Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Motohelperservice.exe removed now No Internet


  • Please log in to reply

#31
jlurie

jlurie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

Hi SleepyDude, Below are the log results:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by ATS at 2014-03-31 20:00:18 Run:11
Running from C:\Documents and Settings\ATS\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver"
Reboot:
*****************

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => Key deleted successfully.


The system needed a reboot.

==== End of Fixlog ====

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by ATS (administrator) on PWICP005 on 31-03-2014 20:03:53
Running from C:\Documents and Settings\ATS\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(brother Industries Ltd) C:\WINDOWS\system32\brsvc01a.exe
(brother Industries Ltd) C:\WINDOWS\system32\brss01a.exe
(Pro Softnet Corporation) C:\Program Files\IDrive\IDriveE Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(VIA Technologies) C:\Program Files\VIA\RAID\raid_tool.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sanford, L.P.) C:\Program Files\DYMO\DYMO Label Software\DLSService.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(D-Link) C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
(Wireless Service) C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(MyCity) C:\Program Files\MCShield\mcshieldrtm.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RaidTool] - C:\Program Files\VIA\RAID\raid_tool.exe [589824 2004-10-10] (VIA Technologies)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [4620288 2004-10-29] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMcTray.dll [86016 2004-10-29] (NVIDIA Corporation)
HKLM\...\Run: [ControlCenter2.0] - C:\Program Files\Brother\ControlCenter2\brctrcen.exe [77824 2007-10-30] (Brother Industries, Ltd.)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [745472 2009-02-10] (Brother Industries, Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [1394440 2010-08-09] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [DLSService] - C:\Program Files\DYMO\DYMO Label Software\DLSService.exe [55808 2009-10-28] (Sanford, L.P.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [77824 2007-10-30] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter4] - C:\Program Files\ControlCenter4\BrCcBoot.exe [143360 2012-01-13] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2678784 2011-10-18] (Brother Industries, Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [D-Link Wireless G WUA-1340] - C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe [1662976 2007-08-27] (D-Link)
HKLM\...\Run: [ANIWZCS2Service] - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [49152 2007-01-19] (Wireless Service)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20143688 2013-10-18] (Realtek Semiconductor Corp.)
HKU\.DEFAULT\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1060284298-776561741-725345543-1008\...\Run: [MCShield Monitor] - C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-02-01] (MyCity)
HKU\S-1-5-21-1060284298-776561741-725345543-1008\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Attendance Rx.lnk

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 11.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: linkscanner - No CLSID Value -
Handler: livecall - No CLSID Value -
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - No CLSID Value -
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\WINDOWS\system32\PCProtect.dll File Not found ()
Winsock: Catalog9 02 C:\WINDOWS\system32\PCProtect.dll File Not found ()
Winsock: Catalog9 16 C:\WINDOWS\system32\PCProtect.dll File Not found ()

Chrome:
=======
CHR HomePage: hxxp://www.google.com/

========================== Services (Whitelisted) =================

S2 ANIWZCSdService; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [49152 2007-01-19] (Wireless Service)
R2 Brother XP spl Service; C:\WINDOWS\system32\brsvc01a.exe [57344 2001-11-22] (brother Industries Ltd)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [249856 2011-11-15] (Brother Industries, Ltd.)
R2 IDriveE Service; C:\Program Files\IDrive\IDriveE Service.exe [148936 2010-12-21] (Pro Softnet Corporation)
S4 QuickBooksDB21; C:\Program Files\Intuit\QuickBooks Enterprise Solutions 11.0\QBDBMgrN.exe [679936 2010-04-27] (Intuit, Inc.)
S3 PCProtect; C:\Program Files\Web Protect\PCProtect.exe [X]

==================== Drivers (Whitelisted) ====================

S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2310272 2005-01-28] (Realtek Semiconductor Corp.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2013-10-18] (Creative)
S3 AN983; C:\WINDOWS\System32\DRIVERS\AN983.sys [36224 2008-04-13] (ADMtek Incorporated.)
R2 ANIO; C:\WINDOWS\system32\ANIO.SYS [28195 2005-12-11] (Alpha Networks Inc.)
R3 AtcL002; C:\WINDOWS\System32\DRIVERS\l251x86.sys [30720 2008-10-17] (Atheros Communications, Inc.)
S3 brfilt; C:\WINDOWS\System32\Drivers\Brfilt.sys [2944 2001-08-17] (Brother Industries Ltd.)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-14] (Brother Industries Ltd.)
S3 BrUsbScn; C:\WINDOWS\System32\Drivers\BrUsbScn.sys [10368 2001-08-17] (Brother Industries Ltd.)
S3 FETND5BV; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [42496 2004-12-16] (VIA Technologies, Inc.              )
S3 Linksys_adapter_H; C:\WINDOWS\System32\DRIVERS\AE1200xp.sys [1034240 2011-03-28] (Broadcom Corporation)
S3 mf; C:\WINDOWS\System32\DRIVERS\mf.sys [63744 2008-04-14] (Microsoft Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2013-10-18] (Creative Technology Ltd.)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
S3 PciPPorts; C:\WINDOWS\System32\DRIVERS\PciPPorts.sys [82432 2008-05-22] ()
R1 pcwatch; C:\WINDOWS\system32\Drivers\pcwatch.sys [19840 2014-01-07] ()
S3 RT73; C:\WINDOWS\System32\DRIVERS\Dr71WU.sys [451456 2007-07-28] (Ralink Technology, Corp.)
S3 USB_Ethernet_Adaptor; C:\WINDOWS\System32\DRIVERS\USB_Ethernet_Adaptor.sys [16512 2013-01-07] (Corechip Semiconductor, Inc. Co Ltd.)
R0 viamraid; C:\WINDOWS\System32\DRIVERS\viamraid.sys [60672 2004-07-06] (VIA Technologies inc,.ltd)
S0 viasraid; C:\WINDOWS\system32\Drivers\viasraid.sys [75904 2004-12-16] (VIA Technologies inc,.ltd)
R2 Wpsnuio; C:\WINDOWS\System32\DRIVERS\wpsnuio.sys [13696 2010-02-11] (Skyhook Wireless)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 FETNDIS; system32\DRIVERS\fetnd5.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-27 18:57 - 2014-03-27 18:57 - 00002635 _____ () C:\Documents and Settings\ATS\Desktop\FSS.txt
2014-03-27 18:55 - 2014-03-09 17:59 - 00409600 _____ (Farbar) C:\Documents and Settings\ATS\Desktop\FSS.exe
2014-03-27 18:42 - 2014-03-27 18:43 - 00011636 _____ () C:\Documents and Settings\ATS\Desktop\Result.txt
2014-03-27 18:34 - 2014-03-27 18:34 - 00004102 _____ () C:\Documents and Settings\ATS\Desktop\RKreport[0]_S_03272014_183428.txt
2014-03-27 18:32 - 2014-03-27 18:39 - 00000000 ____D () C:\Documents and Settings\ATS\Desktop\RK_Quarantine
2014-03-27 18:32 - 2014-03-27 18:30 - 03972608 _____ () C:\Documents and Settings\ATS\Desktop\RogueKiller.exe
2014-03-27 18:13 - 2014-03-27 18:10 - 00982016 _____ (Farbar) C:\Documents and Settings\ATS\Desktop\MiniToolBox.exe
2014-03-24 18:24 - 2014-03-31 20:03 - 00011561 _____ () C:\Documents and Settings\ATS\Desktop\FRST.txt
2014-03-18 21:09 - 2014-03-31 20:03 - 00000000 ____D () C:\FRST
2014-03-18 21:09 - 2014-03-18 21:06 - 01145856 _____ (Farbar) C:\Documents and Settings\ATS\Desktop\FRST.exe
2014-03-18 20:50 - 2014-03-31 20:01 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\MCShield
2014-03-18 20:50 - 2014-03-18 20:57 - 00000000 ____D () C:\Program Files\MCShield
2014-03-18 20:50 - 2014-03-18 20:50 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\MCShield
2014-03-18 20:50 - 2014-03-18 20:47 - 02846904 _____ (MyCity) C:\Documents and Settings\ATS\Desktop\MCShield-Setup.exe
2014-03-17 17:47 - 2014-03-09 11:50 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\ATS\Desktop\OTL.exe
2014-03-16 14:35 - 2014-03-16 14:35 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-16 14:32 - 2014-03-16 14:25 - 01037734 _____ (Thisisu) C:\Documents and Settings\ATS\Desktop\JRT.exe
2014-03-15 17:02 - 2014-03-16 14:34 - 00000000 ____D () C:\AdwCleaner
2014-03-14 18:42 - 2014-03-14 18:42 - 00000000 ____D () C:\Documents and Settings\ATS\Application Data\Google
2014-03-14 18:37 - 2014-03-14 18:37 - 00000000 ____D () C:\Documents and Settings\ATS\Application Data\Malwarebytes
2014-03-14 18:27 - 2014-03-14 18:27 - 00000000 ____D () C:\Documents and Settings\ATS\Application Data\Apple Computer
2014-03-14 18:21 - 2014-03-14 18:21 - 00005119 _____ () C:\WINDOWS\fwesinst.log
2014-03-14 18:21 - 2014-03-14 18:21 - 00003841 _____ () C:\WINDOWS\FSGKIAIN.log
2014-03-14 18:21 - 2014-03-14 18:21 - 00001651 _____ () C:\WINDOWS\FSLDIN.LOG
2014-03-14 18:21 - 2014-03-14 18:21 - 00001418 _____ () C:\WINDOWS\FSPSUNI.LOG
2014-03-14 18:21 - 2014-03-14 18:21 - 00001256 _____ () C:\WINDOWS\fsdgunst.log
2014-03-14 18:21 - 2014-03-14 18:21 - 00000756 _____ () C:\WINDOWS\daasunin.LOG
2014-03-14 18:21 - 2014-03-14 18:21 - 00000743 _____ () C:\WINDOWS\FSGUIINS.LOG
2014-03-14 18:21 - 2014-03-14 18:21 - 00000689 _____ () C:\WINDOWS\HELPINST.LOG
2014-03-14 18:21 - 2014-03-14 18:21 - 00000659 _____ () C:\WINDOWS\fstnbins.LOG
2014-03-14 18:20 - 2014-03-14 18:21 - 40118393 _____ () C:\WINDOWS\FSISU.log
2014-03-14 18:20 - 2014-03-14 18:21 - 00711487 _____ () C:\WINDOWS\FSDEPH.log
2014-03-14 18:20 - 2014-03-14 18:21 - 00620540 _____ () C:\WINDOWS\FSUNINST.log
2014-03-14 18:20 - 2014-03-14 18:21 - 00071106 _____ () C:\WINDOWS\uninstaller.log
2014-03-14 18:20 - 2014-03-14 18:21 - 00017022 _____ () C:\WINDOWS\FSAUA_UN.LOG
2014-03-14 18:20 - 2014-03-14 18:20 - 00024555 _____ () C:\WINDOWS\fsavunin.log
2014-03-14 18:20 - 2014-03-14 18:20 - 00004837 _____ () C:\WINDOWS\fwinst.log
2014-03-14 18:20 - 2014-03-14 18:20 - 00001612 _____ () C:\WINDOWS\FSASWUNI.LOG
2014-03-14 18:20 - 2014-03-14 18:20 - 00001241 _____ () C:\WINDOWS\FSGEMINST.LOG
2014-03-14 18:20 - 2014-03-14 18:20 - 00000110 _____ () C:\WINDOWS\FSAVES_inst.log
2014-03-10 21:27 - 2014-03-31 19:58 - 00000000 ____D () C:\Documents and Settings\ATS\Desktop\work in progress
2014-03-09 15:11 - 2014-03-09 15:11 - 00047142 _____ () C:\ComboFix.txt
2014-03-09 14:45 - 2014-03-09 15:11 - 00000000 ____D () C:\ComboFix
2014-03-09 14:45 - 2011-06-25 23:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-03-09 14:45 - 2010-11-07 10:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-03-09 14:45 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-03-09 14:45 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-03-09 14:45 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-03-09 14:45 - 2000-08-30 17:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-03-09 14:45 - 2000-08-30 17:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-03-09 14:45 - 2000-08-30 17:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-03-09 14:45 - 2000-08-30 17:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-03-09 14:44 - 2014-03-09 15:11 - 00000000 ____D () C:\Qoobox
2014-03-09 14:44 - 2014-03-09 15:09 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-09 14:15 - 2014-03-09 14:15 - 00000000 ____D () C:\_OTL
2014-03-09 12:58 - 2014-03-09 12:40 - 04745728 _____ (AVAST Software) C:\Documents and Settings\MSHELLMAN\Desktop\aswMBR.exe
2014-03-09 11:52 - 2014-03-09 11:52 - 00000000 ____D () C:\Documents and Settings\ATS\Local Settings\Application Data\Sun
2014-03-09 11:52 - 2014-03-09 11:52 - 00000000 ____D () C:\Documents and Settings\ATS\Application Data\Sun
2014-03-08 22:07 - 2014-03-08 22:07 - 00000000 ____D () C:\Documents and Settings\ATS\Local Settings\Application Data\DYMO
2014-03-08 22:06 - 2014-03-08 22:07 - 00000000 ____D () C:\Documents and Settings\ATS\Application Data\ControlCenter4
2014-03-08 22:06 - 2014-03-08 22:06 - 00091424 _____ () C:\Documents and Settings\ATS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-03-08 22:06 - 2014-03-08 22:06 - 00000000 ____D () C:\Documents and Settings\ATS\Local Settings\Application Data\Scansoft
2014-03-08 22:05 - 2014-03-08 22:06 - 00000742 _____ () C:\Documents and Settings\ATS\Start Menu\Programs\Outlook Express.lnk
2014-03-08 22:05 - 2014-03-08 22:05 - 00000807 _____ () C:\Documents and Settings\ATS\Start Menu\Programs\Internet Explorer.lnk
2014-03-08 22:05 - 2014-03-08 22:05 - 00000643 _____ () C:\WINDOWS\wmsetup.log
2014-03-08 22:05 - 2014-03-08 22:05 - 00000000 ____D () C:\Documents and Settings\ATS\Local Settings\Application Data\Google
2014-03-08 22:04 - 2014-03-31 20:00 - 00000178 ___SH () C:\Documents and Settings\ATS\ntuser.ini
2014-03-08 22:04 - 2014-03-09 19:59 - 00000000 ____D () C:\Documents and Settings\ATS
2014-03-08 22:04 - 2014-03-08 22:05 - 00000792 _____ () C:\Documents and Settings\ATS\Start Menu\Programs\Windows Media Player.lnk
2014-03-08 22:04 - 2014-03-08 22:05 - 00000000 ___RD () C:\Documents and Settings\ATS\Start Menu\Programs\Accessories
2014-03-08 22:04 - 2013-02-11 14:51 - 00001603 _____ () C:\Documents and Settings\ATS\Start Menu\Programs\Remote Assistance.lnk
2014-03-08 22:04 - 2011-11-09 12:10 - 00000000 ____D () C:\Documents and Settings\ATS\Application Data\Macromedia
2014-03-08 22:04 - 2011-04-07 03:05 - 00000000 __SHD () C:\Documents and Settings\ATS\IETldCache
2014-03-08 21:57 - 2014-03-08 21:57 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\D-Link
2014-03-08 21:53 - 2014-03-08 21:57 - 00000000 ____D () C:\Program Files\ANI
2014-03-08 20:17 - 2014-03-08 20:17 - 00007704 _____ () C:\WINDOWS\FaxSetup.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00006638 _____ () C:\WINDOWS\iis6.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00005524 _____ () C:\WINDOWS\ocgen.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00004591 _____ () C:\WINDOWS\tsoc.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00002504 _____ () C:\WINDOWS\comsetup.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00001891 _____ () C:\WINDOWS\imsins.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00001864 _____ () C:\WINDOWS\msmqinst.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00001810 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00001592 _____ () C:\WINDOWS\netfxocm.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00000719 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00000425 _____ () C:\WINDOWS\ocmsn.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00000382 _____ () C:\WINDOWS\msgsocm.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-03-08 20:06 - 2014-03-14 18:42 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan
2014-03-08 17:19 - 2007-01-12 18:45 - 00172032 ____R (Intel Corporation) C:\WINDOWS\system32\igfxres.dll
2014-03-08 16:36 - 2008-04-14 01:15 - 00017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2014-03-08 16:35 - 2014-03-08 16:35 - 00000000 ____D () C:\WINDOWS\CSC
2014-03-08 16:35 - 2008-04-14 01:06 - 00008832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wmiacpi.sys
2014-03-08 16:13 - 2014-03-31 20:01 - 00000007 _____ () C:\WINDOWS\system32\ANIWZCSUSERNAME
2014-03-08 15:14 - 2014-03-08 15:15 - 00000010 _____ () C:\WINDOWS\system32\ANIWZCSUSERNAME{1A6D1134-4375-4F27-940C-EA1537083911}
2014-03-08 15:14 - 2007-08-21 17:31 - 00679936 _____ (Wireless Service) C:\WINDOWS\system32\ANIWZCS2.dll
2014-03-08 15:14 - 2007-08-20 18:41 - 00233472 _____ () C:\WINDOWS\system32\WlanApp.dll
2014-03-08 15:14 - 2007-08-14 14:26 - 00262144 _____ (Wireless Service) C:\WINDOWS\system32\wnicapi.dll
2014-03-08 15:14 - 2007-05-12 14:33 - 00217088 _____ (Alpha Networks Inc.) C:\WINDOWS\system32\aIPH.dll
2014-03-08 15:14 - 2006-09-26 14:49 - 00045115 _____ (Alpha Networks Inc.) C:\WINDOWS\system32\ANICtl.dll
2014-03-08 15:14 - 2005-10-27 09:55 - 00049152 _____ () C:\WINDOWS\system32\JJAKEn.dll
2014-03-08 15:14 - 2005-10-19 19:19 - 01327189 _____ (Funk Software, Inc.) C:\WINDOWS\system32\odSupp_M.dll
2014-03-08 15:14 - 2005-10-19 19:19 - 00049152 _____ (Alpha Networks Inc.) C:\WINDOWS\system32\AQCKGen.dll
2014-03-08 15:13 - 2005-12-13 11:38 - 00048128 _____ (Alpha Networks Inc.) C:\WINDOWS\system32\ANIO64.sys
2014-03-08 15:13 - 2005-12-11 12:55 - 00028195 _____ (Alpha Networks Inc.) C:\WINDOWS\system32\ANIO.sys
2014-03-08 15:13 - 2005-10-21 16:56 - 00036864 _____ (Alpha Networks Inc.) C:\WINDOWS\system32\ANIOApi.dll
2014-03-08 15:13 - 2004-10-14 11:29 - 00016997 _____ () C:\WINDOWS\system32\ANIO.VXD
2014-03-08 15:13 - 2004-10-14 11:29 - 00011904 _____ (ANI ) C:\WINDOWS\system32\anio4.sys
2014-03-08 15:12 - 2014-03-08 15:12 - 00001471 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Wireless Connection Manager.lnk
2014-03-08 15:12 - 2014-03-08 15:12 - 00000000 ____D () C:\Program Files\D-Link
2014-03-08 13:59 - 2014-03-23 12:28 - 00000531 _____ () C:\WINDOWS\setupact.log
2014-03-08 13:59 - 2014-03-08 13:59 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-03-08 13:57 - 2014-03-24 18:19 - 00337241 _____ () C:\WINDOWS\setupapi.log
2014-03-05 12:04 - 2014-03-06 16:20 - 00035840 _____ () C:\Documents and Settings\MSHELLMAN\My Documents\FEBRUARY 2014 EXPENDITURES REPORT.xls
2014-03-05 12:03 - 2014-03-05 21:20 - 00030720 _____ () C:\Documents and Settings\MSHELLMAN\My Documents\FEBRUARY 2014 DISBURSEMENT REPORT.xls
2014-03-04 20:06 - 2014-03-04 20:10 - 00224256 _____ () C:\Documents and Settings\MSHELLMAN\My Documents\BIWEEKLY TIME SHEETS PAY  02212014  02282014  03072014.xls
2014-03-04 12:20 - 2014-03-31 20:01 - 00000259 _____ () C:\WINDOWS\wiadebug.log
2014-03-04 12:20 - 2014-03-31 20:01 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-04 12:20 - 2014-03-04 12:20 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log

==================== One Month Modified Files and Folders =======

2014-03-31 20:03 - 2014-03-24 18:24 - 00011561 _____ () C:\Documents and Settings\ATS\Desktop\FRST.txt
2014-03-31 20:03 - 2014-03-18 21:09 - 00000000 ____D () C:\FRST
2014-03-31 20:02 - 2012-12-10 12:53 - 00000430 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{8F10F47D-223A-40E9-9944-20ABE95E7E7D}.job
2014-03-31 20:01 - 2014-03-18 20:50 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\MCShield
2014-03-31 20:01 - 2014-03-08 16:13 - 00000007 _____ () C:\WINDOWS\system32\ANIWZCSUSERNAME
2014-03-31 20:01 - 2014-03-04 12:20 - 00000259 _____ () C:\WINDOWS\wiadebug.log
2014-03-31 20:01 - 2014-03-04 12:20 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-31 20:01 - 2013-04-15 08:48 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-31 20:01 - 2009-05-28 15:55 - 00000472 _____ () C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
2014-03-31 20:01 - 2006-02-09 08:29 - 00000388 _____ () C:\WINDOWS\Tasks\SDMsgUpdate (SmartDrawTrial).job
2014-03-31 20:01 - 2006-01-24 15:27 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-31 20:01 - 2006-01-24 15:21 - 01749114 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-31 20:01 - 2002-12-31 04:00 - 00001396 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-31 20:00 - 2014-03-08 22:04 - 00000178 ___SH () C:\Documents and Settings\ATS\ntuser.ini
2014-03-31 20:00 - 2006-01-24 15:27 - 00032556 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-31 19:58 - 2014-03-10 21:27 - 00000000 ____D () C:\Documents and Settings\ATS\Desktop\work in progress
2014-03-31 19:56 - 2012-04-02 09:29 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-27 18:57 - 2014-03-27 18:57 - 00002635 _____ () C:\Documents and Settings\ATS\Desktop\FSS.txt
2014-03-27 18:43 - 2014-03-27 18:42 - 00011636 _____ () C:\Documents and Settings\ATS\Desktop\Result.txt
2014-03-27 18:39 - 2014-03-27 18:32 - 00000000 ____D () C:\Documents and Settings\ATS\Desktop\RK_Quarantine
2014-03-27 18:34 - 2014-03-27 18:34 - 00004102 _____ () C:\Documents and Settings\ATS\Desktop\RKreport[0]_S_03272014_183428.txt
2014-03-27 18:31 - 2013-04-15 08:48 - 00000892 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-27 18:30 - 2014-03-27 18:32 - 03972608 _____ () C:\Documents and Settings\ATS\Desktop\RogueKiller.exe
2014-03-27 18:10 - 2014-03-27 18:13 - 00982016 _____ (Farbar) C:\Documents and Settings\ATS\Desktop\MiniToolBox.exe
2014-03-24 18:19 - 2014-03-08 13:57 - 00337241 _____ () C:\WINDOWS\setupapi.log
2014-03-23 12:28 - 2014-03-08 13:59 - 00000531 _____ () C:\WINDOWS\setupact.log
2014-03-22 16:34 - 2006-01-24 16:13 - 00553446 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-18 21:06 - 2014-03-18 21:09 - 01145856 _____ (Farbar) C:\Documents and Settings\ATS\Desktop\FRST.exe
2014-03-18 20:57 - 2014-03-18 20:50 - 00000000 ____D () C:\Program Files\MCShield
2014-03-18 20:50 - 2014-03-18 20:50 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\MCShield
2014-03-18 20:47 - 2014-03-18 20:50 - 02846904 _____ (MyCity) C:\Documents and Settings\ATS\Desktop\MCShield-Setup.exe
2014-03-16 14:35 - 2014-03-16 14:35 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-16 14:34 - 2014-03-15 17:02 - 00000000 ____D () C:\AdwCleaner
2014-03-16 14:25 - 2014-03-16 14:32 - 01037734 _____ (Thisisu) C:\Documents and Settings\ATS\Desktop\JRT.exe
2014-03-15 16:43 - 2006-02-06 04:47 - 00000000 ____D () C:\Program Files\Java
2014-03-14 18:42 - 2014-03-14 18:42 - 00000000 ____D () C:\Documents and Settings\ATS\Application Data\Google
2014-03-14 18:42 - 2014-03-08 20:06 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan
2014-03-14 18:37 - 2014-03-14 18:37 - 00000000 ____D () C:\Documents and Settings\ATS\Application Data\Malwarebytes
2014-03-14 18:27 - 2014-03-14 18:27 - 00000000 ____D () C:\Documents and Settings\ATS\Application Data\Apple Computer
2014-03-14 18:21 - 2014-03-14 18:21 - 00005119 _____ () C:\WINDOWS\fwesinst.log
2014-03-14 18:21 - 2014-03-14 18:21 - 00003841 _____ () C:\WINDOWS\FSGKIAIN.log
2014-03-14 18:21 - 2014-03-14 18:21 - 00001651 _____ () C:\WINDOWS\FSLDIN.LOG
2014-03-14 18:21 - 2014-03-14 18:21 - 00001418 _____ () C:\WINDOWS\FSPSUNI.LOG
2014-03-14 18:21 - 2014-03-14 18:21 - 00001256 _____ () C:\WINDOWS\fsdgunst.log
2014-03-14 18:21 - 2014-03-14 18:21 - 00000756 _____ () C:\WINDOWS\daasunin.LOG
2014-03-14 18:21 - 2014-03-14 18:21 - 00000743 _____ () C:\WINDOWS\FSGUIINS.LOG
2014-03-14 18:21 - 2014-03-14 18:21 - 00000689 _____ () C:\WINDOWS\HELPINST.LOG
2014-03-14 18:21 - 2014-03-14 18:21 - 00000659 _____ () C:\WINDOWS\fstnbins.LOG
2014-03-14 18:21 - 2014-03-14 18:20 - 40118393 _____ () C:\WINDOWS\FSISU.log
2014-03-14 18:21 - 2014-03-14 18:20 - 00711487 _____ () C:\WINDOWS\FSDEPH.log
2014-03-14 18:21 - 2014-03-14 18:20 - 00620540 _____ () C:\WINDOWS\FSUNINST.log
2014-03-14 18:21 - 2014-03-14 18:20 - 00071106 _____ () C:\WINDOWS\uninstaller.log
2014-03-14 18:21 - 2014-03-14 18:20 - 00017022 _____ () C:\WINDOWS\FSAUA_UN.LOG
2014-03-14 18:20 - 2014-03-14 18:20 - 00024555 _____ () C:\WINDOWS\fsavunin.log
2014-03-14 18:20 - 2014-03-14 18:20 - 00004837 _____ () C:\WINDOWS\fwinst.log
2014-03-14 18:20 - 2014-03-14 18:20 - 00001612 _____ () C:\WINDOWS\FSASWUNI.LOG
2014-03-14 18:20 - 2014-03-14 18:20 - 00001241 _____ () C:\WINDOWS\FSGEMINST.LOG
2014-03-14 18:20 - 2014-03-14 18:20 - 00000110 _____ () C:\WINDOWS\FSAVES_inst.log
2014-03-14 18:20 - 2011-11-17 14:16 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\f-secure
2014-03-12 18:14 - 2006-01-25 09:16 - 00000278 ___SH () C:\Documents and Settings\MSHELLMAN\ntuser.ini
2014-03-12 17:59 - 2009-05-02 17:26 - 00001396 _____ () C:\WINDOWS\system32\wpa.bak
2014-03-09 19:59 - 2014-03-08 22:04 - 00000000 ____D () C:\Documents and Settings\ATS
2014-03-09 17:59 - 2014-03-27 18:55 - 00409600 _____ (Farbar) C:\Documents and Settings\ATS\Desktop\FSS.exe
2014-03-09 15:11 - 2014-03-09 15:11 - 00047142 _____ () C:\ComboFix.txt
2014-03-09 15:11 - 2014-03-09 14:45 - 00000000 ____D () C:\ComboFix
2014-03-09 15:11 - 2014-03-09 14:44 - 00000000 ____D () C:\Qoobox
2014-03-09 15:11 - 2005-08-11 14:48 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-03-09 15:11 - 2005-08-11 14:48 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-03-09 15:09 - 2014-03-09 14:44 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-09 15:08 - 2002-12-31 04:00 - 00000256 _____ () C:\WINDOWS\system.ini
2014-03-09 14:58 - 2006-01-25 09:16 - 00000000 ____D () C:\Documents and Settings\MSHELLMAN
2014-03-09 14:15 - 2014-03-09 14:15 - 00000000 ____D () C:\_OTL
2014-03-09 13:09 - 2013-05-23 10:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-09 12:40 - 2014-03-09 12:58 - 04745728 _____ (AVAST Software) C:\Documents and Settings\MSHELLMAN\Desktop\aswMBR.exe
2014-03-09 11:52 - 2014-03-09 11:52 - 00000000 ____D () C:\Documents and Settings\ATS\Local Settings\Application Data\Sun
2014-03-09 11:52 - 2014-03-09 11:52 - 00000000 ____D () C:\Documents and Settings\ATS\Application Data\Sun
2014-03-09 11:50 - 2014-03-17 17:47 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\ATS\Desktop\OTL.exe
2014-03-08 22:07 - 2014-03-08 22:07 - 00000000 ____D () C:\Documents and Settings\ATS\Local Settings\Application Data\DYMO
2014-03-08 22:07 - 2014-03-08 22:06 - 00000000 ____D () C:\Documents and Settings\ATS\Application Data\ControlCenter4
2014-03-08 22:06 - 2014-03-08 22:06 - 00091424 _____ () C:\Documents and Settings\ATS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-03-08 22:06 - 2014-03-08 22:06 - 00000000 ____D () C:\Documents and Settings\ATS\Local Settings\Application Data\Scansoft
2014-03-08 22:06 - 2014-03-08 22:05 - 00000742 _____ () C:\Documents and Settings\ATS\Start Menu\Programs\Outlook Express.lnk
2014-03-08 22:05 - 2014-03-08 22:05 - 00000807 _____ () C:\Documents and Settings\ATS\Start Menu\Programs\Internet Explorer.lnk
2014-03-08 22:05 - 2014-03-08 22:05 - 00000643 _____ () C:\WINDOWS\wmsetup.log
2014-03-08 22:05 - 2014-03-08 22:05 - 00000000 ____D () C:\Documents and Settings\ATS\Local Settings\Application Data\Google
2014-03-08 22:05 - 2014-03-08 22:04 - 00000792 _____ () C:\Documents and Settings\ATS\Start Menu\Programs\Windows Media Player.lnk
2014-03-08 22:05 - 2014-03-08 22:04 - 00000000 ___RD () C:\Documents and Settings\ATS\Start Menu\Programs\Accessories
2014-03-08 21:57 - 2014-03-08 21:57 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\D-Link
2014-03-08 21:57 - 2014-03-08 21:53 - 00000000 ____D () C:\Program Files\ANI
2014-03-08 21:57 - 2005-08-12 18:06 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-03-08 20:17 - 2014-03-08 20:17 - 00007704 _____ () C:\WINDOWS\FaxSetup.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00006638 _____ () C:\WINDOWS\iis6.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00005524 _____ () C:\WINDOWS\ocgen.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00004591 _____ () C:\WINDOWS\tsoc.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00002504 _____ () C:\WINDOWS\comsetup.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00001891 _____ () C:\WINDOWS\imsins.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00001864 _____ () C:\WINDOWS\msmqinst.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00001810 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00001592 _____ () C:\WINDOWS\netfxocm.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00000719 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00000425 _____ () C:\WINDOWS\ocmsn.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00000382 _____ () C:\WINDOWS\msgsocm.log
2014-03-08 20:17 - 2014-03-08 20:17 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-03-08 16:35 - 2014-03-08 16:35 - 00000000 ____D () C:\WINDOWS\CSC
2014-03-08 15:15 - 2014-03-08 15:14 - 00000010 _____ () C:\WINDOWS\system32\ANIWZCSUSERNAME{1A6D1134-4375-4F27-940C-EA1537083911}
2014-03-08 15:14 - 2005-08-12 18:07 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-08 15:12 - 2014-03-08 15:12 - 00001471 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Wireless Connection Manager.lnk
2014-03-08 15:12 - 2014-03-08 15:12 - 00000000 ____D () C:\Program Files\D-Link
2014-03-08 13:59 - 2014-03-08 13:59 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-03-07 18:13 - 2013-10-09 19:31 - 00457920 _____ () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-03-07 17:23 - 2006-01-25 09:54 - 00002495 _____ () C:\Documents and Settings\MSHELLMAN\Desktop\Microsoft Office Excel 2003.lnk
2014-03-07 16:02 - 2013-11-22 15:23 - 00000000 ____D () C:\Documents and Settings\MSHELLMAN\Desktop\DOCS
2014-03-06 16:20 - 2014-03-05 12:04 - 00035840 _____ () C:\Documents and Settings\MSHELLMAN\My Documents\FEBRUARY 2014 EXPENDITURES REPORT.xls
2014-03-06 14:30 - 2013-03-28 14:03 - 00000000 ____D () C:\Documents and Settings\MSHELLMAN\Desktop\Word Docs
2014-03-05 21:20 - 2014-03-05 12:03 - 00030720 _____ () C:\Documents and Settings\MSHELLMAN\My Documents\FEBRUARY 2014 DISBURSEMENT REPORT.xls
2014-03-05 14:35 - 2007-12-05 18:41 - 00000000 ____D () C:\HRX
2014-03-05 13:59 - 2006-01-25 09:54 - 00002497 _____ () C:\Documents and Settings\MSHELLMAN\Desktop\Microsoft Office Word 2003.lnk
2014-03-04 20:10 - 2014-03-04 20:06 - 00224256 _____ () C:\Documents and Settings\MSHELLMAN\My Documents\BIWEEKLY TIME SHEETS PAY  02212014  02282014  03072014.xls
2014-03-04 12:20 - 2014-03-04 12:20 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-03-03 13:11 - 2013-11-14 11:05 - 01523712 _____ () C:\WINDOWS\system32\config\default.iobit
2014-03-03 13:11 - 2013-11-14 11:05 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.iobit
2014-03-03 13:11 - 2013-11-14 11:04 - 41840640 _____ () C:\WINDOWS\system32\config\software.iobit
2014-03-03 13:11 - 2013-11-14 11:04 - 00065536 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2014-03-03 13:11 - 2006-01-24 15:27 - 00000000 __SHD () C:\Documents and Settings\NetworkService.NT AUTHORITY
2014-03-03 13:11 - 2006-01-24 15:27 - 00000000 __SHD () C:\Documents and Settings\LocalService.NT AUTHORITY
2014-03-03 12:51 - 2009-07-01 17:52 - 00000065 _____ () C:\WINDOWS\system32\bd7440n.dat
2014-03-03 12:47 - 2006-01-25 09:05 - 00000463 _____ () C:\WINDOWS\brwmark.ini

Some content of TEMP:
====================
C:\Documents and Settings\ATS\Local Settings\temp\ntdll_dump.dll
C:\Documents and Settings\ATS\Local Settings\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


  • 0

Advertisements


#32
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,411 posts

Hi Jlurie,

 

I have a new fix for you that need to be run in Safe Mode like you did before. <--- Important!

 

Again please delete the other fixlist.txt from the Desktop to avoid confusion.

 

 

Farbar Recovery Scan Tool Fix

!!! WARNING !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...

  • Attached File  fixlist.txt   463bytes   85 downloads
  • Download the file above and save it to the Desktop as fixlist.txt
    (It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work!)
  • Execute FRST by double clicking on the icon FRST.gif. Make sure all the other programs are close.
    FRST_Fix.png
  • Press the Fix button just once and Wait. After the fix the system needs to restart if the tool does not request it please Restart the computer.
  • The tool will make a log (Fixlog.txt) on the same location as FRST/FRST64 please post it in your next reply.

 

 

Things I would like to see in your next reply:

  • The Fixlog.txt log
  • Let me know if you can now connect to the internet?

  • 0

#33
jlurie

jlurie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

Hi SleepyDude,

 

 I can see the lights on the little computers logo blink, however when I try to open a explorer ot firefox, it opens then it shuts down very quickly . The results of the fixlog are below:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by ATS at 2014-04-01 19:10:48 Run:12
Running from C:\Documents and Settings\ATS\Desktop
Boot Mode: Safe Mode (minimal)

==============================================

Content of fixlist:
*****************
R1 pcwatch; C:\WINDOWS\system32\Drivers\pcwatch.sys [19840 2014-01-07] ()
S3 PCProtect; C:\Program Files\Web Protect\PCProtect.exe [X]
C:\Program Files\Web Protect
C:\WINDOWS\system32\Drivers\pcwatch.sys
Winsock: Catalog9 01 C:\WINDOWS\system32\PCProtect.dll File Not found ()
Winsock: Catalog9 02 C:\WINDOWS\system32\PCProtect.dll File Not found ()
Winsock: Catalog9 16 C:\WINDOWS\system32\PCProtect.dll File Not found ()
cmd: netsh winsock reset
Reboot:
*****************

pcwatch => Service deleted successfully.
PCProtect => Service deleted successfully.
"C:\Program Files\Web Protect" => File/Directory not found.
C:\WINDOWS\system32\Drivers\pcwatch.sys => Moved successfully.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 => Key deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 => Key deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 => Key deleted successfully.

=========  netsh winsock reset =========

Initialization Function InitHelperDll in IPMONTR.DLL failed to start with error code 10107

Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog ====


  • 0

#34
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,411 posts
Hi,
 
We are making progress, time to work on the internet problem...
 
Please visit the Microsoft page here on the middle of the page you will find a image like this LxVp4gySm3sQEdWyp9N0Fxbe2.png
click on it to download MicrosoftFixit50203.msi, run the file and follow the instructions.
 
Restart the computer if not requested by the tool and let me know if you can access the internet.
  • 0

#35
jlurie

jlurie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

Hi SleepyDude,

 

The MicrosoftFixit50203.msi, file would not run, but I was able to install malwarebytes and CC Cleaner. I can get on the internet.  I am now on the infected computer after installing firefox. After the malwarebytes ran and found some infections it still did not install on the computer. No repair programs seem to install.


  • 0

#36
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,411 posts

Hi SleepyDude,
 
The MicrosoftFixit50203.msi, file would not run, but I was able to install malwarebytes and CC Cleaner. I can get on the internet.  I am now on the infected computer after installing firefox. After the malwarebytes ran and found some infections it still did not install on the computer. No repair programs seem to install.

Hi,

You have now access to the internet on the infected computer?

 

Please avoid installing new software until we finish the cleaning process, because the changes will make my work difficult.

 

Can you post the malwarebytes log?

  • open Malwarebytes once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

  • 0

#37
jlurie

jlurie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

Hi SleepyDude, The log is listed below:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/2/2014
Scan Time: 8:54:09 PM
Logfile: malwarebytes log.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.04.02.10
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: ATS

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 425035
Time Elapsed: 55 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
Backdoor.Bot, HKU\S-1-5-21-1060284298-776561741-725345543-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\{19127AD2-394B-70F5-C650-B97867BAA1F7}, Quarantined, [eca611143546e452aeb8e3455aa87e82],
Backdoor.Bot, HKU\S-1-5-21-1060284298-776561741-725345543-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}, Quarantined, [31614bda5e1df4421c6444e462a0cf31],
Backdoor.Bot, HKU\S-1-5-21-1060284298-776561741-725345543-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\{494E6CEC-7483-A4EE-0938-895519A84BC7}, Quarantined, [4f435dc8afcc5adc0a8237f1e02220e0],
PUP.Optional.Conduit.A, HKU\S-1-5-21-1060284298-776561741-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ConduitSearchScopes, Quarantined, [5141160fc5b68ea88e9c0583c83b768a],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1060284298-776561741-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PriceGong, Quarantined, [cbc7ad78720959ddc18e2e4052b032ce],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.Conduit.A, C:\Documents and Settings\MSHELLMAN\Application Data\Mozilla\Firefox\Profiles\0n3sz15j.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://search.condui...961ECB782&SSPV=");), Replaced,[6b27988d95e65bdba782b08c0df7847c]
PUP.Optional.Conduit.A, C:\Documents and Settings\MSHELLMAN\Application Data\Mozilla\Firefox\Profiles\0n3sz15j.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://search.condui...0E-556961ECB782");), Replaced,[b8da90958cef4fe7f46f9ba1877d6e92]

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#38
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,411 posts

Hi,

 

Let's run a Virus scan to make sure everything is gone... Any other problem?

 

 

Step 1 - Scan with ESET On-line Scanner

Download Eset On-line Scanner, run the tool and follow the prompts to install the program.
ESET_Scan.png

  • UNCHECK the box's Remove found threats and Scan Archives.
  • Click on Advanced Settings, an check the options:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Disable your AntiVirus and AntiSpyware applications to speedup the scan
    (If you have difficulty properly disabling your security programs, refer to this link)
  • Click Start and then wait for the scan to finish (it will take some time).
    The virus signature database will begin to download and the Scan will start automatically. Be patient this make take some time depending on the speed of your Internet Connection.
  • Once the scan is completed, close the program
  • Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste the log contents to your reply
  • Enable your AntiVirus and AntiSpyware applications

Step 2 - Security Check

Download Security Check by screen317 from here or here.

  • Save it to the Desktop.
  • Double click the icon SecurityCheckIcon2.png to execute the program.
    SecurityCheck.png
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the full contents of that document.

Things I would like to see in your next reply:

  • The ESET log
  • The checkup.txt log

  • 0

#39
jlurie

jlurie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

Hi SleepyDude, here are the log results. There are 59 file infections. I would like to deleate them.

 

 

Below is the log for secuity check:

 

 

Results of screen317's Security Check version 0.99.81  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner     
 Java 7 Update 25  
 Java version out of Date!
 Adobe Flash Player     12.0.0.77  
 Adobe Reader 9 Adobe Reader out of Date!
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (28.0)
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.107  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 ESET ESET Online Scanner OnlineScannerApp.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````

 

The ESET Log is below:
 

 

[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=862469f0ee5d36449321d700658c1d86
# engine=17763
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-04-05 02:15:24
# local_time=2014-04-04 07:15:24 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=102423
# found=59
# cleaned=0
# scan_time=2570
sh=40377F6C766231BF1FB27546D8CAAF9AF6EE2532 ft=1 fh=06a10777b0bc0ad1 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit\ASCDownloader\ASCSetup.exe"
sh=C133DB147FA578119F34B675D45B477E110761B2 ft=1 fh=9272027fde077ca7 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Documents and Settings\ATS\Desktop\040214\ccsetup412.exe"
sh=34FF8E2D281CBFECE71100A04C0FF4436818382E ft=1 fh=7b66b1ed06cb1b80 vn="a variant of Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\hk64tbPro2.dll"
sh=AE7B8F3BB6E040CE20B02DE558471FAA4C58386E ft=1 fh=6a41a8d0046fd7b4 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\hktbPro2.dll"
sh=C2C7BD3BD6C75D5DBCCA298C785C208AB6C73CF0 ft=1 fh=154117e7567d41ef vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\ldrtbPro0.dll"
sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\ldrtbPro2.dll"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\ldrtbProd.dll"
sh=5C684D51F07A183EEA13D66F5C7E9630C48D93B5 ft=1 fh=53be76e80c29ad73 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\tbPro0.dll"
sh=BEF49F698BB05F075CAD2314D1E6707CF5582727 ft=1 fh=a14839057f424abd vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\tbPro1.dll"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\tbPro2.dll"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\tbProd.dll"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll"
sh=030BD937D18EEA801F54C23DE6C16AB84C5DF3CC ft=1 fh=d2b7944ce9f79129 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Documents and Settings\MSHELLMAN\My Documents\downloads\asc-setup.exe"
sh=32917C745226CD6BB193A47730731806FF25D962 ft=1 fh=b88b95c4e8ddbfa2 vn="Win32/Toolbar.Montiera.I potentially unwanted application" ac=I fn="C:\Documents and Settings\MSHELLMAN\My Documents\downloads\DLLOpener.exe"
sh=688C5FFB7B82EB993E8AB53C00A7A9502D029183 ft=1 fh=f030d04dad190076 vn="multiple threats" ac=I fn="C:\Documents and Settings\MSHELLMAN\My Documents\downloads\Installer_Regwork.exe"
sh=3384310DF78E9E59105F27CF75FAFB0699266F0E ft=1 fh=89e4e511e189e48a vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1021\A0192361.rbf"
sh=DBCB7C654B5B388BC0E7BF7DCDED74C1D6503B2F ft=1 fh=015e8d6ddc85a6f6 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1021\A0192363.rbf"
sh=BECA053987A95F9E8C8FBE7D90A9861009A8AEC6 ft=1 fh=b7372605487491c9 vn="Win32/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1021\A0192364.rbf"
sh=A877A4C2A390E739A92485DE3E6F828C200CD461 ft=1 fh=77420ee15bd0a4a8 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1021\A0192365.rbf"
sh=8B92981239697BA7F3A1E7CF60305D5A3571F56F ft=1 fh=104c5d383a430366 vn="a variant of Win64/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1021\A0192376.rbf"
sh=D32D55A13DD56DCCC1AA8754710361A5DB0129D4 ft=1 fh=09e85a34ebc583bf vn="Win64/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1021\A0192377.rbf"
sh=EEEBBBAE9C5D474A21E82DEFD93AA19560D2A10B ft=1 fh=fd4872c44b6c5488 vn="Win32/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1021\A0192378.rbf"
sh=D62DA2F8763F8E4B308001E579A0F4FC9B3423F0 ft=1 fh=89e5c8ce03a0f8ce vn="Win64/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1021\A0192379.rbf"
sh=68F26AA902CC953FC8834BDAD0A44A443992D5D4 ft=1 fh=b9400f9f240f82be vn="Win32/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1022\A0192436.rbf"
sh=7C5AB9F60143CB277AA423E3C55787D636328F29 ft=1 fh=c2682fc7988677f1 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1040\A0197131.rbf"
sh=6A142BC7EDC6905E82F7B562B9B5A8046F6F0823 ft=1 fh=08a890fb375ec1e2 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1040\A0197133.rbf"
sh=42FBB24E1E13B71D4B0EDF2125F435AA2A0DB9A9 ft=1 fh=ffff39885102c9c6 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1040\A0197135.rbf"
sh=01601864D15B1DE13891E105953DCC4FA93AC66F ft=1 fh=45c0a29ac4ab99ad vn="a variant of Win64/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1040\A0197146.rbf"
sh=1C073FD34FD597F677E31DF8831A89F1EA0A484F ft=1 fh=c839902e211d412e vn="Win64/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1040\A0197147.rbf"
sh=EB0FFBD00CE81473580960CB631E8BCB0DF25363 ft=1 fh=4f99459f14a5e2d4 vn="Win32/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1040\A0197148.rbf"
sh=FC0CDDA8AF673C578BA719E5D1C81CBAFD147A33 ft=1 fh=f9f72427b4f06205 vn="Win64/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1040\A0197149.rbf"
sh=67F216543767669CA8C00616A3DFE44316AA858A ft=1 fh=3b5e5715eacafafa vn="Win32/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1041\A0197197.rbf"
sh=E21B3507208808596F7FD41C5D637DFE2E8F2FB9 ft=1 fh=5d027b3a7f09e7d3 vn="Win32/Wajam.D potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1043\A0197495.exe"
sh=6270B1B9CDFC8C8155EAA6CA89F74BCCFF16E4A1 ft=1 fh=1f1ae8bf1242efa2 vn="Win32/Toolbar.Conduit.F potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1063\A0211199.exe"
sh=AE7B8F3BB6E040CE20B02DE558471FAA4C58386E ft=1 fh=6a41a8d0046fd7b4 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1063\A0211200.dll"
sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1063\A0211201.dll"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1063\A0211202.dll"
sh=34FF8E2D281CBFECE71100A04C0FF4436818382E ft=1 fh=7b66b1ed06cb1b80 vn="a variant of Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1063\A0211204.dll"
sh=AE7B8F3BB6E040CE20B02DE558471FAA4C58386E ft=1 fh=6a41a8d0046fd7b4 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1063\A0211205.dll"
sh=C2C7BD3BD6C75D5DBCCA298C785C208AB6C73CF0 ft=1 fh=154117e7567d41ef vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1063\A0211206.dll"
sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1063\A0211207.dll"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1063\A0211208.dll"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1063\A0211210.exe"
sh=2647A8D25068D715D97EE42DCB86CF9AA55946BC ft=1 fh=5fd80ae6b91e806a vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1063\A0211212.dll"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1063\A0211213.dll"
sh=5C684D51F07A183EEA13D66F5C7E9630C48D93B5 ft=1 fh=53be76e80c29ad73 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1063\A0211214.dll"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1063\A0211215.dll"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\System Volume Information\_restore{25B96AE9-E5D1-44A3-89F0-AB03C11D53E0}\RP1063\A0211216.dll"
sh=9FFE733FFA9E48BDE9F2D399822DA9FE5284CF55 ft=1 fh=6e56d9f8aef3b200 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\WINDOWS\Installer\MSIAB.tmp"
sh=D261D10310E7B42CABACAE6BE321076F816B8AC1 ft=1 fh=977d0f3c25f310e9 vn="a variant of Win32/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03152014_164200\C_Program Files\Application Updater\ApplicationUpdater.exe"
sh=F3EB746BEAF6C74349CAA63D65B65CF07E8D8C6B ft=1 fh=b0d05809a6a6b7f7 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03152014_164200\C_Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
sh=FB0A682394AA1B439C5C5272051B00F986FDFEED ft=1 fh=5f3eddd28700c467 vn="a variant of Win64/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03152014_164200\C_Program Files\Common Files\Spigot\Search Settings\SearchSettings64.exe"
sh=3167139758B6EC9C3D9818B043F65A7802407CF3 ft=1 fh=fff8c99c5a5c635d vn="a variant of Win32/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03152014_164200\C_Program Files\Common Files\Spigot\Search Settings\wth178.dll"
sh=673A1FF9A35DD5C4DA397DB09E69629E770C9AB4 ft=1 fh=e64cad523ad8ad04 vn="a variant of Win64/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03152014_164200\C_Program Files\Common Files\Spigot\Search Settings\wthx178.dll"
sh=5789A7E8DF0F046AD787D20E60937C26DE2823B5 ft=1 fh=e0b21b139133d8fa vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03152014_164200\C_Program Files\IObit\Advanced SystemCare 5\asc6_setup_v5tov6-0306.exe"
sh=66AD38356276A82B243291DA69C13821D297E5E0 ft=1 fh=834d59cc4b3df5fa vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03152014_164200\C_Program Files\IObit\Advanced SystemCare 6\Toolbar\iobitappsToolbar-stub-1.exe"
sh=293314821DB1BA3423ED02A3D270A671BEE16DB6 ft=1 fh=f93f69d96e1cae41 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03152014_164200\C_Program Files\IObit Apps Toolbar\FF\components\iobitappsToolbarFF.dll"
sh=9C39D5026EFED18903486EB1C760819CB6A481E4 ft=1 fh=5e03fc5c1f09ea13 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03152014_164200\C_Program Files\IObit Apps Toolbar\IE\8.8\iobitappsToolbarIE.dll"
sh=078C3E9CC1743D3AC825B4C3E6FB11A9A3D62D46 ft=1 fh=fa60967ba4bc1bf2 vn="a variant of Win64/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\03152014_164200\C_Program Files\IObit Apps Toolbar\IE\8.8\iobitappsToolbarIE64.dll"
 


  • 0

#40
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,411 posts

...


Edited by SleepyDude, 06 April 2014 - 05:04 AM.
Wrong links...

  • 0

Advertisements


#41
jlurie

jlurie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

Hi SleepyDude, the links that you are giving me are asking for a user name and password. When I try to install or uninstall I get the message that the windows installer cannot be acessed and I may be running in Safe mode. The log is listed below:

 

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: All Users.WINDOWS
 
User: ATS
->Temp folder emptied: 101827603 bytes
->Temporary Internet Files folder emptied: 141906 bytes
->FireFox cache emptied: 31337511 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 634 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: j.paguio
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: MSHELLMAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: test
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4127 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 

Total Files Cleaned = 127.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04052014_170813

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 


Edited by jlurie, 05 April 2014 - 07:08 PM.

  • 0

#42
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,411 posts

Hi,

 

Hi SleepyDude, the links that you are giving me are asking for a user name and password. When I try to install or uninstall I get the message that the windows installer cannot be acessed and I may be running in Safe mode. The log is listed below:

 

Sorry about that, due to the forum changes I was playing with another Editor and didn't realize it changed all my links! I'm adding another tool to check about the Windows installer problem.

 

Now the corrected post and Fix...

 

Step 1 - Run OTL Fix

!!! WARNING !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...
 

  • Double click on the OTL icon OTL.gif to execute the tool. Make sure all other windows are closed.
    Do not change any other settings unless otherwise told to do so.
  • Under the CustomScanBox.png box at the bottom, paste in the following:
    :Commands
    [CreateRestorePoint]
    
    :OTL
    
    :Files
    C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit\ASCDownloader\ASCSetup.exe
    C:\Documents and Settings\ATS\Desktop\040214\ccsetup412.exe
    C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms
    C:\Documents and Settings\MSHELLMAN\My Documents\downloads\asc-setup.exe
    C:\Documents and Settings\MSHELLMAN\My Documents\downloads\DLLOpener.exe
    C:\Documents and Settings\MSHELLMAN\My Documents\downloads\Installer_Regwork.exe
    C:\WINDOWS\Installer\MSIAB.tmp
    
    :Commands
    [EmptyTemp]
    
    
  • click the RunFixButton.png button at the top. Let the program run uninterrupted.
  • click OK

Notes:

  • When OTL executes the Fix it can shutdown all running processes and you may lose the Desktop and icons, but they will return on reboot
  • OTL may ask to reboot the machine. Please accept right away.
  • The report should appear in Notepad after the reboot. Copy & Paste that report in your next reply and not as attachment.
  • The OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - where mmddyyy _hhmmss is the date and time when the fix run.


Step 2 - Update Programs

From the Security Check log there are some critical programs that you need to update:

» Update Java
Your version of Java Runtime is outdated! In light of the recent events surrounding Java that is constantly target by malware, users must seriously consider their use of Java.
Do you really need it? If yes, go to the Java download page and click from the link Windows Offline this file will not include any unneeded extras like the ASK Toolbar. When java is installed its extremely important to update immediately when you get a notification pop-up from the Java Updater.

For safety you can have Java installed but disabled in your browsers and only enable it when you need it. You can Enable/Disable Java by executing the following steps:

Click the Start> Settings > Control Panel > Java, click the Security tab and uncheck the box Enable Java content in the browser and click OK
javapanel.jpeg

» Update Adobe Reader
The Adobe Reader you have is outdated! and vulnerable to security exploits. The version presently installed it's very old, you need to remove Adobe Reader 9 and Adobe Reader 10.1.9. Please open Start > Control Panel > then Add or Remove Programs, locate those programs on the list and click the Remove button. Next download and install the most recent version by visiting the Adobe Reader page, make sure you uncheck the box offering any extra programs like the McAfee Security Scan Plus.


Step 3 - Minitoolbox

  • Download MiniToolBox and save the file to the Desktop.
    MiniToolBox.png
  • Check the following options:
    • List last 10 Event Viewer log
    • List Devices: Only Problems
  • Click on Go.
  • Post the resulting log in your next reply.

Things I would like to see in your next reply:

  • The OTL Fix log
  • The MiniToolBox log Result.txt

  • 0

#43
jlurie

jlurie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

Hi SleepyDude,

 

When I try to install or uninstall for instance Java, I get the message that the windows installer cannot be acessed and I may be running in Safe mode. I am not running in safe mode. Something is stopping me for doing these tasks.

 

I would like to thank you again for taking the time to help me, I really do appreciate this.The logs are listed below:

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
========== FILES ==========
C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit\ASCDownloader\ASCSetup.exe moved successfully.
C:\Documents and Settings\ATS\Desktop\040214\ccsetup412.exe moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\UserDefinedItems folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\SearchInNewTab folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Repository\conduit_CT3209602_en\ToolbarTranslation folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Repository\conduit_CT3209602_en folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Repository\conduit_CT3209602_CT3209602\ToolbarTranslation folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Repository\conduit_CT3209602_CT3209602\ToolbarSettings folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Repository\conduit_CT3209602_CT3209602\ToolbarLogin folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Repository\conduit_CT3209602_CT3209602\ToolbarHiddenSettings folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Repository\conduit_CT3209602_CT3209602\ToolbarHiddenLogin folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Repository\conduit_CT3209602_CT3209602\DynamicDialogs folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Repository\conduit_CT3209602_CT3209602\AppsMetaData folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Repository\conduit_CT3209602_CT3209602 folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Repository folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\RadioPlayer folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3 folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B} folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\plugins folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\MyStuffApps folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Logs folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\ExternalComponent folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\EmailNotifier folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Dialogs\UntrustedAppPendingDialog folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Dialogs\UntrustedAppApprovalDialog folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Dialogs\UntrustedAddedAppDialog folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Dialogs\UninstallDialog folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Dialogs\ToolbarUntrustedAppsApprovalDialog folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Dialogs\ToolbarFirstTimeDialog\images folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Dialogs\ToolbarFirstTimeDialog folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Dialogs\SearchProtectorRetakeoverDialog\Images folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Dialogs\SearchProtectorRetakeoverDialog folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Dialogs\SearchProtectorDialog\Images folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Dialogs\SearchProtectorDialog folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Dialogs\SearchProtectorBubbleDialog\images folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Dialogs\SearchProtectorBubbleDialog folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Dialogs\NewSearchProtectorDialog\images folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Dialogs\NewSearchProtectorDialog folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Dialogs\EngineFirstTimeDialog folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Dialogs\DetectedAppDialog folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Dialogs\DefualtImages folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Dialogs\AddedAppDialog folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\Dialogs folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms\CacheIcons folder moved successfully.
C:\Documents and Settings\MSHELLMAN\Local Settings\Application Data\Produtools_Forms folder moved successfully.
C:\Documents and Settings\MSHELLMAN\My Documents\downloads\asc-setup.exe moved successfully.
C:\Documents and Settings\MSHELLMAN\My Documents\downloads\DLLOpener.exe moved successfully.
C:\Documents and Settings\MSHELLMAN\My Documents\downloads\Installer_Regwork.exe moved successfully.
C:\WINDOWS\Installer\MSIAB.tmp moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: All Users.WINDOWS
 
User: ATS
->Temp folder emptied: 1762087 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 20250810 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: j.paguio
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: MSHELLMAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: test
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3797 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 884504 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 22.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04062014_103706

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by ATS (administrator) on 06-04-2014 at 10:45:33
Running from "C:\Documents and Settings\ATS\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/06/2014 09:36:28 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/04/06 09:36:28.812]: [00001624]: GetDeviceIpAddress: GetAddressByName [BRN001BA9BE51AC] Error

Error: (04/06/2014 09:36:00 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/04/06 09:36:00.218]: [00001624]: GetDeviceIpAddress: GetAddressByName [BRN001BA9429376] Error

Error: (04/06/2014 09:35:54 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/04/06 09:35:54.312]: [00001624]: GetDeviceIpAddress: GetAddressByName [BRN001BA9BE51AC] Error

Error: (04/03/2014 05:36:38 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/04/03 17:36:38.093]: [00001768]: GetDeviceIpAddress: GetAddressByName [BRN001BA9429376] Error

Error: (04/02/2014 07:40:08 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/04/02 19:40:08.343]: [00001172]: GetDeviceIpAddress: GetAddressByName [BRN001BA9BE51AC] Error

Error: (04/02/2014 07:39:33 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/04/02 19:39:33.875]: [00001172]: GetDeviceIpAddress: GetAddressByName [BRN001BA9429376] Error

Error: (04/02/2014 07:39:23 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/04/02 19:39:23.843]: [00001172]: GetDeviceIpAddress: GetAddressByName [BRN001BA9BE51AC] Error

Error: (04/02/2014 07:38:59 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/04/02 19:38:59.375]: [00001172]: GetDeviceIpAddress: GetAddressByName [BRN001BA9429376] Error

Error: (04/02/2014 07:38:49 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/04/02 19:38:49.343]: [00001172]: GetDeviceIpAddress: GetAddressByName [BRN001BA9BE51AC] Error

Error: (04/02/2014 07:38:24 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/04/02 19:38:24.875]: [00001172]: GetDeviceIpAddress: GetAddressByName [BRN001BA9429376] Error


System errors:
=============
Error: (04/06/2014 10:39:41 AM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/06/2014 10:39:08 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (04/06/2014 10:37:12 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/06/2014 10:37:08 AM) (Source: Service Control Manager) (User: )
Description: The QBCFMonitorService service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/06/2014 10:37:08 AM) (Source: Service Control Manager) (User: )
Description: The IDriveE Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/06/2014 10:37:07 AM) (Source: Service Control Manager) (User: )
Description: The BrSplService service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/06/2014 10:37:07 AM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service 7 service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/06/2014 03:00:51 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2932677).

Error: (04/05/2014 05:10:57 PM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/05/2014 05:10:53 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.


Microsoft Office Sessions:
=========================
Error: (04/06/2014 09:36:28 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/04/06 09:36:28.812]: [00001624]: GetDeviceIpAddress: GetAddressByName [BRN001BA9BE51AC] Error

Error: (04/06/2014 09:36:00 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/04/06 09:36:00.218]: [00001624]: GetDeviceIpAddress: GetAddressByName [BRN001BA9429376] Error

Error: (04/06/2014 09:35:54 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/04/06 09:35:54.312]: [00001624]: GetDeviceIpAddress: GetAddressByName [BRN001BA9BE51AC] Error

Error: (04/03/2014 05:36:38 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/04/03 17:36:38.093]: [00001768]: GetDeviceIpAddress: GetAddressByName [BRN001BA9429376] Error

Error: (04/02/2014 07:40:08 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/04/02 19:40:08.343]: [00001172]: GetDeviceIpAddress: GetAddressByName [BRN001BA9BE51AC] Error

Error: (04/02/2014 07:39:33 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/04/02 19:39:33.875]: [00001172]: GetDeviceIpAddress: GetAddressByName [BRN001BA9429376] Error

Error: (04/02/2014 07:39:23 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/04/02 19:39:23.843]: [00001172]: GetDeviceIpAddress: GetAddressByName [BRN001BA9BE51AC] Error

Error: (04/02/2014 07:38:59 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/04/02 19:38:59.375]: [00001172]: GetDeviceIpAddress: GetAddressByName [BRN001BA9429376] Error

Error: (04/02/2014 07:38:49 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/04/02 19:38:49.343]: [00001172]: GetDeviceIpAddress: GetAddressByName [BRN001BA9BE51AC] Error

Error: (04/02/2014 07:38:24 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/04/02 19:38:24.875]: [00001172]: GetDeviceIpAddress: GetAddressByName [BRN001BA9429376] Error


========================= Devices: ================================

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


**** End of log ****
 

 


  • 0

#44
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,411 posts

Hi SleepyDude,

 

When I try to install or uninstall for instance Java, I get the message that the windows installer cannot be acessed and I may be running in Safe mode. I am not running in safe mode. Something is stopping me for doing these tasks.

 

I would like to thank you again for taking the time to help me, I really do appreciate this.The logs are listed below:

 

You are welcome. I need you to run MinitoolBox again using a different set of options, and run two other tools...

 

Step 1 - Minitoolbox

  • Run MiniToolBox again.
    MiniToolBox.png
  • Check the following options:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Devices: Only Problems
  • Click on Go.
  • Post the resulting log in your next reply.


Step 2 - Farbar Service Scanner

Download Farbar Service Scanner (FSS)

  • Run FSS by double clicking the FSS.gif icon
    (On Windows Vista or higher right click the file and select Run as Administrator)
    FSS_Scan.png
  • Check all the options
  • click Scan
  • Post the generated log on your reply (The FSS.txt log is saved to the same folder where FSS is run from).


Step 3 - Tweaking.com - Windows Repair

Download Windows Repair (All-in-One) Portable (use the Direct Download button)

  • extract the tweaking.com_windows_repair_aio.zip to c:\Windows\TEMP the zip will extract to a folder called Tweaking.com - Windows Repair
  • execute the file Repair_Windows.exe from the Tweaking.com - Windows Repair folder
  • click on the tab Start Repairs, next click the Start button to access the following screen
    WindowsRepair.png
  • accept the prompt to create the Backup
  • click the Start button again
  • click the button Unselect All
  • check the following box's:
    • 20 - Repair MSI (Windows Installer)
  • check the box Restart/Shutdown System When Finished > Restart System
  • click the Start button


Things I would like to see in your next reply:

  • The new MiniToolBox log Result.txt
  • The FSS.txt log
  • After the fix let me know if you can uninstall the programs

  • 0

#45
jlurie

jlurie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

Hi SleepyDude,

 

I am now able to install and uninstall. I updated adobe reader and I uninstalled Java and then reinstalled to the current version. When running the windows fix it all in one there were many other fixes it wanted to do, but I only did fix 20. Any programs like malwarebytes, or Java when you go to the program from the Start button and you browse to the right to see the folder it says empty. can we fix this yet?

 

The results of the logs are below:

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by ATS (administrator) on 06-04-2014 at 17:46:44
Running from "C:\Documents and Settings\ATS\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Atheros L2 Fast Ethernet 10/100 Base-T Controller = Local Area Connection 7 (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 7"

set address name="Local Area Connection 7" source=dhcp
set dns name="Local Area Connection 7" source=dhcp register=PRIMARY
set wins name="Local Area Connection 7" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : PWIcp005

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : oc.cox.net



Ethernet adapter Local Area Connection 7:



        Connection-specific DNS Suffix  . : oc.cox.net

        Description . . . . . . . . . . . : Atheros L2 Fast Ethernet 10/100 Base-T Controller

        Physical Address. . . . . . . . . : 00-1F-C6-A0-58-07

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.5.101

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.5.1

        DHCP Server . . . . . . . . . . . : 192.168.5.1

        DNS Servers . . . . . . . . . . . : 192.168.5.1

        Lease Obtained. . . . . . . . . . : Sunday, April 06, 2014 10:38:20 AM

        Lease Expires . . . . . . . . . . : Sunday, April 13, 2014 10:38:20 AM

DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.5.1

DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Addresses:  173.194.46.2, 173.194.46.3, 173.194.46.4, 173.194.46.5
      173.194.46.6, 173.194.46.7, 173.194.46.8, 173.194.46.9, 173.194.46.14
      173.194.46.0, 173.194.46.1



Pinging google.com [173.194.46.1] with 32 bytes of data:



Reply from 173.194.46.1: bytes=32 time=51ms TTL=50

Reply from 173.194.46.1: bytes=32 time=45ms TTL=50



Ping statistics for 173.194.46.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 45ms, Maximum = 51ms, Average = 48ms

DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.5.1

DNS request timed out.
    timeout was 2 seconds.
Name:    yahoo.com
Addresses:  206.190.36.45, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=102ms TTL=52

Reply from 98.139.183.24: bytes=32 time=95ms TTL=52



Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 95ms, Maximum = 102ms, Average = 98ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1f c6 a0 58 07 ...... Atheros L2 Fast Ethernet 10/100 Base-T Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.5.1   192.168.5.101      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.5.0    255.255.255.0    192.168.5.101   192.168.5.101      20
    192.168.5.101  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.5.255  255.255.255.255    192.168.5.101   192.168.5.101      20
        224.0.0.0        240.0.0.0    192.168.5.101   192.168.5.101      20
  255.255.255.255  255.255.255.255    192.168.5.101   192.168.5.101      1
Default Gateway:       192.168.5.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 27 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/06/2014 09:36:28 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/04/06 09:36:28.812]: [00001624]: GetDeviceIpAddress: GetAddressByName [BRN001BA9BE51AC] Error

Error: (04/06/2014 09:36:00 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/04/06 09:36:00.218]: [00001624]: GetDeviceIpAddress: GetAddressByName [BRN001BA9429376] Error

Error: (04/06/2014 09:35:54 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/04/06 09:35:54.312]: [00001624]: GetDeviceIpAddress: GetAddressByName [BRN001BA9BE51AC] Error

Error: (04/03/2014 05:36:38 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/04/03 17:36:38.093]: [00001768]: GetDeviceIpAddress: GetAddressByName [BRN001BA9429376] Error

Error: (04/02/2014 07:40:08 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/04/02 19:40:08.343]: [00001172]: GetDeviceIpAddress: GetAddressByName [BRN001BA9BE51AC] Error

Error: (04/02/2014 07:39:33 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/04/02 19:39:33.875]: [00001172]: GetDeviceIpAddress: GetAddressByName [BRN001BA9429376] Error

Error: (04/02/2014 07:39:23 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/04/02 19:39:23.843]: [00001172]: GetDeviceIpAddress: GetAddressByName [BRN001BA9BE51AC] Error

Error: (04/02/2014 07:38:59 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/04/02 19:38:59.375]: [00001172]: GetDeviceIpAddress: GetAddressByName [BRN001BA9429376] Error

Error: (04/02/2014 07:38:49 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/04/02 19:38:49.343]: [00001172]: GetDeviceIpAddress: GetAddressByName [BRN001BA9BE51AC] Error

Error: (04/02/2014 07:38:24 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/04/02 19:38:24.875]: [00001172]: GetDeviceIpAddress: GetAddressByName [BRN001BA9429376] Error


System errors:
=============
Error: (04/06/2014 10:39:41 AM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/06/2014 10:39:08 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (04/06/2014 10:37:12 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/06/2014 10:37:08 AM) (Source: Service Control Manager) (User: )
Description: The QBCFMonitorService service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/06/2014 10:37:08 AM) (Source: Service Control Manager) (User: )
Description: The IDriveE Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/06/2014 10:37:07 AM) (Source: Service Control Manager) (User: )
Description: The BrSplService service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/06/2014 10:37:07 AM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service 7 service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/06/2014 03:00:51 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2932677).

Error: (04/05/2014 05:10:57 PM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/05/2014 05:10:53 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.


Microsoft Office Sessions:
=========================
Error: (04/06/2014 09:36:28 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/04/06 09:36:28.812]: [00001624]: GetDeviceIpAddress: GetAddressByName [BRN001BA9BE51AC] Error

Error: (04/06/2014 09:36:00 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/04/06 09:36:00.218]: [00001624]: GetDeviceIpAddress: GetAddressByName [BRN001BA9429376] Error

Error: (04/06/2014 09:35:54 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/04/06 09:35:54.312]: [00001624]: GetDeviceIpAddress: GetAddressByName [BRN001BA9BE51AC] Error

Error: (04/03/2014 05:36:38 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/04/03 17:36:38.093]: [00001768]: GetDeviceIpAddress: GetAddressByName [BRN001BA9429376] Error

Error: (04/02/2014 07:40:08 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/04/02 19:40:08.343]: [00001172]: GetDeviceIpAddress: GetAddressByName [BRN001BA9BE51AC] Error

Error: (04/02/2014 07:39:33 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/04/02 19:39:33.875]: [00001172]: GetDeviceIpAddress: GetAddressByName [BRN001BA9429376] Error

Error: (04/02/2014 07:39:23 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/04/02 19:39:23.843]: [00001172]: GetDeviceIpAddress: GetAddressByName [BRN001BA9BE51AC] Error

Error: (04/02/2014 07:38:59 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/04/02 19:38:59.375]: [00001172]: GetDeviceIpAddress: GetAddressByName [BRN001BA9429376] Error

Error: (04/02/2014 07:38:49 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/04/02 19:38:49.343]: [00001172]: GetDeviceIpAddress: GetAddressByName [BRN001BA9BE51AC] Error

Error: (04/02/2014 07:38:24 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/04/02 19:38:24.875]: [00001172]: GetDeviceIpAddress: GetAddressByName [BRN001BA9429376] Error


========================= Devices: ================================

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


**** End of log ****

 

FSS log:

 

Farbar Service Scanner Version: 25-02-2014
Ran by ATS (administrator) on 06-04-2014 at 17:49:18
Running from "C:\Documents and Settings\ATS\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000900000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****
 


Edited by jlurie, 06 April 2014 - 07:46 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP