEFB735E225C} - ShellService - No CLSID value found.
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk C:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/09 13:27:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ATS\Desktop\OTL.exe
[2014/03/09 13:27:01 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\ATS\Desktop\aswMBR.exe
[2014/03/09 11:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ATS\Local Settings\Application Data\Sun
[2014/03/09 11:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ATS\Application Data\Sun
[2014/03/08 22:07:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ATS\Local Settings\Application Data\DYMO
[2014/03/08 22:06:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ATS\Application Data\Search Settings
[2014/03/08 22:06:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ATS\Application Data\ControlCenter4
[2014/03/08 22:06:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ATS\Local Settings\Application Data\Scansoft
[2014/03/08 22:05:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ATS\Local Settings\Application Data\Google
[2014/03/08 22:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ATS\LocalLow
[2014/03/08 22:05:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ATS\Application Data\Identities
[2014/03/08 22:04:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ATS\My Documents\My Pictures
[2014/03/08 22:04:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ATS\My Documents\My Music
[2014/03/08 22:04:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ATS\Application Data\IObit
[2014/03/08 22:04:19 | 000,000,000 | --SD | C] -- C:\Documents and Settings\ATS\Application Data\Microsoft
[2014/03/08 22:04:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ATS\SendTo
[2014/03/08 22:04:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ATS\Recent
[2014/03/08 22:04:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ATS\Application Data
[2014/03/08 22:04:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ATS\Start Menu\Programs\Startup
[2014/03/08 22:04:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ATS\Start Menu
[2014/03/08 22:04:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ATS\My Documents
[2014/03/08 22:04:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ATS\Favorites
[2014/03/08 22:04:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ATS\Start Menu\Programs\Accessories
[2014/03/08 22:04:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\ATS\IETldCache
[2014/03/08 22:04:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\ATS\Cookies
[2014/03/08 22:04:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\ATS\Templates
[2014/03/08 22:04:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\ATS\PrintHood
[2014/03/08 22:04:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\ATS\NetHood
[2014/03/08 22:04:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\ATS\Local Settings
[2014/03/08 22:04:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ATS\Local Settings\Application Data\Microsoft
[2014/03/08 22:04:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ATS\Application Data\Macromedia
[2014/03/08 22:04:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ATS\Desktop
[2014/03/08 21:57:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\D-Link
[2014/03/08 21:53:00 | 000,000,000 | ---D | C] -- C:\Program Files\ANI
[2014/03/08 20:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan
[2014/03/08 20:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2014/03/08 16:35:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2014/03/08 15:35:49 | 000,000,000 | ---D | C] -- C:\swsetup
[2014/03/08 15:14:06 | 000,262,144 | ---- | C] (Wireless Service) -- C:\WINDOWS\System32\wnicapi.dll
[2014/03/08 15:14:06 | 000,217,088 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\aIPH.dll
[2014/03/08 15:14:05 | 001,327,189 | ---- | C] (Funk Software, Inc.) -- C:\WINDOWS\System32\odSupp_M.dll
[2014/03/08 15:14:05 | 000,679,936 | ---- | C] (Wireless Service) -- C:\WINDOWS\System32\ANIWZCS2.dll
[2014/03/08 15:14:05 | 000,049,152 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\AQCKGen.dll
[2014/03/08 15:14:05 | 000,045,115 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANICtl.dll
[2014/03/08 15:13:33 | 000,036,864 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIOApi.dll
[2014/03/08 15:13:33 | 000,028,195 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIO.sys
[2014/03/08 15:13:32 | 000,048,128 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIO64.sys
[2014/03/08 15:13:32 | 000,011,904 | ---- | C] (ANI ) -- C:\WINDOWS\System32\anio4.sys
[2014/03/08 15:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\D-Link
[2014/02/28 00:14:44 | 000,451,456 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\Dr71WU.sys
[2014/02/27 23:43:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/02/27 15:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2014/02/27 11:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SparkTrust
[2014/02/27 11:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\SparkTrust
[2014/02/27 11:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SparkTrust
[2014/02/24 17:57:03 | 000,016,512 | R--- | C] (Corechip Semiconductor, Inc. Co Ltd.) -- C:\WINDOWS\System32\drivers\USB_Ethernet_Adaptor.sys
[2014/02/24 14:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2014/02/24 14:00:12 | 000,000,000 | ---D | C] -- C:\Logs
[2014/02/21 11:13:36 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2014/02/21 11:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Apps Toolbar
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users.WINDOWS\Documents\*.tmp files -> C:\Documents and Settings\All Users.WINDOWS\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/09 13:52:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8F10F47D-223A-40E9-9944-20ABE95E7E7D}.job
[2014/03/09 13:32:14 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/09 13:25:35 | 000,466,722 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/09 13:25:35 | 000,082,802 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/09 13:24:48 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2014/03/09 13:24:13 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2014/03/09 13:21:53 | 000,001,194 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/09 13:21:50 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/09 13:21:48 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2014/03/09 13:21:48 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (SmartDrawTrial).job
[2014/03/09 13:21:48 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2014/03/09 13:21:48 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\ASC6_PerformanceMonitor.job
[2014/03/09 13:21:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/09 12:56:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/09 12:40:54 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\ATS\Desktop\aswMBR.exe
[2014/03/09 11:50:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ATS\Desktop\OTL.exe
[2014/03/08 22:40:23 | 000,001,835 | ---- | M] () -- C:\Documents and Settings\ATS\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/08 22:05:36 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\ATS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/08 22:05:24 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\ATS\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2014/03/08 19:30:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\AVG Test Center.job
[2014/03/08 19:00:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\SparkTrust Registration3.job
[2014/03/08 15:15:55 | 000,000,010 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{1A6D1134-4375-4F27-940C-EA1537083911}
[2014/03/08 15:12:58 | 000,001,471 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Wireless Connection Manager.lnk
[2014/03/03 12:51:01 | 000,000,065 | ---- | M] () -- C:\WINDOWS\System32\bd7440n.dat
[2014/03/03 12:47:13 | 000,000,463 | ---- | M] () -- C:\WINDOWS\brwmark.ini
[2014/02/28 00:00:02 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\Regwork.job
[2014/02/27 16:37:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/02/27 11:06:18 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/11 10:28:41 | 000,326,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/02/10 11:02:25 | 000,000,418 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users.WINDOWS\Documents\*.tmp files -> C:\Documents and Settings\All Users.WINDOWS\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/08 22:05:36 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\ATS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/08 22:05:36 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\ATS\Start Menu\Programs\Internet Explorer.lnk
[2014/03/08 22:05:34 | 000,001,835 | ---- | C] () -- C:\Documents and Settings\ATS\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/08 22:05:24 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\ATS\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2014/03/08 22:05:15 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\ATS\Start Menu\Programs\Outlook Express.lnk
[2014/03/08 22:04:20 | 000,001,603 | ---- | C] () -- C:\Documents and Settings\ATS\Start Menu\Programs\Remote Assistance.lnk
[2014/03/08 22:04:20 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\ATS\Start Menu\Programs\Windows Media Player.lnk
[2014/03/08 16:13:16 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2014/03/08 15:14:30 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{1A6D1134-4375-4F27-940C-EA1537083911}
[2014/03/08 15:14:06 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\WlanApp.dll
[2014/03/08 15:14:05 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2014/03/08 15:13:33 | 000,016,997 | ---- | C] () -- C:\WINDOWS\System32\ANIO.VXD
[2014/03/08 15:12:58 | 000,001,471 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Wireless Connection Manager.lnk
[2014/02/27 15:58:49 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2014/02/27 15:55:42 | 000,000,959 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows Defender.lnk
[2014/02/27 11:13:16 | 000,000,448 | ---- | C] () -- C:\WINDOWS\tasks\SparkTrust Registration3.job
[2014/02/27 11:06:18 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/06 15:43:23 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\pcwatch.sys
[2014/02/06 15:43:23 | 000,008,800 | ---- | C] () -- C:\WINDOWS\System32\PCProtect.ini
[2014/02/06 15:43:23 | 000,002,184 | ---- | C] () -- C:\WINDOWS\System32\PCProtectOff.ini
[2013/10/18 09:48:14 | 000,025,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013/06/21 11:36:19 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM11A.DAT
[2013/04/03 15:07:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/03/25 11:20:43 | 000,000,116 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2013/01/17 15:54:42 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll

========== ZeroAccess Check ==========

[2006/01/24 15:29:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/03/02 16:04:03 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/07/24 09:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\APN
[2013/02/06 10:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ask
[2012/10/08 11:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2013
[2013/03/30 12:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CardScan
[2013/03/25 11:20:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2013/06/21 11:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ControlCenter4
[2013/03/30 12:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DYMO
[2013/03/30 12:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DYMO File
[2011/11/17 14:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\f-secure
[2013/03/28 14:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Fighters
[2012/10/05 12:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FilesOpened
[2011/11/17 14:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\fssg
[2014/02/07 10:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
[2009/08/07 11:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Juniper Networks
[2014/02/25 16:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2013/08/01 18:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Motorola
[2013/10/07 10:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MSScanAppDataDir
[2009/11/11 13:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MumboJumbo
[2007/04/05 03:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies
[2013/03/25 11:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nuance
[2013/06/21 11:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PCFaxTx
[2009/08/03 12:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PlayFirst
[2009/07/16 12:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PopCap
[2012/08/06 10:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RegWork
[2009/07/01 18:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft
[2014/03/08 21:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan
[2014/02/27 11:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SparkTrust
[2013/03/25 14:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SQL Anywhere 11
[2013/10/07 11:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SSScanAppDataDir
[2011/06/13 12:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2011/06/13 13:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Time Clock MTS
[2012/02/14 12:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
[2012/02/14 12:01:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2013/03/12 09:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2014/03/08 22:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ATS\Application Data\ControlCenter4
[2014/03/08 22:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ATS\Application Data\IObit
[2014/03/08 22:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ATS\Application Data\Search Settings

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 36 bytes -> C:\IPH.PH:KAVICHS
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DF695222
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:45FE2B4E
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B203B914
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:973896ED
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F8A67568
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C46995DA
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:34BCB6A9
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:ABE30DDB
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C213B3C4

< End of report >
  • 0

#3
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts
Hello Jlurie :welcome:

My name around here is SleepyDude and I will be helping you with your Computer problem. I know that having a computer with problems can be very frustrating but I will do my best to help you fixing the issue.

Sometimes this can be a long process, it's very important that you stay with me and follow all my instructions to the letter until I declare your machine is clean.

I have compiled a list of guidelines you must take in consideration so that the helping process goes smooth for you and for me:

  • Please perform all steps in the order they are listed in each set of instructions
  • Don't install/uninstall any software or run any other cleaning tools besides the ones I ask you to use
    • Running other programs can interfere with the tools we use and have unpredicted results. Also I need to know what is going on with your machine at any time
  • If possible avoid using the computer for other tasks until we finish the cleaning process
    • The reason for this is because it can make the malware infection worst and more difficult to clean. Some malware can download updates from the internet when you use the computer
  • Please don't attach your logs instead Copy & Paste the information to your post unless specifically instructed to do so
  • Please read every post completely before doing anything if you have some doubts or questions please ask before continuing

IMPORTANT: At GeeksToGo we do our best to help you solving the problem but sometimes things don't go as planned. To be safe than sorry you should Backup your important data to a safe place, anywhere except on the computer with problems.

The all fixing process need to be executed from a user account with Administrator privileges also some of the tasks need to be executed in Safe Mode, you should save or print the instructions for use when you don't have access to the forum.

«««»»»

I'm in the process of reviewing your log but in the meantime I would like to see the log called Extras.txt that was generated when you ran OTL. The log should be on the Desktop, if you can't find it don't worry and let me know. Please do not attach the logs, Copy & Paste the contents to your post instead. Thanks.
  • 0

#4
jlurie

jlurie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hi SleepyDude, It is a pleasure to meet you . I work during the day, so I will most likely send you the information you request after 5:00 pm PST.

The reason that I attached the log, I thought that was part of joining up. All logs or infomation will be pasted in this area from now on.

After I get home today I will paste the Extras.txt
  • 0

#5
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts

Hi SleepyDude, It is a pleasure to meet you . I work during the day, so I will most likely send you the information you request after 5:00 pm PST.

The reason that I attached the log, I thought that was part of joining up. All logs or infomation will be pasted in this area from now on.

After I get home today I will paste the Extras.txt

Hi Jlurie,

Don't worry about the attached log you didn't do nothing wrong. We like to have the logs directly on the posts because it makes our work more easy.

Feel free to post whenever you're ready.
  • 0

#6
jlurie

jlurie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hi SleepyDude, Thank you very much for taking on this. Here is the log you asked for


OTL Extras logfile created on: 3/9/2014 1:27:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\ATS\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.95% Memory free
3.84 Gb Paging File | 3.08 Gb Available in Paging File | 80.26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 894.14 Gb Free Space | 95.99% Space Free | Partition Type: NTFS
Drive E: | 3.76 Gb Total Space | 3.71 Gb Free Space | 98.84% Space Free | Partition Type: FAT32

Computer Name: PWICP005 | User Name: ATS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Files Opened\FilesOpened.exe %1 ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"54925:UDP" = 54925:UDP:*:Enabled:BrotherNetwork Scanner

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\FileMaker\FileMaker Pro 5\FileMaker Pro.exe" = C:\Program Files\FileMaker\FileMaker Pro 5\FileMaker Pro.exe:*:Enabled:FileMaker Pro -- (FileMaker, Inc.)
"C:\Program Files\Acroprint\Attendance Rx\AttendanceRx.exe" = C:\Program Files\Acroprint\Attendance Rx\AttendanceRx.exe:*:Enabled:AttendanceRx.exe -- (Acroprint Time Recorder Co. (USA).)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
"C:\Program Files\Intuit\QuickBooks Enterprise Solutions 11.0\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks Enterprise Solutions 11.0\QBDBMgrN.exe:*:Enabled:QuickBooks Enterprise 11.0 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Brother\Brmfl11e\FAXRX.exe" = C:\Program Files\Brother\Brmfl11e\FAXRX.exe:*:Enabled:FAXRX.EXE -- (Brother Industries, Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C3FCE48-6984-11D5-90F8-00E029591716}" = Brother MFL Pro Suite
"{11E0AC7D-6837-4F67-865F-EE1C13D28C38}" = QuickBooks Enterprise Solutions: Professional Services 11.0
"{14374628-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Enterprise Solutions 5.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1EFCFB56-B8BB-4834-AE8E-29EE73FF8611}" = QuickBooks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28D5DC93-4733-472E-944D-9149F9163EA7}" = Attendance Rx
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35827710-D042-428B-A1E5-E20E12D2FEB9}" = SparkTrust PC Cleaner Plus
"{37372D85-4945-4B6B-AC87-7BC5D1AB9F5C}" = Brother MFL-Pro Suite MFC-8910DW
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{4179EBF5-3C77-489E-AE7B-8BA39F828E69}" = DYMO File
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A425F14-0561-11D4-9027-0060089CDAE1}" = FileMaker Pro 5.5
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{54266945-8A11-424D-B20F-4F747A714FBA}" = DV TS
"{565E29BB-5863-46FD-ABF3-8074FBB5BAFF}" = QBFC 4.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71F8EFBF-09AF-418D-91F1-52707CDFA274}" = Microsoft .NET Framework 2.0 Beta
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{795F2EA4-9798-4BA5-B31A-C8F41A124FC8}" = QBFC2
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{967204A8-8CE2-40F5-AD6A-21D8D63DB3A8}" = Attendance Rx
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADD14C0-0C3E-11DF-4823-046C77CD0029}" = Forms Boss Plus 2013
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC7E7905-8C59-4806-A96D-30936A2B1FC5}" = Citrix Online Launcher
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B2A36391-A3A9-4293-88B2-A8263EC7F865}" = IObit Apps Toolbar v8.8
"{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6D36B81-6FA8-4E09-9112-15EF4EE8094D}" = Attendance Rx
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{D895E3FB-45BA-4BBF-BE50-0DEED3CD3F7E}" = Wireless G WUA-1340
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6CF5B58-E775-46C0-BFF2-F39A0014FE4A}" = muvee autoProducer 4.1
"{EA90F101-F332-4841-900A-320F517ABF27}" = QBFC 5.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adams Personnel E-Forms_is1" = Adams Personnel E-Forms 1.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"DYMO Label Software" = DYMO Label Software
"DYMO Label v.8" = DYMO Label v.8
"DYMO QuickBooks Add-In" = DYMO QuickBooks Add-In
"fileopenerpro" = File Opener Pro
"Files Opened" = Files Opened
"F-Secure Product 277" = Cbeyond Secure Desktop
"Glary Utilities_is1" = Glary Utilities 2.29.0.1032
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HRx" = HRx
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IDrive_is1" = IDrive version 3.3.4 January 13, 2011
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"IObit Malware Fighter_is1" = IObit Malware Fighter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Management by Statistics" = Management by Statistics 1.0.11 (5 User)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Beta" = Microsoft .NET Framework 2.0 Beta
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MultiRes (remove only)" = MultiRes (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nmap" = Nmap 5.51
"NVIDIA Drivers" = NVIDIA Drivers
"Nvidia Omega Drivers for Windows 2k-XPv1.6693" = Nvidia Omega Drivers Setup Files
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Produtools_Forms Toolbar" = Produtools Forms Toolbar
"Security Task Manager" = Security Task Manager 1.8g
"Smart Defrag 2_is1" = Smart Defrag 2
"SP46890" = HP Softpaq SP52247
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SpywareBlaster_is1" = SpywareBlaster v3.5.1
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"wp-adk" = Web Protect for Windows

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/9/2014 3:35:55 PM | Computer Name = PWICP005 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2014/03/09 12:35:55.125]: [00002240]: ---- Monitor Thread
OpenBrNetUDP_Server Error ----

Error - 3/9/2014 3:35:55 PM | Computer Name = PWICP005 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2014/03/09 12:35:55.140]: [00002240]: BrNet:: OpenUDP_Server
socket INVALID

Error - 3/9/2014 3:35:55 PM | Computer Name = PWICP005 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2014/03/09 12:35:55.140]: [00002240]: BrMfNet:: OpenUDPServer
Error

Error - 3/9/2014 3:35:55 PM | Computer Name = PWICP005 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2014/03/09 12:35:55.140]: [00002240]: ---- Monitor Thread
OpenBrNetUDP_Server Error ----

Error - 3/9/2014 4:21:31 PM | Computer Name = PWICP005 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2014/03/09 13:21:31.453]: [00002260]: BrNet:: OpenUDP_Server
socket INVALID

Error - 3/9/2014 4:21:31 PM | Computer Name = PWICP005 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2014/03/09 13:21:31.453]: [00002260]: BrMfNet:: OpenUDPServer
Error

Error - 3/9/2014 4:21:31 PM | Computer Name = PWICP005 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2014/03/09 13:21:31.453]: [00002260]: ---- Monitor Thread
OpenBrNetUDP_Server Error ----

Error - 3/9/2014 4:21:31 PM | Computer Name = PWICP005 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2014/03/09 13:21:31.468]: [00002260]: BrNet:: OpenUDP_Server
socket INVALID

Error - 3/9/2014 4:21:31 PM | Computer Name = PWICP005 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2014/03/09 13:21:31.468]: [00002260]: BrMfNet:: OpenUDPServer
Error

Error - 3/9/2014 4:21:31 PM | Computer Name = PWICP005 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2014/03/09 13:21:31.468]: [00002260]: ---- Monitor Thread
OpenBrNetUDP_Server Error ----

[ System Events ]
Error - 3/9/2014 4:06:30 PM | Computer Name = PWICP005 | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%2147952506

Error - 3/9/2014 4:07:00 PM | Computer Name = PWICP005 | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 3/9/2014 4:10:50 PM | Computer Name = PWICP005 | Source = SideBySide | ID = 16842788
Description = The assembly x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a
has missing or invalid files; recovery of this assembly failed.

Error - 3/9/2014 4:10:50 PM | Computer Name = PWICP005 | Source = SideBySide | ID = 16842788
Description = The assembly x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a
has missing or invalid files; recovery of this assembly failed.

Error - 3/9/2014 4:10:55 PM | Computer Name = PWICP005 | Source = SideBySide | ID = 16842788
Description = The assembly x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a
has missing or invalid files; recovery of this assembly failed.

Error - 3/9/2014 4:21:31 PM | Computer Name = PWICP005 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Protect Monitor service
to connect.

Error - 3/9/2014 4:21:31 PM | Computer Name = PWICP005 | Source = Service Control Manager | ID = 7000
Description = The Protect Monitor service failed to start due to the following error:
%%1053

Error - 3/9/2014 4:21:31 PM | Computer Name = PWICP005 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10106

Error - 3/9/2014 4:21:31 PM | Computer Name = PWICP005 | Source = Service Control Manager | ID = 7023
Description = The svcboot_dfynbyg service terminated with the following error: %%126

Error - 3/9/2014 4:21:31 PM | Computer Name = PWICP005 | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%2147952506


< End of report >
  • 0

#7
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts
Hi Jlurie,

I have checked the logs you provided and I found that we have some work to do let's start.


Multiple Antivirus

Your log show that you have several Antivirus and Security programs installed, Cbeyond Secure Desktop, IObit Malware Fighter, Malwarebytes Anti-Malware, Spybot - Search & Destroy and SpywareBlaster!

Contrary to what some people think, having more than one antivirus program doesn't give you more protection. With several Real-Time protections active the computer becomes slower accessing files and could crash due to resource conflicting, also you could get False Alarms when one AV starts identifying as virus the files from the other antivirus program. On next steps I will ask you to remove some of those programs.

!!! Registry Optimizer/Cleaner !!!
You have a program named SparkTrust PC Cleaner Plus and others on your computer that are supposedly registry Optimizers/cleaners. A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable. At Geeks to Go we strongly advise that users don't use this kind of sketchy programs. If you have doubts about this please read Registry Junk: A Windows Fact of Life by Mark Russinovich’s, Mark is a well know Windows specialist that works now for Microsoft.
You can read more about this type of programs here from one of our members.



Step 1 - Uninstall Programs

Besides the Antivirus programs you have also some adware programs installed and outdated ones that need to be removed.

Please open Start > Control Panel > then Add or Remove Programs, locate these programs on the list and uninstall them:
  • IObit Malware Fighter
  • Spybot - Search & Destroy
  • SpywareBlaster
  • Produtools Forms Toolbar (Ad-aware)
  • Web Protect for Windows
  • Files Opened
  • J2SE Runtime Environment 5.0 Update 6 (Outdated and vulnerable)

    Optional removals but highly recommended:
  • SparkTrust PC Cleaner Plus
  • Advanced SystemCare 6
  • IObit Apps Toolbar v8.8 (Considered foistware)
  • IObit Malware Fighter
  • Smart Defrag 2
Notes:
- If you can't uninstall any of the programs on the list don't worry we will remove it latter just move to the next item.
- After the programs have been uninstalled Reboot the computer. If requested by the uninstallers reboot the computer between uninstalls.

Before proceeding to the next step please let me know if you want to keep any of those programs listed above! If not go ahead and apply the fix.


Step 2 - Run OTL Fix

!!! WARNING !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...

ATTENTION: Before running this fix please disable Malwarebytes the programs includes some protection modules that prevents many changes to the system and will attempt to undo any fixes we run.
In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable both programs by following the directions on this link.


  • Double click on the OTL icon Posted Image to execute the tool. Make sure all other windows are closed.
    Do not change any other settings unless otherwise told to do so.
  • Under the Posted Image box at the bottom, paste in the following:
    :Commands
    [CreateRestorePoint]
    
    :OTL
    SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\ucuzgscy\svcboot_dfynbyg.dll -- (svcboot_dfynbyg)
    SRV - [2014/02/19 13:13:32 | 000,807,800 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    SRV - [2014/01/07 23:06:02 | 001,265,608 | ---- | M] (Objectify Media Inc) [On_Demand | Stopped] -- C:\Program Files\Web Protect\PCProtect.exe -- (PCProtect)
    SRV - [2013/11/11 18:19:48 | 000,341,824 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
    DRV - [2013/11/19 17:10:56 | 000,031,776 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
    DRV - [2013/11/19 17:10:56 | 000,017,360 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
    DRV - [2013/03/23 16:51:44 | 000,247,968 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
    IE - HKCU\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\8.8\iobitappsToolbarIE.dll (Spigot, Inc.)
    FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found
    CHR - Extension: No name found = C:\Documents and Settings\ATS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.1_0\
    O2 - BHO: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\8.8\iobitappsToolbarIE.dll (Spigot, Inc.)
    O2 - BHO: (Produtools Forms Toolbar) - {76a747b4-edc6-46ff-8a5d-9ae61a889d5b} - C:\Program Files\Produtools_Forms\prxtbPro2.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\8.8\iobitappsToolbarIE.dll (Spigot, Inc.)
    O3 - HKLM\..\Toolbar: (Produtools Forms Toolbar) - {76a747b4-edc6-46ff-8a5d-9ae61a889d5b} - C:\Program Files\Produtools_Forms\prxtbPro2.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
    O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
    O4 - HKCU..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE File not found
    O4 - HKCU..\Run: [braviax] C:\WINDOWS\system32\braviax.exe File not found
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\mswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\mswsock.dll File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} https://www.cashcall...x86/capicom.dll (Settings Class)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.co...ploader_v10.cab (PopCapLoader Object)
    O20 - AppInit_DLLs: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - File not found
    O22 - SharedTaskScheduler: {8FB2D6CA-E258-48CF-9DAB-EEFB735E225C} - ShellService - No CLSID value found.
    [2014/03/08 22:06:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ATS\Application Data\Search Settings
    [2014/02/27 11:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SparkTrust
    [2014/02/27 11:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\SparkTrust
    [2014/02/27 11:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SparkTrust
    [2014/02/21 11:13:36 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
    [2014/02/21 11:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Apps Toolbar
    [2014/03/08 19:30:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\AVG Test Center.job
    [2014/03/08 19:00:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\SparkTrust Registration3.job
    [2014/02/28 00:00:02 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\Regwork.job
    [2014/02/27 11:13:16 | 000,000,448 | ---- | C] () -- C:\WINDOWS\tasks\SparkTrust Registration3.job
    [2014/02/07 10:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
    [2012/08/06 10:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RegWork
    [2014/02/27 11:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SparkTrust
    [2012/02/14 12:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
    [2014/03/08 22:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ATS\Application Data\IObit
    [2014/03/08 22:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ATS\Application Data\Search Settings
    
    :Files
    C:\Program Files\Common Files\Spigot
    C:\Program Files\IObit
    C:\WINDOWS\system32\ucuzgscy
    C:\Program Files\Web Protect
    C:\Program Files\FunWebProducts
    C:\Documents and Settings\ATS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
    C:\Program Files\Produtools_Forms
    C:\PROGRA~1\Grisoft
    C:\Program Files\Java\jre1.5.0_06
    C:\PROGRA~1\SearchProtect
    netsh winsock reset /c
    netsh int ip reset c:\resetlog.txt /c
    ipconfig /release /c 
    ipconfig /flushdns /c 
    ipconfig /renew /c 
    
    :Commands
    [EmptyTemp]
    [Reboot]
    
  • click the Posted Image button at the top. Let the program run uninterrupted.
  • click OK
Notes:
  • When OTL executes the Fix it can shutdown all running processes and you may lose the Desktop and icons, but they will return on reboot
  • OTL may ask to reboot the machine. Please accept right away.
  • The report should appear in Notepad after the reboot. Copy & Paste that report in your next reply and not as attachment.
  • The OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - where mmddyyy _hhmmss is the date and time when the fix run.


Step 3 - Scan with AdwCleaner

Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
    (When the Tool opens for the first time you have to accept the Terms of use - click J'accepte)
    Posted Image
  • Click the Scan button and wait for the program to finish.
  • For now click the Report button, Notepad will open please copy/paste the generated log to your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt



Things I would like to see in your next reply:
  • Any problem uninstalling the programs?
  • The OTL Fix log
  • AdwCleaner log AdwCleaner[R0].txt

  • 0

#8
jlurie

jlurie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hi SleepyDude,

I could not remove the jse runtime updater and iobit tool bar thing. Below is the two text files that you wanted to see. There now is a yellow caution sign on the network connection thing. Thank you again for your help.


OTL fix results

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named svcboot_dfynbyg was found to stop!
Service\Driver key svcboot_dfynbyg not found.
File C:\WINDOWS\system32\ucuzgscy\svcboot_dfynbyg.dll not found.
Error: No service named Application Updater was found to stop!
Service\Driver key Application Updater not found.
File C:\Program Files\Application Updater\ApplicationUpdater.exe not found.
Service PCProtect stopped successfully!
Service PCProtect deleted successfully!
File move failed. C:\Program Files\Web Protect\PCProtect.exe scheduled to be moved on reboot.
Error: No service named IMFservice was found to stop!
Service\Driver key IMFservice not found.
File C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe not found.
Error: No service named RegFilter was found to stop!
Service\Driver key RegFilter not found.
File C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys not found.
Error: No service named UrlFilter was found to stop!
Service\Driver key UrlFilter not found.
File C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys not found.
Error: No service named FileMonitor was found to stop!
Service\Driver key FileMonitor not found.
File C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}\ not found.
File C:\Program Files\IObit Apps Toolbar\IE\8.8\iobitappsToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@funwebproducts.com/Plugin\ not found.
File C:\Documents and Settings\ATS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.1_0 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}\ not found.
File C:\Program Files\IObit Apps Toolbar\IE\8.8\iobitappsToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76a747b4-edc6-46ff-8a5d-9ae61a889d5b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76a747b4-edc6-46ff-8a5d-9ae61a889d5b}\ not found.
File C:\Program Files\Produtools_Forms\prxtbPro2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}\ not found.
File C:\Program Files\IObit Apps Toolbar\IE\8.8\iobitappsToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{76a747b4-edc6-46ff-8a5d-9ae61a889d5b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76a747b4-edc6-46ff-8a5d-9ae61a889d5b}\ not found.
File C:\Program Files\Produtools_Forms\prxtbPro2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IObit Malware Fighter not found.
File C:\Program Files\IObit\IObit Malware Fighter\IMF.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings not found.
File C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AVG7_Run not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\braviax not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
File C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016\ scheduled to be deleted on reboot.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {A996E48C-D3DC-4244-89F7-AFA33EC60679}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A996E48C-D3DC-4244-89F7-AFA33EC60679}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A996E48C-D3DC-4244-89F7-AFA33EC60679}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A996E48C-D3DC-4244-89F7-AFA33EC60679}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A996E48C-D3DC-4244-89F7-AFA33EC60679}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{8FB2D6CA-E258-48CF-9DAB-EEFB735E225C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FB2D6CA-E258-48CF-9DAB-EEFB735E225C}\ not found.
Folder C:\Documents and Settings\ATS\Application Data\Search Settings\ not found.
Folder C:\Program Files\Common Files\SparkTrust\ not found.
Folder C:\Program Files\SparkTrust\ not found.
Folder C:\Documents and Settings\All Users.WINDOWS\Application Data\SparkTrust\ not found.
Folder C:\Program Files\Application Updater\ not found.
Folder C:\Program Files\IObit Apps Toolbar\ not found.
File C:\WINDOWS\tasks\AVG Test Center.job not found.
File C:\WINDOWS\tasks\SparkTrust Registration3.job not found.
File C:\WINDOWS\tasks\Regwork.job not found.
File C:\WINDOWS\tasks\SparkTrust Registration3.job not found.
Folder C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit\ not found.
Folder C:\Documents and Settings\All Users.WINDOWS\Application Data\RegWork\ not found.
Folder C:\Documents and Settings\All Users.WINDOWS\Application Data\SparkTrust\ not found.
Folder C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software\ not found.
Folder C:\Documents and Settings\ATS\Application Data\IObit\ not found.
Folder C:\Documents and Settings\ATS\Application Data\Search Settings\ not found.
========== FILES ==========
File\Folder C:\Program Files\Common Files\Spigot not found.
File\Folder C:\Program Files\IObit not found.
C:\WINDOWS\system32\ucuzgscy\cache\S-1-5-21-1060284298-776561741-725345543-1004\Default folder moved successfully.
C:\WINDOWS\system32\ucuzgscy\cache\S-1-5-21-1060284298-776561741-725345543-1004 folder moved successfully.
C:\WINDOWS\system32\ucuzgscy\cache folder moved successfully.
C:\WINDOWS\system32\ucuzgscy folder moved successfully.
Folder move failed. C:\Program Files\Web Protect scheduled to be moved on reboot.
File\Folder C:\Program Files\FunWebProducts not found.
File\Folder C:\Documents and Settings\ATS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj not found.
File\Folder C:\Program Files\Produtools_Forms not found.
File\Folder C:\PROGRA~1\Grisoft not found.
File\Folder C:\Program Files\Java\jre1.5.0_06 not found.
File\Folder C:\PROGRA~1\SearchProtect not found.
< netsh winsock reset /c >
Unable to reset the Winsock Catalog.
Access is denied.
C:\Documents and Settings\ATS\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\ATS\Desktop\cmd.txt deleted successfully.
< netsh int ip reset c:\resetlog.txt /c >
C:\Documents and Settings\ATS\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\ATS\Desktop\cmd.txt deleted successfully.
< ipconfig /release /c >
Windows IP Configuration
Ethernet adapter Local Area Connection 7:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
C:\Documents and Settings\ATS\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\ATS\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\ATS\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\ATS\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
An error occurred while renewing interface Local Area Connection 7 : The requested service provider could not be loaded or initialized.
C:\Documents and Settings\ATS\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\ATS\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: ATS
->Temp folder emptied: 972241 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: j.paguio
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: MSHELLMAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: test
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 86499 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03152014_164942

Files\Folders moved on Reboot...
File move failed. C:\Program Files\Web Protect\PCProtect.exe scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Web Protect scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_d34.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016\ scheduled to be deleted on reboot.

AdwCleaner results


# AdwCleaner v3.022 - Report created 15/03/2014 at 17:03:00
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : ATS - PWICP005
# Running from : C:\Documents and Settings\ATS\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\MSHELLMAN\Application Data\Mozilla\Firefox\Profiles\0n3sz15j.default\searchplugins\Askcom.xml
File Found : C:\Documents and Settings\MSHELLMAN\Application Data\Mozilla\Firefox\Profiles\0n3sz15j.default\searchplugins\conduit-search.xml
File Found : C:\Documents and Settings\MSHELLMAN\Application Data\Mozilla\Firefox\Profiles\0n3sz15j.default\user.js
Folder Found : C:\Documents and Settings\ATS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod
Folder Found : C:\Documents and Settings\MSHELLMAN\Application Data\Mozilla\Firefox\Profiles\0n3sz15j.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Documents and Settings\MSHELLMAN\Application Data\Mozilla\Firefox\Profiles\0n3sz15j.default\Extensions\[email protected]
Folder Found : C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod
Folder Found : C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Folder Found : C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Folder Found : C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Folder Found : C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
Folder Found C:\Documents and Settings\All Users.WINDOWS\Application Data\apn
Folder Found C:\Documents and Settings\All Users.WINDOWS\Application Data\Ask
Folder Found C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
Folder Found C:\Documents and Settings\MSHELLMAN\Application Data\DriverCure
Folder Found C:\Documents and Settings\MSHELLMAN\Application Data\iWin
Folder Found C:\Documents and Settings\MSHELLMAN\Application Data\Search Settings
Folder Found C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Conduit
Folder Found C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\PackageAware
Folder Found C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\SearchProtect
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\fileopenerpro
Folder Found C:\Program Files\Moozy
Folder Found C:\Program Files\Viewpoint
Folder Found C:\Program Files\Web Protect

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKCU\Software\Search Settings
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3209602
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Search Settings
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\Trymedia Systems

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v32.0.1700.107

[ File : C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\ATS\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5591 octets] - [15/03/2014 17:03:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5651 octets] ##########
  • 0

#9
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts
Hi,

I could not remove the jse runtime updater and iobit tool bar thing. Below is the two text files that you wanted to see. There now is a yellow caution sign on the network connection thing. Thank you again for your help.

Ok I will check if there are traces of both in the next logs. The network connection isn't fixed yet, we need to do some more work on that but first there are some malware to remove.


Please tell me, is the computer connected by Ethernet Cable or Wireless?


Step 1 - AdwCleaner Remove

  • Close all open windows and browsers
  • Execute AdwCleaner by double clicking the icon Posted Image you have on the Desktop
    Posted Image
  • Click the Scan button and wait for the scan to finish, only then the Clean button becomes active
  • Click the Clean button and wait, once done it may ask to reboot, allow it.
  • On reboot a log will be presented please copy/paste that in your next reply. The report is saved to C:\AdwCleaner\AdwCleaner[S0].txt


Step 2 - Junkware Removal Tool (JRT)

Download JRT to your Desktop
  • Disable your AntiVirus and AntiSpyware applications
    (If you have difficulty properly disabling your security programs, refer to this link.)
  • Double click on the icon Posted Image to run the tool. Make sure all other windows are closed & follow the prompts.
    (The tool will start scanning your system please be patient as this can take a while to complete depending on your system's specifications and the program you have installed)
  • On completion Notepad will open showing the log JRT.txt (the log is saved to your desktop). Please copy and paste its contents on your next reply
  • Enable your AntiVirus and AntiSpyware applications


Step 3 - Custom OTL Scan

  • Execute OTL by double clicking the icon Posted Image. Make sure all other windows are closed.
    (On Windows Vista or higher right click the file, select Run as Administrator and accept the Security Warning.)
    Posted Image
  • Do not change any other settings and tick only the following check box's:
    • Scan All Users
    • LOP Check
    • Purity Check
  • on the Posted Image box paste this:
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    %programfiles%\Google\Desktop\*.* /S /64
    %programfiles%\Google\Desktop\*.* /S
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    mswsock.dll
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
    
  • Click the Run Scan button. Let the program run uninterrupted, the scan won't take long.
    • When the scan completes, it will open notepad with OTL.Txt. The file is saved on the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the file and post in your topic.


Things I would like to see in your next reply:
  • AdwCleaner log AdwCleaner[S0].txt
  • The JRT.txt log
  • The new OTL log

  • 0

#10
jlurie

jlurie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hi SleepyDude,When I run the OTL I get a error: Access violation at address 0052DFB7 in module'OTL.exe'. Read of address 00000000. Then the scan stops and freezes.

Below is the adwCleaner log:

# AdwCleaner v3.022 - Report created 15/03/2014 at 17:06:20
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : ATS - PWICP005
# Running from : C:\Documents and Settings\ATS\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\apn
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\fileopenerpro
Folder Deleted : C:\Program Files\Moozy
Folder Deleted : C:\Program Files\Viewpoint
[!] Folder Deleted : C:\Program Files\Web Protect
Folder Deleted : C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\MSHELLMAN\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\MSHELLMAN\Application Data\iWin
Folder Deleted : C:\Documents and Settings\MSHELLMAN\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\MSHELLMAN\Application Data\Mozilla\Firefox\Profiles\0n3sz15j.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Documents and Settings\MSHELLMAN\Application Data\Mozilla\Firefox\Profiles\0n3sz15j.default\Extensions\[email protected]
[!] Folder Deleted : C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod
[!] Folder Deleted : C:\Documents and Settings\ATS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod
[!] Folder Deleted : C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Folder Deleted : C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
[!] Folder Deleted : C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
[!] Folder Deleted : C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
File Deleted : C:\Documents and Settings\MSHELLMAN\Application Data\Mozilla\Firefox\Profiles\0n3sz15j.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\MSHELLMAN\Application Data\Mozilla\Firefox\Profiles\0n3sz15j.default\searchplugins\conduit-search.xml
File Deleted : C:\Documents and Settings\MSHELLMAN\Application Data\Mozilla\Firefox\Profiles\0n3sz15j.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3209602
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v32.0.1700.107

[ File : C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\ATS\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5731 octets] - [15/03/2014 17:03:00]
AdwCleaner[S0].txt - [5812 octets] - [15/03/2014 17:06:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5872 octets] ##########

Here is the JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by ATS on Sun 03/16/2014 at 14:35:38.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sparktrust



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users.WINDOWS\application data\fighters"
Successfully deleted: [Folder] "C:\Program Files\fighters"
Successfully deleted: [Folder] "C:\Program Files\productivity_3.1"
Successfully deleted: [Folder] "C:\Program Files\regwork"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/16/2014 at 14:41:58.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

Advertisements


#11
jlurie

jlurie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I have a cable going to my machine. When I tried to use a wireless adapter is still did not work.
  • 0

#12
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts

I have a cable going to my machine. When I tried to use a wireless adapter is still did not work.

Hi,

Keep the cable connected for now. Can you try OTL one more time please, run the tool and click the Quick Scan button.

Post the otl.txt log.
  • 0

#13
jlurie

jlurie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hi SleepyDude, OTL still fails.
  • 0

#14
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts
Hi,

Let's take some precautions to make sure none of your computers is infected by using the flash drive to move files between them and scan using a different tool.


Step 1 - Install MCShield

  • Download MCShield
  • install the program and accept all the defaults, on the last step of installation click Run to start the program, update and do a system scan
    Posted Image
  • After the initial scan the MCShield Control Center will open, click Scanner and check the box Always unhide items on flash drives
  • click OK to close the window. MCShield is now protecting your computer and the program can be accessed by right clicking the blue shield residing on the system tray near the clock.
  • connect the flash drive or external disk and wait for a pop-up notification with the MCShield scan result
  • collect the scanning logs, click Start > All Programs > MCShield > Logs > AllScans
  • Notepad will open with AllScans.txt log, please copy (Edit->Select All, Edit->Copy) the full contents of the file and post in your topic


Step 2 - Farbar Recovery Scan Tool (FRST)

  • Download FRSTand save it to the Desktop.
  • Execute FRST by double click on the icon Posted Image. Make sure all other windows are closed.
    (When the Tool opens for the first time you must click Yes on the disclaimer.)
    Posted Image
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the Tool is run from.
  • The first time the Tool is run, it makes also another log (Addition.txt).
  • Please copy and paste the logs to your post.


Things I would like to see in your next reply:
  • The AllScans.txt log
  • The FRST.txt log and Addition.txt

  • 0

#15
jlurie

jlurie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hi SleepyDude, below is the allscans log

>>> MCShield AllScans.txt <<<

-----------------------------




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.4.27 / DB: 2014.2.2.1 / Windows XP <<<


3/18/2014 8:51:27 PM > Drive C: - scan started (MAIN ~932 GB, NTFS HDD )...



=> The drive is clean.


3/18/2014 8:51:28 PM > Drive E: - scan started (OCZ RALLY2 ~3846 MB, FAT32 flash drive )...


>>> E:\FSS.exe - Malware > Deleted. (14.03.18. 20.51 FSS.exe.182934; MD5: 6f78f3d1b2936204b5c834f0dd1c0b6e)

>>> E:\ATS\FSS.exe - Malware > Deleted. (14.03.18. 20.51 FSS.exe.358131; MD5: 6f78f3d1b2936204b5c834f0dd1c0b6e)

>>> E:\ATS\ATS\FSS.exe - Malware > Deleted. (14.03.18. 20.51 FSS.exe.357442; MD5: 6f78f3d1b2936204b5c834f0dd1c0b6e)


=> Malicious files : 3/3 deleted.

____________________________________________

::::: Scan duration: 4sec ::::::::::::::::::
____________________________________________




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.4.27 / DB: 2014.2.2.1 / Windows XP <<<


3/18/2014 8:55:43 PM > Drive C: - scan started (MAIN ~932 GB, NTFS HDD )...



=> The drive is clean.


3/18/2014 8:55:43 PM > Drive E: - scan started (OCZ RALLY2 ~3846 MB, FAT32 flash drive )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.4.27 / DB: 2014.2.2.1 / Windows XP <<<


3/18/2014 8:57:53 PM > Drive C: - scan started (MAIN ~932 GB, NTFS HDD )...



=> The drive is clean.


3/18/2014 8:57:54 PM > Drive E: - scan started (OCZ RALLY2 ~3846 MB, FAT32 flash drive )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.4.27 / DB: 2014.2.2.1 / Windows XP <<<


3/18/2014 9:03:22 PM > Drive E: - scan started (OCZ RALLY2 ~3846 MB, FAT32 flash drive )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.4.27 / DB: 2014.2.2.1 / Windows XP <<<


3/18/2014 9:03:32 PM > Drive C: - scan started (MAIN ~932 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.4.27 / DB: 2014.2.2.1 / Windows XP <<<


3/18/2014 9:08:13 PM > Drive E: - scan started (OCZ RALLY2 ~3846 MB, FAT32 flash drive )...



=> The drive is clean.



FRST log is below


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by ATS (administrator) on PWICP005 on 18-03-2014 21:09:38
Running from C:\Documents and Settings\ATS\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(brother Industries Ltd) C:\WINDOWS\system32\brsvc01a.exe
(brother Industries Ltd) C:\WINDOWS\system32\brss01a.exe
(Pro Softnet Corporation) C:\Program Files\IDrive\IDriveE Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\monitor.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(VIA Technologies) C:\Program Files\VIA\RAID\raid_tool.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Sanford, L.P.) C:\Program Files\DYMO\DYMO Label Software\DLSService.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(D-Link) C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
(Wireless Service) C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RaidTool] - C:\Program Files\VIA\RAID\raid_tool.exe [589824 2004-10-10] (VIA Technologies)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [4620288 2004-10-29] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMcTray.dll [86016 2004-10-29] (NVIDIA Corporation)
HKLM\...\Run: [ControlCenter2.0] - C:\Program Files\Brother\ControlCenter2\brctrcen.exe [77824 2007-10-30] (Brother Industries, Ltd.)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [745472 2009-02-10] (Brother Industries, Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [1394440 2010-08-09] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [DLSService] - C:\Program Files\DYMO\DYMO Label Software\DLSService.exe [55808 2009-10-28] (Sanford, L.P.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [77824 2007-10-30] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter4] - C:\Program Files\ControlCenter4\BrCcBoot.exe [143360 2012-01-13] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2678784 2011-10-18] (Brother Industries, Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [D-Link Wireless G WUA-1340] - C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe [1662976 2007-08-27] (D-Link)
HKLM\...\Run: [ANIWZCS2Service] - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [49152 2007-01-19] (Wireless Service)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20143688 2013-10-18] (Realtek Semiconductor Corp.)
HKU\.DEFAULT\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1060284298-776561741-725345543-1008\...\Run: [MCShield Monitor] - C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-02-01] (MyCity)
HKU\S-1-5-21-1060284298-776561741-725345543-1008\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Attendance Rx.lnk

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 11.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: linkscanner - No CLSID Value -
Handler: livecall - No CLSID Value -
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - No CLSID Value -
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\WINDOWS\system32\PCProtect.dll File Not found ()
Winsock: Catalog9 02 C:\WINDOWS\system32\PCProtect.dll File Not found ()
Winsock: Catalog9 16 C:\WINDOWS\system32\PCProtect.dll File Not found ()

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

S2 ANIWZCSdService; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [49152 2007-01-19] (Wireless Service)
R2 Brother XP spl Service; C:\WINDOWS\system32\brsvc01a.exe [57344 2001-11-22] (brother Industries Ltd)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [249856 2011-11-15] (Brother Industries, Ltd.)
R2 IDriveE Service; C:\Program Files\IDrive\IDriveE Service.exe [148936 2010-12-21] (Pro Softnet Corporation)
S3 PCProtect; C:\Program Files\Web Protect\PCProtect.exe [1265608 2014-01-07] (Objectify Media Inc)
S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-02-02] ()
S4 QuickBooksDB21; C:\Program Files\Intuit\QuickBooks Enterprise Solutions 11.0\QBDBMgrN.exe [679936 2010-04-27] (Intuit, Inc.)
S4 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [X]

==================== Drivers (Whitelisted) ====================

S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2310272 2005-01-28] (Realtek Semiconductor Corp.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2013-10-18] (Creative)
S3 AN983; C:\WINDOWS\System32\DRIVERS\AN983.sys [36224 2008-04-13] (ADMtek Incorporated.)
R2 ANIO; C:\WINDOWS\system32\ANIO.SYS [28195 2005-12-11] (Alpha Networks Inc.)
R3 AtcL002; C:\WINDOWS\System32\DRIVERS\l251x86.sys [30720 2008-10-17] (Atheros Communications, Inc.)
S3 brfilt; C:\WINDOWS\System32\Drivers\Brfilt.sys [2944 2001-08-17] (Brother Industries Ltd.)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-14] (Brother Industries Ltd.)
S3 BrUsbScn; C:\WINDOWS\System32\Drivers\BrUsbScn.sys [10368 2001-08-17] (Brother Industries Ltd.)
S3 FETND5BV; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [42496 2004-12-16] (VIA Technologies, Inc. )
S3 Linksys_adapter_H; C:\WINDOWS\System32\DRIVERS\AE1200xp.sys [1034240 2011-03-28] (Broadcom Corporation)
S3 mf; C:\WINDOWS\System32\DRIVERS\mf.sys [63744 2008-04-14] (Microsoft Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2013-10-18] (Creative Technology Ltd.)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
S3 PciPPorts; C:\WINDOWS\System32\DRIVERS\PciPPorts.sys [82432 2008-05-22] ()
R1 pcwatch; C:\WINDOWS\system32\Drivers\pcwatch.sys [19840 2014-01-07] ()
S3 RT73; C:\WINDOWS\System32\DRIVERS\Dr71WU.sys [451456 2007-07-28] (Ralink Technology, Corp.)
S3 USB_Ethernet_Adaptor; C:\WINDOWS\System32\DRIVERS\USB_Ethernet_Adaptor.sys [16512 2013-01-07] (Corechip Semiconductor, Inc. Co Ltd.)
R0 viamraid; C:\WINDOWS\System32\DRIVERS\viamraid.sys [60672 2004-07-06] (VIA Technologies inc,.ltd)
S0 viasraid; C:\WINDOWS\system32\Drivers\viasraid.sys [75904 2004-12-16] (VIA Technologies inc,.ltd)
R2 Wpsnuio; C:\WINDOWS\System32\DRIVERS\wpsnuio.sys [13696 2010-02-11] (Skyhook Wireless)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 FETNDIS; system32\DRIVERS\fetnd5.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-18 21:09 - 2014-03-18 21:09 - 00011833 _____ () C:\Documents and Settings\ATS\Desktop\FRST.txt
2014-03-18 21:09 - 2014-03-18 21:09 - 00000000 ____D () C:\FRST
2014-03-18 21:09 - 2014-03-18 21:06 - 01145856 _____ (Farbar) C:\Documents and Settings\ATS\Desktop\FRST.exe
2014-03-18 20:50 - 2014-03-18 21:08 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\MCShield
2014-03-18 20:50 - 2014-03-18 20:57 - 00000000 ____D () C:\Program Files\MCShield
2014-03-18 20:50 - 2014-03-18 20:50 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\MCShield
2014-03-18 20:50 - 2014-03-18 20:47 - 02846904 _____ (MyCity) C:\Documents and Settings\ATS\Desktop\MCShield-Setup.exe
2014-03-17 17:47 - 2014-03-09 11:50 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\ATS\Desktop\OTL.exe
2014-03-16 14:35 - 2014-03-16 14:35 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-16 14:32 - 2014-03-16 14:25 - 01037734 _____ (Thisisu) C:\Documents and Settings\ATS\Desktop\JRT.exe
2014-03-15 17:02 - 2014-03-16 14:34 - 00000000 ____D () C:\AdwCleaner
2014-03-14 18:42 - 2014-03-14 18:42 - 00000000 ____D () C:\Documents and Settings\ATS\Application Data\Google
2014-03-14 18:37 - 2014-03-14 18:37 - 00000000 ____D () C:\Documents and Settings\ATS\Application Data\Malwarebytes
2014-03-14 18:27 - 2014-03-14 18:27 - 00000000 ____D () C:\Documents and Settings\ATS\Application Data\Apple Computer
2014-03-14 18:21 - 2014-03-14 18:21 - 00005119 _____ () C:\WINDOWS\fwesinst.log
2014-03-14 18:21 - 2014-03-14 18:21 - 00003841 _____ () C:\WINDOWS\FSGKIAIN.log
2014-03-14 18:21 - 2014-03-14 18:21 - 00001651 _____ () C:\WINDOWS\FSLDIN.LOG
2014-03-14 18:21 - 2014-03-14 18:21 - 00001418 _____ () C:\WINDOWS\FSPSUNI.LOG
2014-03-14 18:21 - 2014-03-14 18:21 - 00001256 _____ () C:\WINDOWS\fsdgunst.log
2014-03-14 18:21 - 2014-03-14 18:21 - 00000756 _____ () C:\WINDOWS\daasunin.LOG
2014-03-14 18:21 - 2014-03-14 18:21 - 00000743 _____ () C:\WINDOWS\FSGUIINS.LOG
2014-03-14 18:21 - 2014-03-14 18:21 - 00000689 _____ () C:\WINDOWS\HELPINST.LOG
2014-03-14 18:21 - 2014-03-14 18:21 - 00000659 _____ () C:\WINDOWS\fstnbins.LOG
2014-03-14 18:20 - 2014-03-14 18:21 - 40118393 _____ () C:\WINDOWS\FSISU.log
2014-03-14 18:20 - 2014-03-14 18:21 - 00711487 _____ () C:\WINDOWS\FSDEPH.log
2014-03-14 18:20 - 2014-03-14 18:21 - 00620540 _____ () C:\WINDOWS\FSUNINST.log
2014-03-14 18:20 - 2014-03-14 18:21 - 00071106 _____ () C:\WINDOWS\uninstaller.log
2014-03-14 18:20 - 2014-03-14 18:21 - 00017022 _____ () C:\WINDOWS\FSAUA_UN.LOG
2014-03-14 18:20 - 2014-03-14 18:20 - 00024555 _____ () C:\WINDOWS\fsavunin.log
2014-03-14 18:20 - 2014-03-14 18:20 - 00004837 _____ () C:\WINDOWS\fwinst.log
2014-03-14 18:20 - 2014-03-14 18:20 - 00001612 _____ () C:\WINDOWS\FSASWUNI.LOG
2014-03-14 18:20 - 2014-03-14 18:20 - 00001241 _____ () C:\WINDOWS\FSGEMINST.LOG
2014-03-14 18:20 - 2014-03-14 18:20 - 00000110 _____ () C:\WINDOWS\FSAVES_inst.log
2014-03-10 21:27 - 2014-03-16 14:46 - 00000000 ____D () C:\Documents and Settings\ATS\Desktop\work in progress
2014-03-09 15:11 - 2014-03-09 15:11 - 00047142 _____ () C:\ComboFix.txt
2014-03-09 14:45 - 2014-03-09 15:11 - 00000000 ____D () C:\ComboFix
2014-03-09 14:45 - 2011-06-25 23:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-03-09 14:45 - 2010-11-07 10:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-03-09 14:45 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-03-09 14:45 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-03-09 14:45 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-03-09 14:45 - 2000-08-30 17:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-03-09 14:45 - 2000-08-30 17:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-03-09 14:45 - 2000-08-30 17:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-03-09 14:45 - 2000-08-30 17:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-03-09 14:44 - 2014-03-09 15:11 - 00000000 ____D () C:\Qoobox
2014-03-09 14:44 - 2014-03-09 15:09 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-09 14:15 - 2014-03-09 14:15 - 00000000 ____D () C:\_OTL
2014-03-09 12:58 - 2014-03-09 12:40 - 04745728 _____ (AVAST Software) C:\Documents and Settings\MSHELLMAN\Desktop\aswMBR.exe
2014-03-09 11:52 - 2014-03-09 11:52 - 00000000 ____D () C:\Documents and Settings\ATS\Local Settings\Application Data\Sun
2014-03-09 11:52 - 2014-03-09 11:52 - 00000000 ____D () C:\Documents and Settings\ATS\Application Data\Sun
2014-03-08 22:07 - 2014-03-08 22:07 - 00000000 ____D () C:\Documents and Settings\ATS\Local Settings\Application Data\DYMO
2014-03-08 22:06 - 2014-03-08 22:07 - 00000000 ____D () C:\Documents and Settings\ATS\Application Data\ControlCenter4
2014-03-08 22:06 - 2014-03-08 22:06 - 00091424 _____ () C:\Documents and Settings\ATS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-03-08 22:06 - 2014-03-08 22:06 - 00000000 ____D () C:\Documents and Settings\ATS\Local Settings\Application Data\Scansoft
2014-03-08 22:05 - 2014-03-08 22:06 - 00000742 _____ () C:\Documents and Settings\ATS\Start Menu\Programs\Outlook Express.lnk
2014-03-08 22:05 - 2014-03-08 22:05 - 00000807 _____ () C:\Documents and Settings\ATS\Start Menu\Programs\Internet Explorer.lnk
2014-03-08 22:05 - 2014-03-08 22:05 - 00000643 _____ () C:\WINDOWS\wmsetup.log
2014-03-08 22:05 - 2014-03-08 22:05 - 00000000 ____D () C:\Documents and Settings\ATS\Local Settings\Application Data\Google
2014-03-08 22:04 - 2014-03-17 18:07 - 00000178 ___SH () C:\Documents and Settings\ATS\ntuser.ini
2014-03-08 22:04 - 2014-03-09 19:59 - 00000000 ____D () C:\Documents and Settings\ATS
2014-03-08 22:04 - 2014-03-08 22:05 - 00000792 _____ () C:\Documents and Settings\ATS\Start Menu\Programs\Windows Media Player.lnk
2014-03-08 22:04 - 2014-03-08 22:05 - 00000000 ___RD () C:\Documents and Settings\ATS\Start Menu\Programs\Accessories
2014-03-08 22:04 - 2013-02-11 14:51 - 00001603 _____ () C:\Documents and Settings\ATS\Start Menu\Programs\Remote Assistance.lnk
2014-03-08 22:04 - 2011-11-09 12:10 - 00000000 ____D () C:\Documents and Settings\ATS\Application Data\Macromedia
2014-03-08 22:04 - 2011-04-07 03:05 - 00000000 __SHD () C:\Documents and Settings\ATS\IETldCache
2014-03-08 21:57 - 2014-03-08 21:57 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\D-Link
2014-03-08 21:53 - 2014-03-08 21:57 - 00000000 ____D () C:\Program Files\ANI
2014-03-08 20:17 - 2014-03-08 20:17 - 00007704 _____ () C:\WINDOWS\FaxSetup.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00006638 _____ () C:\WINDOWS\iis6.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00005524 _____ () C:\WINDOWS\ocgen.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00004591 _____ () C:\WINDOWS\tsoc.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00002504 _____ () C:\WINDOWS\comsetup.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00001891 _____ () C:\WINDOWS\imsins.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00001864 _____ () C:\WINDOWS\msmqinst.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00001810 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00001592 _____ () C:\WINDOWS\netfxocm.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00000719 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00000425 _____ () C:\WINDOWS\ocmsn.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00000382 _____ () C:\WINDOWS\msgsocm.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-03-08 20:06 - 2014-03-14 18:42 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan
2014-03-08 17:19 - 2007-01-12 18:45 - 00172032 ____R (Intel Corporation) C:\WINDOWS\system32\igfxres.dll
2014-03-08 16:36 - 2008-04-14 01:15 - 00017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2014-03-08 16:35 - 2014-03-08 16:35 - 00000000 ____D () C:\WINDOWS\CSC
2014-03-08 16:35 - 2008-04-14 01:06 - 00008832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wmiacpi.sys
2014-03-08 16:13 - 2014-03-18 20:10 - 00000007 _____ () C:\WINDOWS\system32\ANIWZCSUSERNAME
2014-03-08 15:14 - 2014-03-08 15:15 - 00000010 _____ () C:\WINDOWS\system32\ANIWZCSUSERNAME{1A6D1134-4375-4F27-940C-EA1537083911}
2014-03-08 15:14 - 2007-08-21 17:31 - 00679936 _____ (Wireless Service) C:\WINDOWS\system32\ANIWZCS2.dll
2014-03-08 15:14 - 2007-08-20 18:41 - 00233472 _____ () C:\WINDOWS\system32\WlanApp.dll
2014-03-08 15:14 - 2007-08-14 14:26 - 00262144 _____ (Wireless Service) C:\WINDOWS\system32\wnicapi.dll
2014-03-08 15:14 - 2007-05-12 14:33 - 00217088 _____ (Alpha Networks Inc.) C:\WINDOWS\system32\aIPH.dll
2014-03-08 15:14 - 2006-09-26 14:49 - 00045115 _____ (Alpha Networks Inc.) C:\WINDOWS\system32\ANICtl.dll
2014-03-08 15:14 - 2005-10-27 09:55 - 00049152 _____ () C:\WINDOWS\system32\JJAKEn.dll
2014-03-08 15:14 - 2005-10-19 19:19 - 01327189 _____ (Funk Software, Inc.) C:\WINDOWS\system32\odSupp_M.dll
2014-03-08 15:14 - 2005-10-19 19:19 - 00049152 _____ (Alpha Networks Inc.) C:\WINDOWS\system32\AQCKGen.dll
2014-03-08 15:13 - 2005-12-13 11:38 - 00048128 _____ (Alpha Networks Inc.) C:\WINDOWS\system32\ANIO64.sys
2014-03-08 15:13 - 2005-12-11 12:55 - 00028195 _____ (Alpha Networks Inc.) C:\WINDOWS\system32\ANIO.sys
2014-03-08 15:13 - 2005-10-21 16:56 - 00036864 _____ (Alpha Networks Inc.) C:\WINDOWS\system32\ANIOApi.dll
2014-03-08 15:13 - 2004-10-14 11:29 - 00016997 _____ () C:\WINDOWS\system32\ANIO.VXD
2014-03-08 15:13 - 2004-10-14 11:29 - 00011904 _____ (ANI ) C:\WINDOWS\system32\anio4.sys
2014-03-08 15:12 - 2014-03-08 15:12 - 00001471 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Wireless Connection Manager.lnk
2014-03-08 15:12 - 2014-03-08 15:12 - 00000000 ____D () C:\Program Files\D-Link
2014-03-08 13:59 - 2014-03-08 21:41 - 00000415 _____ () C:\WINDOWS\setupact.log
2014-03-08 13:59 - 2014-03-08 13:59 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-03-08 13:57 - 2014-03-18 20:54 - 00314638 _____ () C:\WINDOWS\setupapi.log
2014-03-05 12:04 - 2014-03-06 16:20 - 00035840 _____ () C:\Documents and Settings\MSHELLMAN\My Documents\FEBRUARY 2014 EXPENDITURES REPORT.xls
2014-03-05 12:03 - 2014-03-05 21:20 - 00030720 _____ () C:\Documents and Settings\MSHELLMAN\My Documents\FEBRUARY 2014 DISBURSEMENT REPORT.xls
2014-03-04 20:06 - 2014-03-04 20:10 - 00224256 _____ () C:\Documents and Settings\MSHELLMAN\My Documents\BIWEEKLY TIME SHEETS PAY 02212014 02282014 03072014.xls
2014-03-04 12:20 - 2014-03-18 20:10 - 00000259 _____ () C:\WINDOWS\wiadebug.log
2014-03-04 12:20 - 2014-03-18 20:08 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-04 12:20 - 2014-03-04 12:20 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-02-28 09:09 - 2008-04-13 23:05 - 00036224 ____C (ADMtek Incorporated.) C:\WINDOWS\system32\dllcache\an983.sys
2014-02-28 09:09 - 2008-04-13 23:05 - 00036224 _____ (ADMtek Incorporated.) C:\WINDOWS\system32\Drivers\an983.sys
2014-02-28 00:14 - 2007-07-28 16:21 - 00451456 _____ (Ralink Technology, Corp.) C:\WINDOWS\system32\Drivers\Dr71WU.sys
2014-02-27 19:12 - 2014-02-21 12:34 - 13670584 _____ (Microsoft Corporation) C:\Documents and Settings\MSHELLMAN\Desktop\MS Security essentials.exe
2014-02-27 15:13 - 2011-03-28 16:22 - 01034240 ____R (Broadcom Corporation) C:\WINDOWS\system32\Drivers\AE1200xp.sys
2014-02-27 11:13 - 2014-02-27 11:13 - 00000000 ____D () C:\Documents and Settings\MSHELLMAN\Application Data\SparkTrust
2014-02-27 11:12 - 2014-02-27 11:12 - 00000000 ____D () C:\Documents and Settings\MSHELLMAN\Start Menu\Programs\SparkTrust
2014-02-25 16:48 - 2014-02-25 16:48 - 00000000 ____D () C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Avg2014
2014-02-24 17:57 - 2013-01-07 23:03 - 00016512 ____R (Corechip Semiconductor, Inc. Co Ltd.) C:\WINDOWS\system32\Drivers\USB_Ethernet_Adaptor.sys
2014-02-24 14:55 - 2014-02-24 14:55 - 00000000 ____D () C:\WINDOWS\pss
2014-02-17 10:04 - 2014-02-17 10:05 - 00224256 _____ () C:\Documents and Settings\MSHELLMAN\My Documents\BIWEEKLY TIME SHEETS PAY 02072014 02142014 02212014.xls

==================== One Month Modified Files and Folders =======

2014-03-18 21:09 - 2014-03-18 21:09 - 00011833 _____ () C:\Documents and Settings\ATS\Desktop\FRST.txt
2014-03-18 21:09 - 2014-03-18 21:09 - 00000000 ____D () C:\FRST
2014-03-18 21:08 - 2014-03-18 20:50 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\MCShield
2014-03-18 21:07 - 2012-12-10 12:53 - 00000430 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{8F10F47D-223A-40E9-9944-20ABE95E7E7D}.job
2014-03-18 21:06 - 2014-03-18 21:09 - 01145856 _____ (Farbar) C:\Documents and Settings\ATS\Desktop\FRST.exe
2014-03-18 20:57 - 2014-03-18 20:50 - 00000000 ____D () C:\Program Files\MCShield
2014-03-18 20:56 - 2012-04-02 09:29 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-18 20:54 - 2014-03-08 13:57 - 00314638 _____ () C:\WINDOWS\setupapi.log
2014-03-18 20:50 - 2014-03-18 20:50 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\MCShield
2014-03-18 20:47 - 2014-03-18 20:50 - 02846904 _____ (MyCity) C:\Documents and Settings\ATS\Desktop\MCShield-Setup.exe
2014-03-18 20:31 - 2013-04-15 08:48 - 00000892 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-18 20:12 - 2006-01-24 16:13 - 00553446 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-18 20:10 - 2014-03-08 16:13 - 00000007 _____ () C:\WINDOWS\system32\ANIWZCSUSERNAME
2014-03-18 20:10 - 2014-03-04 12:20 - 00000259 _____ () C:\WINDOWS\wiadebug.log
2014-03-18 20:09 - 2013-04-15 08:48 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-18 20:09 - 2009-05-28 15:55 - 00000472 _____ () C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
2014-03-18 20:09 - 2006-02-09 08:29 - 00000388 _____ () C:\WINDOWS\Tasks\SDMsgUpdate (SmartDrawTrial).job
2014-03-18 20:09 - 2002-12-31 04:00 - 00001396 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-18 20:08 - 2014-03-04 12:20 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-18 20:08 - 2006-01-24 15:27 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-18 20:08 - 2006-01-24 15:21 - 01702301 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-17 18:07 - 2014-03-08 22:04 - 00000178 ___SH () C:\Documents and Settings\ATS\ntuser.ini
2014-03-17 18:07 - 2006-01-24 15:27 - 00032556 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-16 14:46 - 2014-03-10 21:27 - 00000000 ____D () C:\Documents and Settings\ATS\Desktop\work in progress
2014-03-16 14:35 - 2014-03-16 14:35 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-16 14:34 - 2014-03-15 17:02 - 00000000 ____D () C:\AdwCleaner
2014-03-16 14:25 - 2014-03-16 14:32 - 01037734 _____ (Thisisu) C:\Documents and Settings\ATS\Desktop\JRT.exe
2014-03-15 17:06 - 2014-02-06 15:42 - 00000000 ____D () C:\Program Files\Web Protect
2014-03-15 16:43 - 2006-02-06 04:47 - 00000000 ____D () C:\Program Files\Java
2014-03-14 18:42 - 2014-03-14 18:42 - 00000000 ____D () C:\Documents and Settings\ATS\Application Data\Google
2014-03-14 18:42 - 2014-03-08 20:06 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan
2014-03-14 18:38 - 2006-01-24 18:54 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-03-14 18:38 - 2006-01-24 18:54 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2014-03-14 18:37 - 2014-03-14 18:37 - 00000000 ____D () C:\Documents and Settings\ATS\Application Data\Malwarebytes
2014-03-14 18:27 - 2014-03-14 18:27 - 00000000 ____D () C:\Documents and Settings\ATS\Application Data\Apple Computer
2014-03-14 18:21 - 2014-03-14 18:21 - 00005119 _____ () C:\WINDOWS\fwesinst.log
2014-03-14 18:21 - 2014-03-14 18:21 - 00003841 _____ () C:\WINDOWS\FSGKIAIN.log
2014-03-14 18:21 - 2014-03-14 18:21 - 00001651 _____ () C:\WINDOWS\FSLDIN.LOG
2014-03-14 18:21 - 2014-03-14 18:21 - 00001418 _____ () C:\WINDOWS\FSPSUNI.LOG
2014-03-14 18:21 - 2014-03-14 18:21 - 00001256 _____ () C:\WINDOWS\fsdgunst.log
2014-03-14 18:21 - 2014-03-14 18:21 - 00000756 _____ () C:\WINDOWS\daasunin.LOG
2014-03-14 18:21 - 2014-03-14 18:21 - 00000743 _____ () C:\WINDOWS\FSGUIINS.LOG
2014-03-14 18:21 - 2014-03-14 18:21 - 00000689 _____ () C:\WINDOWS\HELPINST.LOG
2014-03-14 18:21 - 2014-03-14 18:21 - 00000659 _____ () C:\WINDOWS\fstnbins.LOG
2014-03-14 18:21 - 2014-03-14 18:20 - 40118393 _____ () C:\WINDOWS\FSISU.log
2014-03-14 18:21 - 2014-03-14 18:20 - 00711487 _____ () C:\WINDOWS\FSDEPH.log
2014-03-14 18:21 - 2014-03-14 18:20 - 00620540 _____ () C:\WINDOWS\FSUNINST.log
2014-03-14 18:21 - 2014-03-14 18:20 - 00071106 _____ () C:\WINDOWS\uninstaller.log
2014-03-14 18:21 - 2014-03-14 18:20 - 00017022 _____ () C:\WINDOWS\FSAUA_UN.LOG
2014-03-14 18:20 - 2014-03-14 18:20 - 00024555 _____ () C:\WINDOWS\fsavunin.log
2014-03-14 18:20 - 2014-03-14 18:20 - 00004837 _____ () C:\WINDOWS\fwinst.log
2014-03-14 18:20 - 2014-03-14 18:20 - 00001612 _____ () C:\WINDOWS\FSASWUNI.LOG
2014-03-14 18:20 - 2014-03-14 18:20 - 00001241 _____ () C:\WINDOWS\FSGEMINST.LOG
2014-03-14 18:20 - 2014-03-14 18:20 - 00000110 _____ () C:\WINDOWS\FSAVES_inst.log
2014-03-14 18:20 - 2011-11-17 14:16 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\f-secure
2014-03-12 18:14 - 2006-01-25 09:16 - 00000278 ___SH () C:\Documents and Settings\MSHELLMAN\ntuser.ini
2014-03-12 17:59 - 2009-05-02 17:26 - 00001396 _____ () C:\WINDOWS\system32\wpa.bak
2014-03-09 19:59 - 2014-03-08 22:04 - 00000000 ____D () C:\Documents and Settings\ATS
2014-03-09 15:11 - 2014-03-09 15:11 - 00047142 _____ () C:\ComboFix.txt
2014-03-09 15:11 - 2014-03-09 14:45 - 00000000 ____D () C:\ComboFix
2014-03-09 15:11 - 2014-03-09 14:44 - 00000000 ____D () C:\Qoobox
2014-03-09 15:11 - 2005-08-11 14:48 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-03-09 15:11 - 2005-08-11 14:48 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-03-09 15:09 - 2014-03-09 14:44 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-09 15:08 - 2002-12-31 04:00 - 00000256 _____ () C:\WINDOWS\system.ini
2014-03-09 14:58 - 2006-01-25 09:16 - 00000000 ____D () C:\Documents and Settings\MSHELLMAN
2014-03-09 14:15 - 2014-03-09 14:15 - 00000000 ____D () C:\_OTL
2014-03-09 13:09 - 2013-05-23 10:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-09 12:40 - 2014-03-09 12:58 - 04745728 _____ (AVAST Software) C:\Documents and Settings\MSHELLMAN\Desktop\aswMBR.exe
2014-03-09 11:52 - 2014-03-09 11:52 - 00000000 ____D () C:\Documents and Settings\ATS\Local Settings\Application Data\Sun
2014-03-09 11:52 - 2014-03-09 11:52 - 00000000 ____D () C:\Documents and Settings\ATS\Application Data\Sun
2014-03-09 11:50 - 2014-03-17 17:47 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\ATS\Desktop\OTL.exe
2014-03-08 22:07 - 2014-03-08 22:07 - 00000000 ____D () C:\Documents and Settings\ATS\Local Settings\Application Data\DYMO
2014-03-08 22:07 - 2014-03-08 22:06 - 00000000 ____D () C:\Documents and Settings\ATS\Application Data\ControlCenter4
2014-03-08 22:06 - 2014-03-08 22:06 - 00091424 _____ () C:\Documents and Settings\ATS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-03-08 22:06 - 2014-03-08 22:06 - 00000000 ____D () C:\Documents and Settings\ATS\Local Settings\Application Data\Scansoft
2014-03-08 22:06 - 2014-03-08 22:05 - 00000742 _____ () C:\Documents and Settings\ATS\Start Menu\Programs\Outlook Express.lnk
2014-03-08 22:05 - 2014-03-08 22:05 - 00000807 _____ () C:\Documents and Settings\ATS\Start Menu\Programs\Internet Explorer.lnk
2014-03-08 22:05 - 2014-03-08 22:05 - 00000643 _____ () C:\WINDOWS\wmsetup.log
2014-03-08 22:05 - 2014-03-08 22:05 - 00000000 ____D () C:\Documents and Settings\ATS\Local Settings\Application Data\Google
2014-03-08 22:05 - 2014-03-08 22:04 - 00000792 _____ () C:\Documents and Settings\ATS\Start Menu\Programs\Windows Media Player.lnk
2014-03-08 22:05 - 2014-03-08 22:04 - 00000000 ___RD () C:\Documents and Settings\ATS\Start Menu\Programs\Accessories
2014-03-08 21:57 - 2014-03-08 21:57 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\D-Link
2014-03-08 21:57 - 2014-03-08 21:53 - 00000000 ____D () C:\Program Files\ANI
2014-03-08 21:57 - 2005-08-12 18:06 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-03-08 21:41 - 2014-03-08 13:59 - 00000415 _____ () C:\WINDOWS\setupact.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00007704 _____ () C:\WINDOWS\FaxSetup.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00006638 _____ () C:\WINDOWS\iis6.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00005524 _____ () C:\WINDOWS\ocgen.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00004591 _____ () C:\WINDOWS\tsoc.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00002504 _____ () C:\WINDOWS\comsetup.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00001891 _____ () C:\WINDOWS\imsins.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00001864 _____ () C:\WINDOWS\msmqinst.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00001810 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00001592 _____ () C:\WINDOWS\netfxocm.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00000719 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00000425 _____ () C:\WINDOWS\ocmsn.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00000382 _____ () C:\WINDOWS\msgsocm.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-03-08 16:35 - 2014-03-08 16:35 - 00000000 ____D () C:\WINDOWS\CSC
2014-03-08 15:15 - 2014-03-08 15:14 - 00000010 _____ () C:\WINDOWS\system32\ANIWZCSUSERNAME{1A6D1134-4375-4F27-940C-EA1537083911}
2014-03-08 15:14 - 2005-08-12 18:07 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-08 15:12 - 2014-03-08 15:12 - 00001471 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Wireless Connection Manager.lnk
2014-03-08 15:12 - 2014-03-08 15:12 - 00000000 ____D () C:\Program Files\D-Link
2014-03-08 13:59 - 2014-03-08 13:59 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-03-07 18:13 - 2013-10-09 19:31 - 00457920 _____ () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-03-07 17:23 - 2006-01-25 09:54 - 00002495 _____ () C:\Documents and Settings\MSHELLMAN\Desktop\Microsoft Office Excel 2003.lnk
2014-03-07 16:02 - 2013-11-22 15:23 - 00000000 ____D () C:\Documents and Settings\MSHELLMAN\Desktop\DOCS
2014-03-06 16:20 - 2014-03-05 12:04 - 00035840 _____ () C:\Documents and Settings\MSHELLMAN\My Documents\FEBRUARY 2014 EXPENDITURES REPORT.xls
2014-03-06 14:30 - 2013-03-28 14:03 - 00000000 ____D () C:\Documents and Settings\MSHELLMAN\Desktop\Word Docs
2014-03-05 21:20 - 2014-03-05 12:03 - 00030720 _____ () C:\Documents and Settings\MSHELLMAN\My Documents\FEBRUARY 2014 DISBURSEMENT REPORT.xls
2014-03-05 14:35 - 2007-12-05 18:41 - 00000000 ____D () C:\HRX
2014-03-05 13:59 - 2006-01-25 09:54 - 00002497 _____ () C:\Documents and Settings\MSHELLMAN\Desktop\Microsoft Office Word 2003.lnk
2014-03-04 20:10 - 2014-03-04 20:06 - 00224256 _____ () C:\Documents and Settings\MSHELLMAN\My Documents\BIWEEKLY TIME SHEETS PAY 02212014 02282014 03072014.xls
2014-03-04 12:20 - 2014-03-04 12:20 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-03-03 13:11 - 2013-11-14 11:05 - 01523712 _____ () C:\WINDOWS\system32\config\default.iobit
2014-03-03 13:11 - 2013-11-14 11:05 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.iobit
2014-03-03 13:11 - 2013-11-14 11:04 - 41840640 _____ () C:\WINDOWS\system32\config\software.iobit
2014-03-03 13:11 - 2013-11-14 11:04 - 00065536 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2014-03-03 13:11 - 2006-01-24 15:27 - 00000000 __SHD () C:\Documents and Settings\NetworkService.NT AUTHORITY
2014-03-03 13:11 - 2006-01-24 15:27 - 00000000 __SHD () C:\Documents and Settings\LocalService.NT AUTHORITY
2014-03-03 12:51 - 2009-07-01 17:52 - 00000065 _____ () C:\WINDOWS\system32\bd7440n.dat
2014-03-03 12:47 - 2006-01-25 09:05 - 00000463 _____ () C:\WINDOWS\brwmark.ini
2014-02-27 16:37 - 2013-04-03 15:07 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-02-27 11:13 - 2014-02-27 11:13 - 00000000 ____D () C:\Documents and Settings\MSHELLMAN\Application Data\SparkTrust
2014-02-27 11:12 - 2014-02-27 11:12 - 00000000 ____D () C:\Documents and Settings\MSHELLMAN\Start Menu\Programs\SparkTrust
2014-02-27 10:40 - 2014-01-29 10:45 - 00000000 ____D () C:\Documents and Settings\MSHELLMAN\Desktop\DOCS SENT
2014-02-27 10:39 - 2013-12-03 15:27 - 00000000 ____D () C:\Documents and Settings\MSHELLMAN\Desktop\Policies
2014-02-27 10:38 - 2013-03-28 14:06 - 00000000 ____D () C:\Documents and Settings\MSHELLMAN\Desktop\PDF Files
2014-02-27 10:22 - 2011-01-14 14:11 - 00000000 ____D () C:\Program Files\IDrive
2014-02-25 16:48 - 2014-02-25 16:48 - 00000000 ____D () C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Avg2014
2014-02-25 16:24 - 2012-08-30 19:46 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
2014-02-24 17:28 - 2002-12-31 04:00 - 00000781 _____ () C:\WINDOWS\win.ini
2014-02-24 17:18 - 2012-12-10 12:36 - 00000000 ____D () C:\Program Files\iYogi Support Dock
2014-02-24 15:20 - 2005-08-11 14:42 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-02-24 14:55 - 2014-02-24 14:55 - 00000000 ____D () C:\WINDOWS\pss
2014-02-21 12:34 - 2014-02-27 19:12 - 13670584 _____ (Microsoft Corporation) C:\Documents and Settings\MSHELLMAN\Desktop\MS Security essentials.exe
2014-02-21 11:58 - 2012-04-02 09:29 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-21 11:58 - 2012-01-23 11:37 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-20 15:44 - 2013-09-24 10:53 - 00020992 _____ () C:\Documents and Settings\MSHELLMAN\My Documents\DRAFT NUMBERS CURRENT LIST 2013.xls
2014-02-19 15:26 - 2013-11-22 15:24 - 00000000 ____D () C:\Documents and Settings\MSHELLMAN\Desktop\PWIS DOCS
2014-02-17 10:05 - 2014-02-17 10:04 - 00224256 _____ () C:\Documents and Settings\MSHELLMAN\My Documents\BIWEEKLY TIME SHEETS PAY 02072014 02142014 02212014.xls

Some content of TEMP:
====================
C:\Documents and Settings\ATS\Local Settings\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Below is the Addition log


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by ATS at 2014-03-18 21:10:33
Running from C:\Documents and Settings\ATS\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

Adams Personnel E-Forms 1.0 (HKLM\...\Adams Personnel E-Forms_is1) (Version: - Adams, a division of Cardinal Brands)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.0.0.4080 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
ANIO Service (HKLM\...\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}) (Version: - )
ANIWZCS2 Service (HKLM\...\{4C590030-7469-453E-8589-D15DA9D03F52}) (Version: - )
Attendance Rx (HKLM\...\{D6D36B81-6FA8-4E09-9112-15EF4EE8094D}) (Version: 2.3 - Acroprint)
Attendance Rx (Version: 2.3 - Acroprint) Hidden
Brother MFL Pro Suite (HKLM\...\{0C3FCE48-6984-11D5-90F8-00E029591716}) (Version: - )
Brother MFL-Pro Suite (HKLM\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.00 - Brother Industries, Ltd.)
Brother MFL-Pro Suite (HKLM\...\{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}) (Version: 1.00.000 - )
Brother MFL-Pro Suite MFC-8910DW (HKLM\...\{37372D85-4945-4B6B-AC87-7BC5D1AB9F5C}) (Version: 1.0.6.0 - Brother Industries, Ltd.)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DV TS (HKLM\...\{54266945-8A11-424D-B20F-4F747A714FBA}) (Version: - )
DYMO File (HKLM\...\{4179EBF5-3C77-489E-AE7B-8BA39F828E69}) (Version: 2.0.3 - Sanford L.P.)
DYMO Label Software (HKLM\...\DYMO Label Software) (Version: - )
DYMO Label v.8 (HKLM\...\DYMO Label v.8) (Version: 8.2.0.820 - Sanford, L.P.)
DYMO QuickBooks Add-In (HKLM\...\DYMO QuickBooks Add-In) (Version: - )
File Opener Pro (HKLM\...\fileopenerpro) (Version: - FileOpenerPro) <==== ATTENTION
FileMaker Pro 5.5 (HKLM\...\{4A425F14-0561-11D4-9027-0060089CDAE1}) (Version: 5.5.1.0 - FileMaker, Inc.)
Forms Boss Plus 2013 (HKLM\...\{AADD14C0-0C3E-11DF-4823-046C77CD0029}) (Version: 1.00.0000 - Impressive Publishing)
F-Secure PSC Prerequisites (Version: 1.0.6 - F-Secure Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 32.0.1700.107 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
HP Softpaq SP52247 (HKLM\...\SP46890) (Version: - )
HRx (HKLM\...\HRx) (Version: - )
IDrive version 3.3.4 January 13, 2011 (HKLM\...\IDrive_is1) (Version: 3.3.4 - ProSoftnet Corp)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
IObit Apps Toolbar v8.8 (HKLM\...\{B2A36391-A3A9-4293-88B2-A8263EC7F865}) (Version: 8.8 - Spigot, Inc.) <==== ATTENTION
J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Management by Statistics 1.0.11 (5 User) (HKLM\...\Management by Statistics) (Version: - )
MCShield ::Anti-Malware Tool:: (HKLM\...\MCShield) (Version: 3.0.4.27 - MyCity)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Beta (HKLM\...\Microsoft .NET Framework 2.0 Beta) (Version: - Microsoft)
Microsoft .NET Framework 2.0 Beta (Version: 2.0.40607 - Microsoft) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version: - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version: - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden
Microsoft Office 2003 Primary Interop Assemblies (HKLM\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
MSN Music Assistant (HKLM\...\MSN Music Assistant) (Version: - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MultiRes (remove only) (HKLM\...\MultiRes (remove only)) (Version: - )
muvee autoProducer 4.1 (HKLM\...\{E6CF5B58-E775-46C0-BFF2-F39A0014FE4A}) (Version: 4.10.050 - muvee Technologies)
Nmap 5.51 (HKLM\...\Nmap) (Version: - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
Nvidia Omega Drivers Setup Files (HKLM\...\Nvidia Omega Drivers for Windows 2k-XPv1.6693) (Version: - )
PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Platform (Version: 1.6 - VIA Technologies, Inc.) Hidden
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QBFC 4.0 (HKLM\...\{565E29BB-5863-46FD-ABF3-8074FBB5BAFF}) (Version: 4.0.00168.0 - Intuit)
QBFC 5.0 (HKLM\...\{EA90F101-F332-4841-900A-320F517ABF27}) (Version: 6.0.3.00200 - Intuit Developer Network)
QBFC2 (HKLM\...\{795F2EA4-9798-4BA5-B31A-C8F41A124FC8}) (Version: - )
QuickBooks (Version: 21.0.4001.904 - Intuit Inc.) Hidden
QuickBooks Enterprise Solutions 5.0 (HKLM\...\{14374628-0900-4056-BA06-C87C900AF9E6}) (Version: - )
QuickBooks Enterprise Solutions: Professional Services 11.0 (HKLM\...\{11E0AC7D-6837-4F67-865F-EE1C13D28C38}) (Version: 21.0.4001.904 - Intuit Inc.)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: - )
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.17.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6873 - Realtek Semiconductor Corp.)
ScanSoft PaperPort 11 (HKLM\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB943729) (HKLM\...\KB943729) (Version: - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.6 - VIA Technologies, Inc.)
VIA Rhine-Family Fast Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_VIA) (Version: - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wireless G WUA-1340 (HKLM\...\{D895E3FB-45BA-4BBF-BE50-0DEED3CD3F7E}) (Version: - D-Link)

==================== Restore Points =========================

18-12-2013 20:59:44 System Checkpoint
23-12-2013 22:19:10 System Checkpoint
27-12-2013 01:28:48 System Checkpoint
30-12-2013 20:37:55 System Checkpoint
02-01-2014 19:30:52 System Checkpoint
03-01-2014 20:13:23 System Checkpoint
06-01-2014 21:10:13 System Checkpoint
10-01-2014 22:25:22 System Checkpoint
13-01-2014 20:32:52 System Checkpoint
15-01-2014 02:07:35 System Checkpoint
15-01-2014 03:04:39 Software Distribution Service 3.0
16-01-2014 02:44:15 Software Distribution Service 3.0
17-01-2014 02:57:05 System Checkpoint
22-01-2014 21:47:59 Installed Java 7 Update 51
24-01-2014 23:34:56 System Checkpoint
27-01-2014 21:27:58 System Checkpoint
29-01-2014 02:33:08 System Checkpoint
04-02-2014 20:45:16 System Checkpoint
05-02-2014 23:25:53 System Checkpoint
07-02-2014 20:40:27 System Checkpoint
10-02-2014 18:01:56 Printer Driver Microsoft Office Document Image Writer Installed
11-02-2014 20:54:08 System Checkpoint
12-02-2014 22:16:51 System Checkpoint
13-02-2014 02:22:37 Software Distribution Service 3.0
17-02-2014 17:27:00 System Checkpoint
18-02-2014 18:53:13 System Checkpoint
19-02-2014 21:18:38 System Checkpoint
22-02-2014 01:30:00 System Checkpoint
24-02-2014 17:30:12 Removed Motorola Device Manager
24-02-2014 17:31:23 Removed Motorola Mobile Drivers Installation 6.2.0
24-02-2014 22:23:46 Restore Operation
25-02-2014 00:20:41 Restore Operation
25-02-2014 23:31:12 Restore Operation
25-02-2014 23:41:22 Restore Operation
25-02-2014 23:50:10 Restore Operation
27-02-2014 00:34:02 System Checkpoint
27-02-2014 22:55:32 Installed Windows Defender
03-03-2014 21:35:45 System Checkpoint
04-03-2014 21:48:18 System Checkpoint
05-03-2014 21:53:10 System Checkpoint
06-03-2014 22:33:43 System Checkpoint
07-03-2014 23:38:25 System Checkpoint
08-03-2014 22:12:53 Installed Wireless G WUA-1340
08-03-2014 22:13:30 Installed ANIO Service
08-03-2014 22:14:04 Installed ANIWZCS2 Service
09-03-2014 04:55:31 Restore Operation
09-03-2014 04:59:24 Restore Operation
09-03-2014 20:09:52 Removed MSXML 4.0 SP2 (KB936181)
13-03-2014 00:39:27 System Checkpoint
15-03-2014 01:39:33 Removed Windows Defender
15-03-2014 23:42:19 OTL Restore Point - 3/15/2014 4:42:13 PM
15-03-2014 23:49:58 OTL Restore Point - 3/15/2014 4:49:54 PM
19-03-2014 03:25:46 System Checkpoint

==================== Hosts content: ==========================

2002-12-31 04:00 - 2014-03-09 15:07 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SDMsgUpdate (SmartDrawTrial).job => C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe
Task: C:\WINDOWS\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~1\SMARTD~3\Messages\SDNotify.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{8F10F47D-223A-40E9-9944-20ABE95E7E7D}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2013-01-17 15:54 - 2011-02-28 15:37 - 00180624 _____ () C:\WINDOWS\system32\Primomonnt.dll
2014-02-02 19:01 - 2014-02-02 19:01 - 00487501 _____ () C:\monitor.exe
2013-06-21 11:36 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2014-03-08 15:14 - 2007-08-20 18:41 - 00233472 _____ () C:\WINDOWS\system32\WlanApp.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\IPH.PH:KAVICHS
AlternateDataStreams: C:\Documents and Settings\Default User\NTUSER.DAT:KAVICHS
AlternateDataStreams: C:\Documents and Settings\Default User\Application Data\desktop.ini:KAVICHS
AlternateDataStreams: C:\Documents and Settings\Default User\Local Settings\desktop.ini:KAVICHS
AlternateDataStreams: C:\Documents and Settings\Default User\Start Menu\desktop.ini:KAVICHS
AlternateDataStreams: C:\Documents and Settings\Default User\Start Menu\Programs\desktop.ini:KAVICHS
AlternateDataStreams: C:\Documents and Settings\Default User\Start Menu\Programs\Windows Media Player.lnk:KAVICHS
AlternateDataStreams: C:\Documents and Settings\j.paguio\NTUSER.DAT:KAVICHS
AlternateDataStreams: C:\Documents and Settings\j.paguio\ntuser.dat.LOG:KAVICHS
AlternateDataStreams: C:\Documents and Settings\j.paguio\ntuser.ini:KAVICHS
AlternateDataStreams: C:\Documents and Settings\j.paguio\Application Data\desktop.ini:KAVICHS
AlternateDataStreams: C:\Documents and Settings\j.paguio\Local Settings\desktop.ini:KAVICHS
AlternateDataStreams: C:\Documents and Settings\j.paguio\Local Settings\Application Data\IconCache.db:KAVICHS
AlternateDataStreams: C:\Documents and Settings\j.paguio\My Documents\desktop.ini:KAVICHS
AlternateDataStreams: C:\Documents and Settings\j.paguio\Start Menu\desktop.ini:KAVICHS
AlternateDataStreams: C:\Documents and Settings\j.paguio\Start Menu\Programs\desktop.ini:KAVICHS
AlternateDataStreams: C:\Documents and Settings\j.paguio\Start Menu\Programs\Internet Explorer.lnk:KAVICHS
AlternateDataStreams: C:\Documents and Settings\j.paguio\Start Menu\Programs\Outlook Express.lnk:KAVICHS
AlternateDataStreams: C:\Documents and Settings\j.paguio\Start Menu\Programs\Windows Media Player.lnk:KAVICHS
AlternateDataStreams: C:\Documents and Settings\LocalService\NTUSER.DAT:KAVICHS
AlternateDataStreams: C:\Documents and Settings\LocalService\ntuser.dat.LOG:KAVICHS
AlternateDataStreams: C:\Documents and Settings\LocalService\ntuser.ini:KAVICHS
AlternateDataStreams: C:\Documents and Settings\LocalService\Local Settings\desktop.ini:KAVICHS
AlternateDataStreams: C:\Documents and Settings\NetworkService\NTUSER.DAT:KAVICHS
AlternateDataStreams: C:\Documents and Settings\NetworkService\ntuser.dat.LOG:KAVICHS
AlternateDataStreams: C:\Documents and Settings\NetworkService\ntuser.ini:KAVICHS
AlternateDataStreams: C:\Documents and Settings\NetworkService\Local Settings\desktop.ini:KAVICHS

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCProtect => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: DYMOFileMonitor => "C:\Program Files\DYMO File\DYMOFileMonitor.exe"
MSCONFIG\startupreg: DymoQuickPrint => "C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/18/2014 08:08:57 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/03/18 20:08:57.406]: [00001148]: ---- Monitor Thread OpenBrNetUDP_Server Error ----

Error: (03/18/2014 08:08:57 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/03/18 20:08:57.406]: [00001148]: BrMfNet:: OpenUDPServer Error

Error: (03/18/2014 08:08:57 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/03/18 20:08:57.406]: [00001148]: BrNet:: OpenUDP_Server socket INVALID

Error: (03/18/2014 08:08:57 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/03/18 20:08:57.375]: [00001148]: ---- Monitor Thread OpenBrNetUDP_Server Error ----

Error: (03/18/2014 08:08:57 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/03/18 20:08:57.375]: [00001148]: BrMfNet:: OpenUDPServer Error

Error: (03/18/2014 08:08:57 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/03/18 20:08:57.375]: [00001148]: BrNet:: OpenUDP_Server socket INVALID

Error: (03/17/2014 05:45:23 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/03/17 17:45:23.812]: [00001268]: ---- Monitor Thread OpenBrNetUDP_Server Error ----

Error: (03/17/2014 05:45:23 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/03/17 17:45:23.812]: [00001268]: BrMfNet:: OpenUDPServer Error

Error: (03/17/2014 05:45:23 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/03/17 17:45:23.812]: [00001268]: BrNet:: OpenUDP_Server socket INVALID

Error: (03/17/2014 05:45:23 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/03/17 17:45:23.796]: [00001268]: ---- Monitor Thread OpenBrNetUDP_Server Error ----


System errors:
=============
Error: (03/18/2014 08:20:32 PM) (Source: DCOM) (User: PWICP005)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (03/18/2014 08:20:02 PM) (Source: Service Control Manager) (User: )
Description: The BITS service terminated with service-specific error 2147952506 (0x8007277A).

Error: (03/18/2014 08:08:57 PM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%2147952506

Error: (03/18/2014 08:08:57 PM) (Source: Service Control Manager) (User: )
Description: The Protect Monitor service failed to start due to the following error:
%%1053

Error: (03/18/2014 08:08:57 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Protect Monitor service to connect.

Error: (03/18/2014 08:08:57 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service terminated with the following error:
%%10106

Error: (03/17/2014 05:56:21 PM) (Source: DCOM) (User: PWICP005)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (03/17/2014 05:55:51 PM) (Source: Service Control Manager) (User: )
Description: The BITS service terminated with service-specific error 2147952506 (0x8007277A).

Error: (03/17/2014 05:45:23 PM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%2147952506

Error: (03/17/2014 05:45:23 PM) (Source: Service Control Manager) (User: )
Description: The Protect Monitor service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (03/18/2014 08:08:57 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/03/18 20:08:57.406]: [00001148]: ---- Monitor Thread OpenBrNetUDP_Server Error ----

Error: (03/18/2014 08:08:57 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/03/18 20:08:57.406]: [00001148]: BrMfNet:: OpenUDPServer Error

Error: (03/18/2014 08:08:57 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/03/18 20:08:57.406]: [00001148]: BrNet:: OpenUDP_Server socket INVALID

Error: (03/18/2014 08:08:57 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/03/18 20:08:57.375]: [00001148]: ---- Monitor Thread OpenBrNetUDP_Server Error ----

Error: (03/18/2014 08:08:57 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/03/18 20:08:57.375]: [00001148]: BrMfNet:: OpenUDPServer Error

Error: (03/18/2014 08:08:57 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/03/18 20:08:57.375]: [00001148]: BrNet:: OpenUDP_Server socket INVALID

Error: (03/17/2014 05:45:23 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/03/17 17:45:23.812]: [00001268]: ---- Monitor Thread OpenBrNetUDP_Server Error ----

Error: (03/17/2014 05:45:23 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/03/17 17:45:23.812]: [00001268]: BrMfNet:: OpenUDPServer Error

Error: (03/17/2014 05:45:23 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/03/17 17:45:23.812]: [00001268]: BrNet:: OpenUDP_Server socket INVALID

Error: (03/17/2014 05:45:23 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/03/17 17:45:23.796]: [00001268]: ---- Monitor Thread OpenBrNetUDP_Server Error ----


==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 2039.17 MB
Available physical RAM: 1556.82 MB
Total Pagefile: 3931.89 MB
Available Pagefile: 3637.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1958.8 MB

==================== Drives ================================

Drive c: (MAIN) (Fixed) (Total:931.51 GB) (Free:895.8 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (OCZ RALLY2) (Removable) (Total:3.76 GB) (Free:3.35 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 1FE9D201)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

==================== End Of Log ============================
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP