Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Suspicious.Cloud.9

suspicious cloud 9 conduit st conduit start savin startsavin livey suspicious Bamboo Tablet

  • Please log in to reply

#1
mikechWA

mikechWA

    New Member

  • Member
  • Pip
  • 8 posts

A few days ago I accidentally downloaded an aggressive marketing trojan. I have removed what I could find several times, but it keeps loading things into my startup and systray. AND Norton keeps blocking Suspicious.Cloud.9 which only started after this whole problem started. There seems to be access to my computer through my Bamboo Tablet. Has anyone else found this to be the case? This began with a product called STARTSAVIN and I think LIVEY, eventually I got a copy of CONDUIT and another product that loaded shows up as Event Monitor User Notification Tool.  I also tried Norton Power Eraser and it found nothing. Any advice?

Attached Thumbnails

  • Suspicious.Cloud.9.jpg

Edited by mikechWA, 06 April 2014 - 05:15 PM.

  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.

Since this is a malware related issues, it's been moved here. :)

Before we get started, I have a few things I need to go over with you
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.

  • Please read through my instructions carefully and completely before executing them.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  • Please remember, the fixes are for your machine and your machine ONLY!
Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.



Step 1: FRST Scan

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Step 2: Scan with aswMBR
  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.
aswmbrscan_zpsdc05b0f9.jpg
  • Click the Scan button to begin the scan.
aswmbrsavelog_zps1aeef48e.jpg
  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit
Things I need to see in your next post:

FRST Log

Additions.txt Log

aswMBR Log

  • 0

#3
mikechWA

mikechWA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hi - thanks for getting me started. The AVAST process seems to get to MyDocuments and then I get a Windows-type error that offers me to send a debugging report. I ran it again and screen captured the "Suspicious" error that happens early on and that's included, here.

 

I am awaiting further instructions.

 

Thank You

Attached Files


  • 0

#4
mikechWA

mikechWA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

I tried to run the AVAST process one more time. I can't be sure the process is finished. It had stopped processing, so I did a screen capture and then clicked the SCAN REPORT button this time, and it generated a report. That's attached. Hope this helps.

 

Thank You

Attached Files


Edited by mikechWA, 07 April 2014 - 01:23 PM.

  • 0

#5
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi, :)

I'll be looking over your logs and will have some instructions for you this evening. However, I must ask that you paste the logs into your replies instead of attaching them. It makes it easier to research them. :thumbsup:

I'll post these logs into the a reply so I can access them this evening. :)



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Dad (administrator) on HOMERJAY on 07-04-2014 07:23:02
Running from C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Microsoft) C:\WINDOWS\arservice.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
(Intel Corporation) C:\WINDOWS\system32\IProsetMonitor.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files\Norton 360\Norton 360\Engine\21.2.0.38\N360.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\pcreg\pcreg.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\WINDOWS\system32\atwtusb.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(WALTOP International Corp.) C:\WINDOWS\system32\TblMouse.exe
(PixArt Imaging Incorporation) C:\WINDOWS\PixArt\PAC7302\Monitor.exe
(Symantec Corporation) C:\Program Files\Norton 360\Norton 360\Engine\21.2.0.38\N360.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Apache Software Foundation) C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
(Logitech Inc.) C:\Program Files\SetPoint\SetPoint.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
() C:\WINDOWS\system32\atwtusb.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TblMouse] - C:\WINDOWS\system32\TblMouse.exe [65184 2007-10-09] (WALTOP International Corp.)
HKLM\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [PAC7302_Monitor] - C:\WINDOWS\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20026472 1999-12-31] (Realtek Semiconductor Corp.)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [15512424 2012-09-23] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMCTray.dll [108392 2012-09-23] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1634112 2012-09-23] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [pcreg] - C:\Program Files\pcreg\service.exe [90184 2014-03-13] ()
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-229142031-1004967283-3177539258-1008\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1804648 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-229142031-1004967283-3177539258-1008\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-229142031-1004967283-3177539258-1008\...\Run: [pcreg] - C:\Program Files\pcreg\service.exe [90184 2014-03-13] ()
HKU\S-1-5-21-229142031-1004967283-3177539258-1008\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-229142031-1004967283-3177539258-1008\...\MountPoints2: K - K:\VZW_Software_upgrade_assistant.exe
AppInit_DLLs: c:\progra~1\settin~1\systemk\syskldr.dll => c:\progra~1\settin~1\systemk\syskldr.dll File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
Lsa: [Authentication Packages] msv1_0 nwprovau
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
ShortcutTarget: Monitor Apache Servers.lnk -> C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe (Apache Software Foundation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk
ShortcutTarget: SetPoint.lnk -> C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\LogMeInRemoteUser\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\UpdatusUser\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.default-s...&tm=305&src=hmp
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...lion&pf=desktop
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE8HP&PC=UP61
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-s...p={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {35BD7BC1-4C85-4F7F-ACA6-876B606CD4DB} URL = http://www.ask.com/w...src=0&o=0&l=dir
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-s...p={searchTerms}
SearchScopes: HKCU - {DD458146-C277-42A1-8FA1-561B6806DEA8} URL = http://websearch.ask...DD-9541C9C7D4BB
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Norton 360\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Norton 360\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\846bmugo.default-1370280888171
FF DefaultSearchEngine: Conduit Search
FF SearchEngineOrder.1: default-search.net
FF SelectedSearchEngine: default-search.net
FF Homepage: file:///c:/home.htm
FF Keyword.URL: hxxp://www.default-search.net/search?sid=476&aid=100&itype=n&ver=11471&tm=305&src=ds&p=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2105 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2163 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1212 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\846bmugo.default-1370280888171\searchplugins\ask-jeeves.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml
FF Extension: Firebug - C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\846bmugo.default-1370280888171\Extensions\[email protected] [2013-08-05]
FF Extension: Lightbeam - C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\846bmugo.default-1370280888171\Extensions\[email protected] [2013-10-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Mozilla Firefox\extensions\[email protected]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-01-29]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []

========================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor9.0; C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-05] (Adobe Systems Incorporated)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 1999-12-31] (LSI Corporation)
R2 ARSVC; C:\WINDOWS\arservice.exe [58880 2005-08-03] (Microsoft)
R2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [110752 2010-09-21] (Intel Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [67400 2011-04-01] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43129288 2012-06-29] (Microsoft Corporation)
R2 N360; C:\Program Files\Norton 360\Norton 360\Engine\21.2.0.38\N360.exe [265040 2014-03-12] (Symantec Corporation)
R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-13] (Microsoft Corporation)
R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [33864 2014-03-13] ()
S0 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [379848 2012-06-29] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [528256 2012-12-11] (Wacom Technology, Corp.)
R2 WTService; C:\WINDOWS\system32\atwtusb.exe [364192 2007-12-06] ()

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 1999-12-31] (Creative)
S3 Andbus; C:\WINDOWS\System32\DRIVERS\lgandbus.sys [14336 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\WINDOWS\System32\DRIVERS\lganddiag.sys [20736 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\WINDOWS\System32\DRIVERS\lgandgps.sys [20096 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\WINDOWS\System32\DRIVERS\lgandmodem.sys [25088 2012-03-02] (LG Electronics Inc.)
S3 androidusb; C:\WINDOWS\System32\Drivers\lgandadb.sys [25728 2012-03-02] (Google Inc)
S3 aracpi; C:\WINDOWS\System32\DRIVERS\aracpi.sys [22784 2005-08-03] (Microsoft Corporation)
R3 arhidfltr; C:\WINDOWS\System32\DRIVERS\arhidfltr.sys [19200 2005-08-03] (Microsoft Corporation)
R3 arkbcfltr; C:\WINDOWS\System32\DRIVERS\arkbcfltr.sys [5376 2005-08-03] (Microsoft Corporation)
R3 armoucfltr; C:\WINDOWS\System32\DRIVERS\armoucfltr.sys [4992 2005-08-03] (Microsoft Corporation)
R3 ARPolicy; C:\WINDOWS\System32\DRIVERS\arpolicy.sys [10112 2005-08-03] (Microsoft Corporation)
S3 AVEO; C:\WINDOWS\System32\DRIVERS\AVEOdcnt.sys [224256 2010-01-21] (AVEO Corp)
R0 bb-run; C:\WINDOWS\System32\DRIVERS\bb-run.sys [17408 2003-11-05] (Promise Technology, Inc.)
R1 BHDrvx86; C:\Program Files\Norton 360\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx86.sys [1098968 2014-03-18] (Symantec Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360\1502000.026\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R3 CXFALCON; C:\WINDOWS\System32\drivers\cxfalcon.sys [100480 2005-08-16] (Conexant Systems, Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2014-01-31] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2014-01-28] (Symantec Corporation)
R0 ftsata2; C:\WINDOWS\System32\DRIVERS\ftsata2.sys [175104 2005-06-30] (Promise Technology, Inc.)
R3 hidkmdf; C:\WINDOWS\System32\DRIVERS\hidkmdf.sys [11680 2012-12-03] (Windows ® Win 7 DDK provider)
R3 IDSxpx86; C:\Program Files\Norton 360\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140404.001\IDSxpx86.sys [383120 2014-03-25] (Symantec Corporation)
R3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28688 2007-04-11] (Logitech, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 1999-12-31] (Creative Technology Ltd.)
R3 NAVENG; C:\Program Files\Norton 360\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140406.021\NAVENG.SYS [93272 2014-04-02] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton 360\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140406.021\NAVEX15.SYS [1612376 2014-04-02] (Symantec Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [124264 2012-07-03] (NVIDIA Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-10] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-10] (Microsoft Corporation)
R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation)
S3 PAC7302; C:\WINDOWS\System32\DRIVERS\PAC7302.SYS [457216 2009-04-28] (PixArt Imaging Inc.)
S4 RsFx0153; C:\WINDOWS\System32\DRIVERS\RsFx0153.sys [249288 2012-06-29] (Microsoft Corporation)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R3 SRTSP; C:\WINDOWS\System32\Drivers\N360\1502000.026\SRTSP.SYS [664280 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360\1502000.026\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [12984 2012-04-13] ()
R0 SymDS; C:\WINDOWS\System32\drivers\N360\1502000.026\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\N360\1502000.026\SYMEFA.SYS [936152 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2014-01-29] (Symantec Corporation)
S3 SymIM; C:\WINDOWS\System32\DRIVERS\SymIM.sys [47960 2013-09-09] (Symantec Corporation)
R3 SymIMMP; C:\WINDOWS\System32\DRIVERS\SymIM.sys [47960 2013-09-09] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360\1502000.026\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\N360\1502000.026\SYMTDI.SYS [423256 2014-02-17] (Symantec Corporation)
S3 WacHidRouter; C:\WINDOWS\System32\DRIVERS\wachidrouter.sys [70048 2012-12-03] (Wacom Technology)
S3 wacomrouterfilter; C:\WINDOWS\System32\DRIVERS\wacomrouterfilter.sys [13728 2012-11-15] (Wacom Technology)
S3 WN5301; C:\WINDOWS\System32\DRIVERS\wn5301.sys [468768 2005-10-05] (Liteon Technology Inc.)
S3 dsNcAdpt; system32\DRIVERS\dsNcAdpt.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
U1 WS2IFSL;
S2 zumbus; system32\DRIVERS\zumbus.sys [X]

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2014-04-07 07:23 - 2014-04-07 07:23 - 00023513 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\FRST.txt
2014-04-07 07:21 - 2014-04-07 07:23 - 00000000 ____D () C:\FRST
2014-04-07 07:17 - 2014-04-07 07:17 - 04745728 _____ (AVAST Software) C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\aswmbr.exe
2014-04-07 07:15 - 2014-04-07 07:15 - 01145856 _____ (Farbar) C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\FRST.exe
2014-04-06 17:02 - 2014-04-06 17:02 - 03423972 ____R () C:\2013Backup_2014-04-06_170202.mbf
2014-04-06 15:49 - 2014-04-06 15:49 - 03408054 ____R () C:\2013Backup_2014-04-06_154912.mbf
2014-04-04 15:47 - 2014-04-04 15:51 - 00000000 ____D () C:\WINDOWS\system32\CATRJunk
2014-04-04 15:38 - 2014-04-04 15:38 - 03182166 _____ () C:\WINDOWS\4_14image.bmp
2014-04-04 15:05 - 2014-04-04 15:05 - 00000000 _____ () C:\END
2014-04-03 07:25 - 2014-04-03 07:25 - 03396905 ____R () C:\2013Backup_2014-04-03_072538.mbf
2014-04-02 13:37 - 2014-04-07 03:41 - 00000328 _____ () C:\WINDOWS\Tasks\bench-sys.job
2014-04-02 13:33 - 2014-04-06 21:18 - 00000354 _____ () C:\WINDOWS\Tasks\At1.job
2014-04-02 13:33 - 2014-04-06 21:18 - 00000266 _____ () C:\WINDOWS\Tasks\pcreg.job
2014-04-02 13:32 - 2014-04-02 13:33 - 00000000 ____D () C:\Program Files\pcreg
2014-03-31 11:37 - 2014-04-06 14:57 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-31 11:37 - 2014-03-31 11:37 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-29 20:58 - 2013-09-09 19:47 - 00047960 ____R (Symantec Corporation) C:\WINDOWS\system32\Drivers\SymIM.sys
2014-03-28 20:52 - 2014-03-30 13:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-27 03:03 - 2014-03-27 03:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-27 03:00 - 2014-03-27 03:03 - 00006821 _____ () C:\WINDOWS\KB2934207.log
2014-03-26 15:40 - 2014-02-25 18:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-03-26 15:40 - 2014-02-25 18:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-03-21 22:40 - 2014-03-21 22:39 - 00110592 _____ () C:\WINDOWS\Minidump\Mini032114-01.dmp
2014-03-21 07:34 - 2014-04-06 10:38 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\PattenU
2014-03-16 14:33 - 2014-04-07 07:08 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Mary Moose
2014-03-15 12:30 - 2014-03-15 12:30 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\SelfMV
2014-03-15 12:30 - 2014-03-15 12:30 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\samsung
2014-03-15 12:30 - 2014-03-15 12:30 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\NativeFus_Log
2014-03-15 12:30 - 2014-02-25 16:48 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\system32\secman.dll
2014-03-15 12:29 - 2014-04-02 13:46 - 00000000 ____D () C:\Program Files\Samsung
2014-03-15 12:27 - 2014-03-15 12:27 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Downloaded Installations
2014-03-15 12:20 - 2008-04-13 19:12 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusd.dll
2014-03-15 12:20 - 2001-08-17 22:36 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusb.dll
2014-03-15 12:12 - 2014-03-15 12:30 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Samsung
2014-03-15 12:12 - 2014-03-15 12:12 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\SmartSwitch
2014-03-14 03:06 - 2014-03-14 03:07 - 00132116 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-14 03:06 - 2014-03-14 03:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-14 03:06 - 2014-03-14 03:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-14 03:01 - 2014-03-14 03:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-03-13 06:50 - 2014-03-14 03:06 - 00130647 _____ () C:\WINDOWS\KB2929961.log
2014-03-13 06:49 - 2014-03-14 03:06 - 00134032 _____ () C:\WINDOWS\KB2930275.log
2014-03-11 12:10 - 2014-04-04 16:32 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Mulvaney

==================== One Month Modified Files and Folders =======

2014-04-07 07:23 - 2014-04-07 07:23 - 00023513 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\FRST.txt
2014-04-07 07:23 - 2014-04-07 07:21 - 00000000 ____D () C:\FRST
2014-04-07 07:17 - 2014-04-07 07:17 - 04745728 _____ (AVAST Software) C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\aswmbr.exe
2014-04-07 07:15 - 2014-04-07 07:15 - 01145856 _____ (Farbar) C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\FRST.exe
2014-04-07 07:08 - 2014-03-16 14:33 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Mary Moose
2014-04-07 07:02 - 2010-02-25 11:48 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-07 07:00 - 2013-05-09 04:49 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-07 06:32 - 2012-02-18 22:07 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Adobe
2014-04-07 05:53 - 2005-08-30 21:55 - 00000280 _____ () C:\WINDOWS\wiadebug.log
2014-04-07 05:07 - 2014-01-29 08:55 - 00125533 _____ () C:\WINDOWS\setupapi.log
2014-04-07 03:41 - 2014-04-02 13:37 - 00000328 _____ () C:\WINDOWS\Tasks\bench-sys.job
2014-04-07 02:00 - 2012-11-16 17:47 - 00000338 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-HOMERJAY-Dad.job
2014-04-07 02:00 - 2010-11-18 19:32 - 00000364 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-HOMERJAY-HP_Administrator.job
2014-04-06 21:18 - 2014-04-02 13:33 - 00000354 _____ () C:\WINDOWS\Tasks\At1.job
2014-04-06 21:18 - 2014-04-02 13:33 - 00000266 _____ () C:\WINDOWS\Tasks\pcreg.job
2014-04-06 18:02 - 2010-02-25 11:48 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-06 18:02 - 2005-08-31 05:17 - 00031912 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-06 17:02 - 2014-04-06 17:02 - 03423972 ____R () C:\2013Backup_2014-04-06_170202.mbf
2014-04-06 17:02 - 2012-02-24 19:34 - 16097280 _____ () C:\2012Feb.mny
2014-04-06 15:49 - 2014-04-06 15:49 - 03408054 ____R () C:\2013Backup_2014-04-06_154912.mbf
2014-04-06 15:43 - 2005-08-31 05:17 - 01311583 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-06 14:59 - 2005-09-01 11:58 - 00000000 ____D () C:\WINDOWS\Registration
2014-04-06 14:59 - 2005-08-31 05:02 - 00000776 _____ () C:\WINDOWS\win.ini
2014-04-06 14:57 - 2014-03-31 11:37 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-06 14:57 - 2013-11-11 16:33 - 00000642 _____ () C:\WINDOWS\Tasks\Amazon Music Helper.job
2014-04-06 14:57 - 2012-02-14 18:45 - 00000178 ___SH () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\ntuser.ini
2014-04-06 14:57 - 2005-08-31 05:17 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-06 14:57 - 2005-08-30 21:55 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-04-06 14:54 - 2013-06-06 07:43 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\NPE
2014-04-06 14:54 - 2005-08-30 23:34 - 00000279 __RSH () C:\boot.ini
2014-04-06 10:38 - 2014-03-21 07:34 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\PattenU
2014-04-06 10:10 - 2013-11-20 12:34 - 00070656 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Daily List.xls
2014-04-05 11:56 - 2014-01-14 16:27 - 00109145 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\2014BillPay.xlsx
2014-04-04 16:32 - 2014-03-11 12:10 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Mulvaney
2014-04-04 15:51 - 2014-04-04 15:47 - 00000000 ____D () C:\WINDOWS\system32\CATRJunk
2014-04-04 15:38 - 2014-04-04 15:38 - 03182166 _____ () C:\WINDOWS\4_14image.bmp
2014-04-04 15:05 - 2014-04-04 15:05 - 00000000 _____ () C:\END
2014-04-03 23:38 - 2006-04-27 22:50 - 00000000 ____D () C:\Program Files\Las Vegas Casino
2014-04-03 23:36 - 2010-02-10 08:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-04-03 15:21 - 2012-03-08 19:53 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-04-03 07:25 - 2014-04-03 07:25 - 03396905 ____R () C:\2013Backup_2014-04-03_072538.mbf
2014-04-02 15:18 - 2005-09-01 11:54 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-04-02 14:11 - 2010-05-19 08:56 - 00000000 ____D () C:\Program Files\Lexmark 1200 Series
2014-04-02 14:11 - 2008-07-20 14:30 - 00000000 ____D () C:\Program Files\ABBYY FineReader 5.0 Sprint
2014-04-02 13:46 - 2014-03-15 12:29 - 00000000 ____D () C:\Program Files\Samsung
2014-04-02 13:33 - 2014-04-02 13:32 - 00000000 ____D () C:\Program Files\pcreg
2014-04-01 11:25 - 2013-07-22 10:05 - 00001011 _____ () C:\home.htm
2014-04-01 11:23 - 2013-07-22 10:05 - 00000000 ____D () C:\home_files
2014-03-31 22:42 - 2008-08-20 21:02 - 00002187 _____ () C:\Documents and Settings\All Users\Desktop\Safari.lnk
2014-03-31 11:37 - 2014-03-31 11:37 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-31 11:34 - 2013-05-08 05:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-30 13:54 - 2014-03-28 20:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 21:01 - 2014-01-29 09:18 - 00000000 ____D () C:\WINDOWS\system32\Drivers\N360
2014-03-29 20:57 - 2014-01-29 09:24 - 00001975 _____ () C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
2014-03-29 20:57 - 2014-01-29 09:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
2014-03-27 03:03 - 2014-03-27 03:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-27 03:03 - 2014-03-27 03:00 - 00006821 _____ () C:\WINDOWS\KB2934207.log
2014-03-27 03:03 - 2005-08-31 05:04 - 00912948 _____ () C:\WINDOWS\tsoc.log
2014-03-27 03:03 - 2005-08-31 05:04 - 00654517 _____ () C:\WINDOWS\comsetup.log
2014-03-27 03:03 - 2005-08-31 05:04 - 00398319 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-27 03:03 - 2005-08-31 05:04 - 00240333 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-27 03:03 - 2005-08-31 05:04 - 00232234 _____ () C:\WINDOWS\iis6.log
2014-03-27 03:03 - 2005-08-31 05:04 - 00111793 _____ () C:\WINDOWS\ehOCGen.log
2014-03-27 03:03 - 2005-08-31 05:04 - 00108384 _____ () C:\WINDOWS\ocmsn.log
2014-03-27 03:03 - 2005-08-31 05:04 - 00099104 _____ () C:\WINDOWS\tabletoc.log
2014-03-27 03:03 - 2005-08-31 05:04 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-27 03:03 - 2005-08-31 04:59 - 01983696 _____ () C:\WINDOWS\FaxSetup.log
2014-03-27 03:03 - 2005-08-31 04:59 - 00972531 _____ () C:\WINDOWS\ocgen.log
2014-03-27 03:03 - 2005-08-31 04:59 - 00360008 _____ () C:\WINDOWS\netfxocm.log
2014-03-27 03:03 - 2005-08-31 04:59 - 00230231 _____ () C:\WINDOWS\plusoc.log
2014-03-27 03:03 - 2005-08-31 04:59 - 00099445 _____ () C:\WINDOWS\msgsocm.log
2014-03-27 03:03 - 2005-08-31 04:57 - 00617814 _____ () C:\WINDOWS\msmqinst.log
2014-03-26 18:30 - 2012-04-17 18:16 - 00001680 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
2014-03-21 22:40 - 2006-06-03 10:35 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-21 22:39 - 2014-03-21 22:40 - 00110592 _____ () C:\WINDOWS\Minidump\Mini032114-01.dmp
2014-03-18 15:29 - 2013-08-14 03:14 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-18 15:25 - 2012-02-21 09:00 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-15 12:30 - 2014-03-15 12:30 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\SelfMV
2014-03-15 12:30 - 2014-03-15 12:30 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\samsung
2014-03-15 12:30 - 2014-03-15 12:30 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\NativeFus_Log
2014-03-15 12:30 - 2014-03-15 12:12 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Samsung
2014-03-15 12:29 - 2005-12-08 10:09 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-15 12:27 - 2014-03-15 12:27 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Downloaded Installations
2014-03-15 12:12 - 2014-03-15 12:12 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\SmartSwitch
2014-03-14 03:27 - 2005-08-31 05:05 - 03628824 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-14 03:25 - 2010-02-13 10:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 03:07 - 2014-03-14 03:06 - 00132116 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-14 03:07 - 2005-12-08 09:55 - 00263358 _____ () C:\WINDOWS\updspapi.log
2014-03-14 03:07 - 2005-08-31 05:04 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-03-14 03:06 - 2014-03-14 03:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-14 03:06 - 2014-03-14 03:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-14 03:06 - 2014-03-13 06:50 - 00130647 _____ () C:\WINDOWS\KB2929961.log
2014-03-14 03:06 - 2014-03-13 06:49 - 00134032 _____ () C:\WINDOWS\KB2930275.log
2014-03-14 03:03 - 2008-07-20 13:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-03-14 03:01 - 2014-03-14 03:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-03-13 00:43 - 2012-02-14 18:45 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75
2014-03-12 12:00 - 2012-06-29 18:53 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-12 12:00 - 2012-06-29 18:53 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-12 08:26 - 2011-01-11 11:35 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\SarasDoodles
2014-03-11 09:10 - 2014-03-04 08:10 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Sallie Mae
2014-03-10 12:26 - 2012-03-28 18:11 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Taxes
2014-03-09 22:24 - 2005-08-31 05:07 - 00688336 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-08 07:09 - 2013-01-30 17:01 - 00027136 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Birthdays2013.xls

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


Some content of TEMP:
====================
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\file_159755.exe
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\file_to_run551064.exe
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\file_to_run551629.exe
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\file_to_run55288.exe
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\nsa3B.exe
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\nsd2A.exe
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\nsi2F.exe
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\nsw27.exe
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\nsx1A.exe
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\nsz32.exe
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\SettingsManagerSetup.exe
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\speedmax.exe
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\SPSetup.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================



Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by Dad at 2014-04-07 07:24:51
Running from C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton 360 (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

==================== Installed Programs ======================

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
Adobe Captivate 5.5 (HKLM\...\{7DE6CDC3-CFEE-4564-813D-3F59E5D71F10}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Captivate Quiz Results Analyzer (HKLM\...\QuizResultsAnalyzer1.5.D22673E681B55698FF9C7ED1AC2C76EECFF3CF3F.1) (Version: 1.5 - Adobe Systems Incorporated)
Adobe Captivate Quiz Results Analyzer (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Captivate Reviewer (HKLM\...\AdobeCaptivateReviewer2.5.D22673E681B55698FF9C7ED1AC2C76EECFF3CF3F.1) (Version: 2.5 - Adobe Systems Incorporated)
Adobe Captivate Reviewer (HKLM\...\AdobeCaptivateReviewer2.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Captivate Reviewer (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Captivate Reviewer (Version: 2.5 - Adobe Systems Incorporated) Hidden
Adobe Connect 9 Add-in (HKCU\...\Adobe Connect 9 Add-in) (Version: 11,2,261,0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Design Premium (HKLM\...\{60E59A6C-7399-495A-B85C-C829F4E59602}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (HKLM\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (Version: 9.0.1 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 1.7.0.344 - Amazon Services LLC)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0 (HKLM\...\Audacity_is1) (Version: - Audacity Team)
Bamboo Dock (HKLM\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Tablets Tutorial (Version: 3.0.20 - Wacom) Hidden
BYOB (HKLM\...\BYOB) (Version: - )
cp_LightScribeConfig (Version: 53.0.24.000 - Hewlett-Packard) Hidden
cp_LightScribePlugin (Version: 53.0.24.000 - Hewlett-Packard) Hidden
CP_Package_Variety1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety2 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety3 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
DISCover (HKLM\...\DISCover) (Version: 3.21 - )
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Elements 9 Organizer (Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (Version: 1.0 - Adobe Systems Incorporated) Hidden
GoldWave v5.58 (HKLM\...\GoldWave v5.58) (Version: - )
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HP Boot Optimizer (HKLM\...\{3BA95526-6AE0-4B87-A62D-17187EF565FC}) (Version: 2.0.5.1 - Hewlett-Packard Company)
HP DigitalMedia Archive (HKLM\...\{F80239D8-7811-4D5E-B033-0D0BBFE32920}) (Version: 1.2 - Hewlett-Packard)
HP Image Zone for Media Center PC (HKLM\...\HP Image Zone for Media Center PC) (Version: - )
HP Multimedia Keyboard Software (HKLM\...\KBD) (Version: - )
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{9C55C629-6C4F-48A9-8840-C897DF6187ED}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Solution Center & Imaging Support Tools 5.3 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 5.3 - HP)
HP Update (HKLM\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
HPProductAssistant (Version: 53.0.13.000 - Hewlett-Packard) Hidden
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
IIS 7.5 Express (HKLM\...\{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}) (Version: 7.5.1190 - Microsoft Corporation)
Intel Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
Intel® Network Connections 15.7.176.1 (HKLM\...\{8C9B6B1F-0A8E-402A-A60C-110BBB38D67E}) (Version: 15.7.176.1 - Intel)
InterVideo WinDVD Player (HKLM\...\{3912A629-0020-0005-3757-2FBA74D4DF0A}) (Version: - )
InterVideo WinDVD Player (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.896 - InterVideo Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jing (HKLM\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
KhalInstallWrapper (Version: 4.00.121 - Logitech) Hidden
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.7.2.0 - LG Electronics)
LightScribe 1.4.52.1 (Version: 1.4.52.1 - Integrator) Hidden
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ActiveSync 4.0 (HKLM\...\{B208806F-A231-4FA0-AB3F-5C1B8979223E}) (Version: 4.2.4876.0 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools (HKLM\...\{5BDFAB82-060E-438B-AB4F-A2331B2294C0}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 - VWD Express 2010 Tools Update (HKLM\...\{21E7A706-31FF-46AA-A294-FA4A8917B59F}) (Version: 3.0.20406.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM\...\{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages - VWD Express 2010 Tools (HKLM\...\{3CFFC382-6C23-42CB-8B1E-625F9F84E362}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Away Mode (HKLM\...\AwayMode160) (Version: 6.0.0160.0 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version: - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) Hidden
Microsoft Money Plus (HKLM\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Money Shared Libraries (Version: 17.0.0.3817 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Communicator 2007 (HKLM\...\{E5BA0430-919F-46DD-B656-0796F8A5ADFF}) (Version: 2.0.6362.0 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (Version: - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{EEB0EFE8-61EB-4C42-929A-CE25D3FBC0C6}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{7419AE1A-D1A5-4B24-BD78-C7ABCC26016F}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU CTP1 (HKLM\...\{973805E6-9CDB-43F8-A14E-2161532B56A7}) (Version: 4.0.8854.1 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.9 (HKLM\...\Wudf01009) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Microsoft Visual Web Developer 2010 Express - ENU (HKLM\...\Microsoft Visual Web Developer 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Web Developer 2010 Express - ENU (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Web Deploy 2.0 (HKLM\...\{5134B35A-B559-4762-94A4-FD4918977953}) (Version: 2.0.1070 - Microsoft Corporation)
Microsoft Web Platform Installer 4.6 (HKLM\...\{C8491840-1B85-40CF-8FF4-1CCA8078C00F}) (Version: 4.0.40719.0 - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version: - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 17.0.6 (x86 en-US) (HKLM\...\Mozilla Thunderbird 17.0.6 (x86 en-US)) (Version: 17.0.6 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
muvee autoProducer 4.5 (HKLM\...\{E7137AFD-4E43-47A6-BDC7-533808F72B36}) (Version: 4.50.050 - muvee Technologies)
muvee autoProducer unPlugged 1.2 (HKLM\...\{DFB0FED6-0010-4E9B-A402-E513F2459161}) (Version: 1.20.100 - muvee Technologies)
Norton 360 (HKLM\...\N360) (Version: 21.2.0.38 - Symantec Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
NuGet (HKLM\...\{A5630CB0-6D3C-4C93-9A51-03BEB835A982}) (Version: 1.2.103.0 - Microsoft Corporation)
NVIDIA Control Panel 306.81 (Version: 306.81 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 306.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.81 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA nView 136.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.28 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13585 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PS2 (HKLM\...\PS2) (Version: - )
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6304 - Realtek Semiconductor Corp.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (Version: 3.12.3090 - SmartSound Software Inc) Hidden
SolutionCenter (Version: 50.0.152.000 - Hewlett-Packard) Hidden
Sonic MyDVD Plus (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.2.0 - Sonic Solutions)
Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Media Player 10 (KB913800) (Version: - Microsoft Corporation) Hidden
Update for Windows Media Player 10 (KB926251) (Version: - Microsoft Corporation) Hidden
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version: - Microsoft Corporation)
USB Tablet Manager (HKLM\...\Rmtablet) (Version: - )
ViewSonic Windows XP Signed Files (HKLM\...\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}) (Version: - )
Visual Studio 2010 SP1 Tools for SQL Server Compact 4.0 ENU (HKLM\...\{D25C502E-FF51-424C-8C38-8596FE47D0CD}) (Version: 4.0.8482.1 - Microsoft Corporation)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)
WCF RIA Services V1.0 SP1 (HKLM\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 53.0.13.000 - Hewlett-Packard) Hidden
WebTablet FB Plugin 32 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points =========================

07-01-2014 15:21:49 System Checkpoint
08-01-2014 19:07:12 System Checkpoint
09-01-2014 23:38:35 System Checkpoint
11-01-2014 02:18:20 System Checkpoint
12-01-2014 02:28:02 System Checkpoint
13-01-2014 02:41:57 System Checkpoint
14-01-2014 03:43:34 System Checkpoint
14-01-2014 11:00:17 Software Distribution Service 3.0
15-01-2014 11:00:37 Software Distribution Service 3.0
16-01-2014 11:32:23 System Checkpoint
17-01-2014 12:32:24 System Checkpoint
18-01-2014 12:44:57 System Checkpoint
18-01-2014 16:25:41 Installed Java 7 Update 51
19-01-2014 16:44:57 System Checkpoint
20-01-2014 17:44:56 System Checkpoint
22-01-2014 01:48:12 System Checkpoint
23-01-2014 02:40:21 System Checkpoint
24-01-2014 02:47:35 System Checkpoint
25-01-2014 04:28:24 System Checkpoint
26-01-2014 04:47:53 System Checkpoint
27-01-2014 05:15:33 System Checkpoint
28-01-2014 05:17:33 System Checkpoint
29-01-2014 05:27:01 System Checkpoint
30-01-2014 05:31:32 System Checkpoint
31-01-2014 05:47:25 System Checkpoint
01-02-2014 07:19:40 System Checkpoint
02-02-2014 08:11:21 System Checkpoint
03-02-2014 09:10:01 System Checkpoint
04-02-2014 09:29:44 System Checkpoint
05-02-2014 10:28:44 System Checkpoint
06-02-2014 16:05:40 System Checkpoint
07-02-2014 16:09:29 System Checkpoint
08-02-2014 17:09:27 System Checkpoint
09-02-2014 17:57:23 System Checkpoint
10-02-2014 21:12:26 System Checkpoint
11-02-2014 22:18:08 System Checkpoint
12-02-2014 23:15:04 System Checkpoint
13-02-2014 09:51:44 Software Distribution Service 3.0
14-02-2014 09:57:23 System Checkpoint
15-02-2014 10:06:13 System Checkpoint
16-02-2014 10:06:22 System Checkpoint
17-02-2014 11:04:39 System Checkpoint
18-02-2014 23:11:04 System Checkpoint
20-02-2014 02:21:28 System Checkpoint
21-02-2014 02:31:59 System Checkpoint
22-02-2014 03:49:00 System Checkpoint
23-02-2014 15:45:01 System Checkpoint
24-02-2014 15:47:02 System Checkpoint
25-02-2014 00:04:45 Norton 360 Registry Clean
26-02-2014 04:16:49 System Checkpoint
27-02-2014 05:40:17 System Checkpoint
28-02-2014 06:19:45 System Checkpoint
01-03-2014 06:48:19 System Checkpoint
02-03-2014 07:24:43 System Checkpoint
03-03-2014 08:24:41 System Checkpoint
04-03-2014 09:14:29 System Checkpoint
05-03-2014 09:59:25 System Checkpoint
06-03-2014 10:59:26 System Checkpoint
07-03-2014 12:17:47 System Checkpoint
08-03-2014 12:32:00 System Checkpoint
09-03-2014 13:32:01 System Checkpoint
10-03-2014 15:21:18 System Checkpoint
11-03-2014 15:34:58 System Checkpoint
12-03-2014 18:18:56 System Checkpoint
13-03-2014 18:48:26 System Checkpoint
14-03-2014 10:00:33 Software Distribution Service 3.0
15-03-2014 10:29:41 System Checkpoint
15-03-2014 19:29:31 Installed Samsung Kies3
16-03-2014 19:37:22 System Checkpoint
17-03-2014 22:55:16 System Checkpoint
18-03-2014 22:25:06 Software Distribution Service 3.0
19-03-2014 23:36:27 System Checkpoint
20-03-2014 23:54:57 System Checkpoint
22-03-2014 00:08:07 System Checkpoint
23-03-2014 00:45:52 System Checkpoint
24-03-2014 00:46:17 System Checkpoint
25-03-2014 01:20:17 System Checkpoint
26-03-2014 01:26:42 System Checkpoint
27-03-2014 03:45:54 System Checkpoint
27-03-2014 10:00:18 Software Distribution Service 3.0
28-03-2014 10:25:36 System Checkpoint
29-03-2014 11:25:37 System Checkpoint
30-03-2014 12:00:28 System Checkpoint
31-03-2014 12:04:57 System Checkpoint
01-04-2014 12:39:54 System Checkpoint
02-04-2014 13:39:04 System Checkpoint
02-04-2014 20:45:46 Removed Samsung Kies3
03-04-2014 21:09:47 System Checkpoint
04-04-2014 21:15:11 System Checkpoint
05-04-2014 21:23:36 System Checkpoint
07-04-2014 00:51:56 System Checkpoint

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-HOMERJAY-Dad.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-HOMERJAY-HP_Administrator.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\WINDOWS\Tasks\Amazon Music Helper.job => C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Amazon Cloud Player\Amazon Music Helper.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => c:\Program Files\pcreg\service.exe
Task: C:\WINDOWS\Tasks\bench-sys.job => C:\Program Files\Bench\Updater\updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ErrorEND.job => C:\Program Files\ErrorEND\ErrorEND.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job => c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe
Task: C:\WINDOWS\Tasks\HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job => c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe
Task: C:\WINDOWS\Tasks\Install.job => C:\WINDOWS\system32\Macromed\Shockwave 10\nssstub.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\pcreg.job => C:\Program Files\pcreg\service.exe

==================== Loaded Modules (whitelisted) =============

2004-08-10 05:00 - 2011-02-04 15:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2004-08-10 05:00 - 2013-01-01 23:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2004-08-10 05:00 - 2008-04-13 17:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-10 05:00 - 2008-04-13 17:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2004-08-10 12:00 - 2005-08-05 21:06 - 00165376 _____ () C:\WINDOWS\system32\mpg2splt.ax
2004-08-10 12:00 - 2005-08-05 22:01 - 00159744 _____ () C:\WINDOWS\system32\VBICodec.ax
2004-08-10 05:00 - 2011-10-14 15:38 - 00456192 _____ () C:\WINDOWS\system32\encdec.dll
2012-06-18 08:24 - 2012-06-18 08:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll
2014-03-13 03:57 - 2014-03-13 03:57 - 00033864 _____ () C:\Program Files\pcreg\pcreg.exe
2013-08-22 17:05 - 2012-12-11 13:07 - 00963456 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2012-02-18 05:58 - 2007-12-06 01:25 - 00364192 _____ () C:\WINDOWS\system32\atwtusb.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2014 08:00:34 PM) (Source: Application Error) (User: )
Description: Faulting application photoshopelementsorganizer.exe, version 9.0.0.0, faulting module quicktime.qts, version 7.74.80.86, fault address 0x0012c95c.
Processing media-specific event for [photoshopelementsorganizer.exe!ws!]

Error: (03/04/2014 03:26:37 PM) (Source: Application Error) (User: )
Description: Faulting application adobe premiere elements.exe, version 9.0.0.0, faulting module dsound.dll, version 5.3.2600.5512, fault address 0x000024df.
Processing media-specific event for [adobe premiere elements.exe!ws!]

Error: (02/14/2014 02:24:15 PM) (Source: Application Error) (User: )
Description: Faulting application msmoney.exe, version 17.0.0.3817, faulting module utlsrf08.dll, version 17.0.0.3817, fault address 0x00006f6b.
Processing media-specific event for [msmoney.exe!ws!]

Error: (02/13/2014 08:20:02 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown


System errors:
=============
Error: (04/07/2014 03:25:22 AM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverLISASIMPSONNetBT_Tcpip_{84BE1FF7-AE1D-4F

Error: (04/06/2014 03:24:44 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverLISASIMPSONNetBT_Tcpip_{84BE1FF7-AE1D-4F

Error: (04/06/2014 02:59:28 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
iaStor
IntelIde
ViaIde

Error: (04/06/2014 02:59:28 PM) (Source: Service Control Manager) (User: )
Description: The Web Deployment Agent Service service hung on starting.

Error: (04/06/2014 02:58:06 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (04/06/2014 02:58:06 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured
password due to the following error:
%%1331

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error: (04/06/2014 02:58:06 PM) (Source: Service Control Manager) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error:
%%2

Error: (04/06/2014 02:44:04 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
iaStor
IntelIde
ViaIde

Error: (04/06/2014 02:44:04 PM) (Source: Service Control Manager) (User: )
Description: The Web Deployment Agent Service service hung on starting.

Error: (04/06/2014 02:42:37 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069


Microsoft Office Sessions:
=========================
Error: (12/09/2013 05:41:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/26/2013 09:58:37 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/12/2013 10:51:22 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 46 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/09/2013 03:16:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 79367 seconds with 360 seconds of active time. This session ended with a crash.

Error: (05/12/2013 09:37:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 35532 seconds with 3420 seconds of active time. This session ended with a crash.

Error: (04/18/2013 06:47:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 728 seconds with 60 seconds of active time. This session ended with a crash.

Error: (12/22/2012 05:09:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (12/19/2012 08:11:23 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2278 seconds with 1200 seconds of active time. This session ended with a crash.

Error: (07/10/2012 06:41:19 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1354 seconds with 720 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 3070.41 MB
Available physical RAM: 2226.84 MB
Total Pagefile: 4953.83 MB
Available Pagefile: 4213.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1958.68 MB

==================== Drives ================================

Drive c: (HP_PAVILION) (Fixed) (Total:270.94 GB) (Free:75.7 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HP_RECOVERY) (Fixed) (Total:8.5 GB) (Free:1.05 GB) FAT32 ==>[Drive with boot components (Windows XP)]
Drive k: (FreeAgent GoFlex Drive) (Fixed) (Total:465.76 GB) (Free:262.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 279 GB) (Disk ID: 1549F232)
Partition 1: (Not Active) - (Size=9 GB) - (Type=0C)
Partition 2: (Active) - (Size=271 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 466 GB) (Disk ID: 00721070)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================



aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-04-07 11:07:42
-----------------------------
11:07:42.190 OS Version: Windows 5.1.2600 Service Pack 3
11:07:42.190 Number of processors: 2 586 0x404
11:07:42.190 ComputerName: HOMERJAY UserName: Dad
11:07:43.237 Initialize success
11:08:42.206 AVAST engine defs: 14040700
11:13:10.893 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
11:13:10.893 Disk 0 Vendor: Maxtor_6L300S0 BACE1G10 Size: 286168MB BusType: 3
11:13:11.565 Disk 0 MBR read successfully
11:13:11.581 Disk 0 MBR scan
11:13:11.612 Disk 0 unknown MBR code
11:13:11.628 Disk 0 Partition 1 00 0C FAT32 LBA RECOVERY 8714 MB offset 63
11:13:11.675 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 277442 MB offset 17848215
11:13:11.690 Disk 0 scanning sectors +586051200
11:13:12.534 Disk 0 scanning C:\WINDOWS\system32\drivers
11:14:12.878 Service scanning
11:14:16.565 Service BHDrvx86 C:\Program Files\Norton 360\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx86.sys **LOCKED** 5
11:14:17.221 Service ccSet_N360 C:\WINDOWS\system32\drivers\N360\1502000.026\ccSetx86.sys **LOCKED** 5
11:14:19.221 Service eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys **LOCKED** 5
11:14:19.534 Service EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
11:14:23.081 Service IDSxpx86 C:\Program Files\Norton 360\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140404.001\IDSxpx86.sys **LOCKED** 5
11:14:33.550 Service NAVENG C:\Program Files\Norton 360\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140406.021\NAVENG.SYS **LOCKED** 5
11:14:33.800 Service NAVEX15 C:\Program Files\Norton 360\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140406.021\NAVEX15.SYS **LOCKED** 5
11:14:42.956 Service SRTSPX C:\WINDOWS\system32\drivers\N360\1502000.026\SRTSPX.SYS **LOCKED** 5
11:14:44.003 Service SymDS C:\WINDOWS\system32\drivers\N360\1502000.026\SYMDS.SYS **LOCKED** 5
11:14:44.221 Service SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS **LOCKED** 5
11:14:44.456 Service SymIRON C:\WINDOWS\system32\drivers\N360\1502000.026\Ironx86.SYS **LOCKED** 5
11:14:44.596 Service SYMTDI C:\WINDOWS\System32\Drivers\N360\1502000.026\SYMTDI.SYS **LOCKED** 5
11:14:49.659 Modules scanning
11:15:47.690 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
11:16:01.440 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
11:16:01.440 Disk 0 trace - called modules:
11:16:01.487 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:16:01.487 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aeaaab8]
11:16:01.487 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\0000007c[0x8aeff9e8]
11:16:01.487 5 ACPI.sys[b7f45620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8ae35d98]
11:16:02.362 AVAST engine scan C:\WINDOWS
11:18:33.315 AVAST engine scan C:\WINDOWS\system32
11:33:48.065 AVAST engine scan C:\WINDOWS\system32\drivers
11:36:01.050 AVAST engine scan C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75
12:10:37.675 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\MBR.dat"
12:10:37.690 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\aswMBR.txt"
  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

We have some work to do, so let's get started.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Submit Files for Scanning to VirusTotal
  • Please go to VirusTotal.org by clicking here

    Please follow these instructions for both of the files listed.
  • Please click on Choose File
  • When the window opens, navigate to the location listed in the box below and select file that is listed in that location.

    C:\WINDOWS\System32\drivers\dxgthk.sys
    C:\WINDOWS\system32\ntdll.dll

  • Once you have selected the file, click the blue Scan It! button.
  • VirusTotal will scan the file and produce a report for you. Please post the reports in your next reply.
Step 2: FRST Fix
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
() C:\Program Files\pcreg\pcreg.exe
C:\Program Files\pcreg
HKLM\...\Run: [] - [X]
HKLM\...\Run: [pcreg] - C:\Program Files\pcreg\service.exe [90184 2014-03-13] ()
HKU\S-1-5-21-229142031-1004967283-3177539258-1008\...\Run: [pcreg] - C:\Program Files\pcreg\service.exe [90184 2014-03-13] ()
HKU\S-1-5-21-229142031-1004967283-3177539258-1008\...\MountPoints2: K - K:\VZW_Software_upgrade_assistant.exe
AppInit_DLLs: c:\progra~1\settin~1\systemk\syskldr.dll => c:\progra~1\settin~1\systemk\syskldr.dll File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.default-s...&tm=305&src=hmp
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-s...p={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {35BD7BC1-4C85-4F7F-ACA6-876B606CD4DB} URL = http://www.ask.com/w...src=0&o=0&l=dir
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-s...p={searchTerms}
SearchScopes: HKCU - {DD458146-C277-42A1-8FA1-561B6806DEA8} URL = http://websearch.ask...DD-9541C9C7D4BB
BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll No File
FF DefaultSearchEngine: Conduit Search
FF SearchEngineOrder.1: default-search.net
FF SelectedSearchEngine: default-search.net
FF Keyword.URL: hxxp://www.default-search.net/search?sid=476&aid=100&itype=n&ver=11471&tm=305&src=ds&p=
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml
R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [33864 2014-03-13] ()
2014-04-04 15:05 - 2014-04-04 15:05 - 00000000 _____ () C:\END
2014-04-02 13:33 - 2014-04-06 21:18 - 00000266 _____ () C:\WINDOWS\Tasks\pcreg.job
2014-04-02 13:32 - 2014-04-02 13:33 - 00000000 ____D () C:\Program Files\pcreg
C:\Windows\Tasks\At1.job
Task: C:\WINDOWS\Tasks\At1.job => c:\Program Files\pcreg\service.exe
Task: C:\WINDOWS\Tasks\bench-sys.job => C:\Program Files\Bench\Updater\updater.exe <==== ATTENTION
C:\Program Files\Bench
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 4: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 5: Temporary File Cleaner


Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Step 6: Fresh FRST Scan


Start Farbar's Recovery Scan Tool and press the Scan button.

FRST will scan your machine and produce one log this time, please post it in your next reply.


Things I need to see in your next post:

VirusTotal Reports for both files

FRST Fix Log

AdwCleaner Log

Junkware Removal Tool

Fresh FRST Log

  • 0

#7
mikechWA

mikechWA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hello and thanks - everything went pretty well and I definitely prefer doing things this way. Seeing the results myself (eventhough I may not fully understand what I'm looking at) is strangely reassuring. So, nothing but gratitude, here. A couple of notes, I somehow clicked on the wrong link when I was going for the Junk Removal Tool. What allowed me to catch the mistake was your email instructions giving the filename. That page is full of links, so it might be helpful to add a brief warning. Also, in Step 6, you shouldn't have needed to remind me, I should have been smart enough to figure it out on my own, but I was not. "Run As Administrator".   And finally, if you see anyhting in the browser cache about "Swedish School Girls" those are all purely documentary (joke intended).  Here are your reports.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by Dad at 2014-04-08 06:28:53 Run:1
Running from C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
() C:\Program Files\pcreg\pcreg.exe
C:\Program Files\pcreg
HKLM\...\Run: [] - [X]
HKLM\...\Run: [pcreg] - C:\Program Files\pcreg\service.exe [90184 2014-03-13] ()
HKU\S-1-5-21-229142031-1004967283-3177539258-1008\...\Run: [pcreg] - C:\Program Files\pcreg\service.exe [90184 2014-03-13] ()
HKU\S-1-5-21-229142031-1004967283-3177539258-1008\...\MountPoints2: K - K:\VZW_Software_upgrade_assistant.exe
AppInit_DLLs: c:\progra~1\settin~1\systemk\syskldr.dll => c:\progra~1\settin~1\systemk\syskldr.dll File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.default-s...&tm=305&src=hmp
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-s...p={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {35BD7BC1-4C85-4F7F-ACA6-876B606CD4DB} URL = http://www.ask.com/w...src=0&o=0&l=dir
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-s...p={searchTerms}
SearchScopes: HKCU - {DD458146-C277-42A1-8FA1-561B6806DEA8} URL = http://websearch.ask...DD-9541C9C7D4BB
BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll No File
FF DefaultSearchEngine: Conduit Search
FF SearchEngineOrder.1: default-search.net
FF SelectedSearchEngine: default-search.net
FF Keyword.URL: hxxp://www.default-search.net/search?sid=476&aid=100&itype=n&ver=11471&tm=305&src=ds&p=
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml
R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [33864 2014-03-13] ()
2014-04-04 15:05 - 2014-04-04 15:05 - 00000000 _____ () C:\END
2014-04-02 13:33 - 2014-04-06 21:18 - 00000266 _____ () C:\WINDOWS\Tasks\pcreg.job
2014-04-02 13:32 - 2014-04-02 13:33 - 00000000 ____D () C:\Program Files\pcreg
C:\Windows\Tasks\At1.job
Task: C:\WINDOWS\Tasks\At1.job => c:\Program Files\pcreg\service.exe
Task: C:\WINDOWS\Tasks\bench-sys.job => C:\Program Files\Bench\Updater\updater.exe <==== ATTENTION
C:\Program Files\Bench
End

*****************

[2288] C:\Program Files\pcreg\pcreg.exe => Process closed successfully.
C:\Program Files\pcreg => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => Value deleted successfully.
HKU\S-1-5-21-229142031-1004967283-3177539258-1008\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => Value deleted successfully.
HKU\S-1-5-21-229142031-1004967283-3177539258-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-229142031-1004967283-3177539258-1008 => Key not found.
"c:\\progra~1\\settin~1\\systemk\\syskldr.dll" => Value Data removed successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{35BD7BC1-4C85-4F7F-ACA6-876B606CD4DB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{35BD7BC1-4C85-4F7F-ACA6-876B606CD4DB} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DD458146-C277-42A1-8FA1-561B6806DEA8} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DD458146-C277-42A1-8FA1-561B6806DEA8} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872} => Key deleted successfully.
HKCR\CLSID\{BDF3E430-B101-42AD-A544-FADC6B084872} => Key deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml => Moved successfully.
pcregservice => Service deleted successfully.
C:\END => Moved successfully.
C:\WINDOWS\Tasks\pcreg.job => Moved successfully.
"C:\Program Files\pcreg" => File/Directory not found.
C:\Windows\Tasks\At1.job => Moved successfully.
C:\WINDOWS\Tasks\At1.job not found.
C:\WINDOWS\Tasks\bench-sys.job => Moved successfully.
"C:\Program Files\Bench" => File/Directory not found.

==== End of Fixlog ====

 


VirusTotal </en/>
Analysis completed.
SHA256:     c36486504c3a596fdca487143f6d3b43c0bee01321f6f1f3071976556533c419
File name:     dxgthk.sys
Detection ratio:     0 / 51
Analysis date:     2014-04-08 13:18:14 UTC ( 0 minutes ago )

4
0
*// Probably harmless!* There are strong indicators suggesting that this
file is safe to use.

  * // Analysis <#analysis>
  * // File detail <#item-detail>
  * // Additional information <#additional-info>
  * // Comments <#comments>
  * // Votes <#votes>
  * // Behavioural information <#behavioural-info>

Antivirus     Result     Update
AVG     //     20140408
Ad-Aware     //     20140408
AegisLab     //     20140408
Agnitum     //     20140407
AhnLab-V3     //     20140407
AntiVir     //     20140408
Antiy-AVL     //     20140408
Avast     //     20140408
Baidu-International     //     20140408
BitDefender     //     20140408
Bkav     //     20140408
ByteHero     //     20140408
CAT-QuickHeal     //     20140408
CMC     //     20140408
ClamAV     //     20140408
Commtouch     //     20140408
Comodo     //     20140408
DrWeb     //     20140408
ESET-NOD32     //     20140408
Emsisoft     //     20140408
F-Prot     //     20140408
F-Secure     //     20140408
Fortinet     //     20140407
GData     //     20140408
Ikarus     //     20140408
Jiangmin     //     20140408
K7AntiVirus     //     20140408
K7GW     //     20140408
Kaspersky     //     20140408
Kingsoft     //     20140408
Malwarebytes     //     20140408
McAfee     //     20140408
McAfee-GW-Edition     //     20140408
MicroWorld-eScan     //     20140408
Microsoft     //     20140408
NANO-Antivirus     //     20140408
Norman     //     20140408
Panda     //     20140408
Qihoo-360     //     20140408
Rising     //     20140408
SUPERAntiSpyware     //     20140408
Sophos     //     20140408
Symantec     //     20140408
TheHacker     //     20140408
TotalDefense     //     20140408
TrendMicro     //     20140408
TrendMicro-HouseCall     //     20140408
VBA32     //     20140408
VIPRE     //     20140408
ViRobot     //     20140408
nProtect     //     20140408

An error occurred
*The file being studied is a Portable Executable file!* More
specifically, it is a Win32 EXE file for the Native subsystem.


          // Authenticode signature block

Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Windows® Operating System
Original name dxgthk.sys
Internal name dxgthk.sys
File version 5.1.2600.0 (xpclient.010817-1148)
Description DirectX Graphics Driver Thunk


          // PE header basic information

Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-08-17 20:53:12
Entry Point 0x00000359
Number of sections 6


          // PE sections

Name Virtual address Virtual size Raw size Entropy MD5
.text 768 112 128 4.79 9221f24425680002b1f81b023f4bd065
.rdata 896 79 128 2.57 7460f55ce7f6ce7c20e2517b415c7e17
.edata 1024 1018 1024 5.13 be658f60eb262953b13881bbb9fd76c0
INIT 2048 76 128 1.98 1c299f3aa961cff8b08dee46fa93b2b7
.rsrc 2176 1008 1024 3.37 28d1f9c6d9f73ae580de8d4290b775cb
.reloc 3200 20 128 0.63 202d6f86f367ff4e147afccf06b92b6e


          // PE imports

[+] WIN32K.SYS
EngDebugPrint


          // PE exports

DriverEntry
EngAcquireSemaphore
EngAllocMem
EngAllocUserMem
EngCopyBits
EngCreateBitmap
EngCreatePalette
EngCreateSemaphore
EngDeletePalette
EngDeleteSemaphore
EngDeleteSurface
EngFindImageProcAddress
EngFreeMem
EngFreeUserMem
EngLoadImage
EngLockSurface
EngReleaseSemaphore
EngSetLastError
EngUnloadImage
EngUnlockSurface
Show all


          // Number of PE resources by type

RT_VERSION 1


          // Number of PE resources by language

ENGLISH US 1


          // ExifTool file metadata

SubsystemVersion
5.1

LinkerVersion
7.0

ImageVersion
5.1

FileSubtype
7

FileVersionNumber
5.1.2600.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
2304

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.1.2600.0 (xpclient.010817-1148)

TimeStamp
2001:08:17 21:53:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
dxgthk.sys

FileAccessDate
2014:04:08 14:18:17+01:00

ProductVersion
5.1.2600.0

FileDescription
DirectX Graphics Driver Thunk

OSVersion
5.1

FileCreateDate
2014:04:08 14:18:17+01:00

OriginalFilename
dxgthk.sys

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
256

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.1.2600.0

EntryPoint
0x0359

ObjectFileType
Driver

An error occurred
An error occurred
*No comments.* No VirusTotal Community member has commented on this item
yet, be the first one to do so!
    #goodware

Posted 2 months, 3 weeks ago by tigzy </en/user/tigzy/>
    #goodware; #windows

Posted 9 months ago by tigzy </en/user/tigzy/>
    Filename: dxgthk.sys. PE32 from Windows XP SP3 #goodware #whitelist

Posted 1 year, 2 months ago by Bernardo.Quintero
</en/user/Bernardo.Quintero/>
    Tagged automatically
#goodware

Posted 2 years, 2 months ago by tigzy </en/user/tigzy/>
    #goodware

Posted 2 years, 5 months ago by angel1973 </en/user/angel1973/>
More comments <#>


      Leave your comment...

?
Rich Text Area
Toolbar
    Bold (Ctrl+B) <javascript:;>    Italic (Ctrl+I) <javascript:;>    Underline
(Ctrl+U) <javascript:;>    Undo (Ctrl+Z) <javascript:;>    Redo (Ctrl+Y)
<javascript:;>        
StylesStyles <javascript:;>    ▼ <javascript:;>

        Remove Formatting <javascript:;>    

<#>

Post comment <#>

*You have not signed in.* Only registered users can leave comments, sign
in and have a voice!

Sign in <#dlg-signin> Join the community <#dlg-join>
*No votes*. No one has voted on this item yet, be the first one to do so!
More votes <#>
// Blog <http://blog.virustotal.com> | // Twitter
<http://twitter.com/#!/virustotal> | // [email protected]
</en/about/contact/> | // Google groups
<http://groups.google.com/forum/#!forum/virustotal> | // ToS
</en/about/terms-of-service/> | // Privacy policy </en/about/privacy/>
× </en/>


      Recover your password

Enter the email address associated to your VirusTotal Community account
and we'll send you a message so you can setup a new password.

Email:

loading Recover password <javascript:resetPassword()> Cancel </en/>
× </en/>


      Join VirusTotal Community

Interact with other VirusTotal users and have an active voice when
fighting today's Internet threats. Find out more about VirusTotal
Community. </en/documentation/virustotal-community/>

First name
Last name
Username
*
Email
*
Password
*
Confirm password
*
* Required field

loading Cancel </en/> Sign up <javascript:signup()>
× </en/>


      Sign in

Username or email
Password
Forgot your password? <#>

loading Cancel </en/> Sign in <javascript:signin('')>

============

 


VirusTotal </en/>
Analysis completed.
SHA256:     54df909101aaec63234a5c33b51d6689fef58b943942bffa9606864f43ec1085
File name:     ntdll.dll
Detection ratio:     0 / 51
Analysis date:     2014-04-08 13:23:09 UTC ( 2 minutes ago )

1
0
*// Probably harmless!* There are strong indicators suggesting that this
file is safe to use.

  * // Analysis <#analysis>
  * // File detail <#item-detail>
  * // Additional information <#additional-info>
  * // Comments <#comments>
  * // Votes <#votes>
  * // Behavioural information <#behavioural-info>

Antivirus     Result     Update
AVG     //     20140408
Ad-Aware     //     20140408
AegisLab     //     20140408
Agnitum     //     20140407
AhnLab-V3     //     20140408
AntiVir     //     20140408
Antiy-AVL     //     20140408
Avast     //     20140408
Baidu-International     //     20140408
BitDefender     //     20140408
Bkav     //     20140408
ByteHero     //     20140408
CAT-QuickHeal     //     20140408
CMC     //     20140408
ClamAV     //     20140408
Commtouch     //     20140408
Comodo     //     20140408
DrWeb     //     20140408
ESET-NOD32     //     20140408
Emsisoft     //     20140408
F-Prot     //     20140408
F-Secure     //     20140408
Fortinet     //     20140407
GData     //     20140408
Ikarus     //     20140408
Jiangmin     //     20140408
K7AntiVirus     //     20140408
K7GW     //     20140408
Kaspersky     //     20140408
Kingsoft     //     20140408
Malwarebytes     //     20140408
McAfee     //     20140408
McAfee-GW-Edition     //     20140408
MicroWorld-eScan     //     20140408
Microsoft     //     20140408
NANO-Antivirus     //     20140408
Norman     //     20140408
Panda     //     20140408
Qihoo-360     //     20140408
Rising     //     20140408
SUPERAntiSpyware     //     20140408
Sophos     //     20140408
Symantec     //     20140408
TheHacker     //     20140408
TotalDefense     //     20140408
TrendMicro     //     20140408
TrendMicro-HouseCall     //     20140408
VBA32     //     20140408
VIPRE     //     20140408
ViRobot     //     20140408
nProtect     //     20140408

An error occurred
*The file being studied is a Portable Executable file!* More
specifically, it is a Win32 DLL file for the Windows command line
subsystem.


          // Authenticode signature block

Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Windows® Operating System
Original name ntdll.dll
Internal name ntdll.dll
File version 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Description NT Layer DLL


          // PE header basic information

Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-12-09 15:15:09
Entry Point 0x000120F8
Number of sections 4


          // PE sections

Name Virtual address Virtual size Raw size Entropy MD5
.text 4096 511706 512000 6.86 6c4b48cb287c622fa0ebc3104d609416
.data 516096 18976 12800 1.47 cd0a71ec3c60f29a08b8ef0f634a1d4f
.rsrc 536576 179832 180224 3.33 05d0beffa92d472226469dc6901be97d
.reloc 716800 12000 12288 6.67 5c193c501f1c4ac97d79bd8d5f6e49e4


          // PE exports

CsrAllocateCaptureBuffer
CsrAllocateMessagePointer
CsrCaptureMessageBuffer
CsrCaptureMessageMultiUnicodeStringsInPlace
CsrCaptureMessageString
CsrCaptureTimeout
CsrClientCallServer
CsrClientConnectToServer
CsrFreeCaptureBuffer
CsrGetProcessId
CsrIdentifyAlertableThread
CsrNewThread
CsrProbeForRead
CsrProbeForWrite
CsrSetPriorityClass
DbgBreakPoint
DbgPrint
DbgPrintEx
DbgPrintReturnControlC
DbgPrompt
DbgQueryDebugFilterState
DbgSetDebugFilterState
DbgUiConnectToDbg
DbgUiContinue
DbgUiConvertStateChangeStructure
DbgUiDebugActiveProcess
DbgUiGetThreadDebugObject
DbgUiIssueRemoteBreakin
DbgUiRemoteBreakin
DbgUiSetThreadDebugObject
DbgUiStopDebugging
DbgUiWaitStateChange
DbgUserBreakPoint
KiFastSystemCall
KiFastSystemCallRet
KiIntSystemCall
KiRaiseUserExceptionDispatcher
KiUserApcDispatcher
KiUserCallbackDispatcher
KiUserExceptionDispatcher
LdrAccessOutOfProcessResource
LdrAccessResource
LdrAddRefDll
LdrAlternateResourcesEnabled
LdrCreateOutOfProcessImage
LdrDestroyOutOfProcessImage
LdrDisableThreadCalloutsForDll
LdrEnumResources
LdrEnumerateLoadedModules
LdrFindCreateProcessManifest
LdrFindEntryForAddress
LdrFindResourceDirectory_U
LdrFindResourceEx_U
LdrFindResource_U
LdrFlushAlternateResourceModules
LdrGetDllHandle
LdrGetDllHandleEx
LdrGetProcedureAddress
LdrHotPatchRoutine
LdrInitShimEngineDynamic
LdrInitializeThunk
LdrLoadAlternateResourceModule
LdrLoadDll
LdrLockLoaderLock
LdrProcessRelocationBlock
LdrQueryImageFileExecutionOptions
LdrQueryProcessModuleInformation
LdrSetAppCompatDllRedirectionCallback
LdrSetDllManifestProber
LdrShutdownProcess
LdrShutdownThread
LdrUnloadAlternateResourceModule
LdrUnloadDll
LdrUnlockLoaderLock
LdrVerifyImageMatchesChecksum
NlsAnsiCodePage
NlsMbCodePageTag
NlsMbOemCodePageTag
NtAcceptConnectPort
NtAccessCheck
NtAccessCheckAndAuditAlarm
NtAccessCheckByType
NtAccessCheckByTypeAndAuditAlarm
NtAccessCheckByTypeResultList
NtAccessCheckByTypeResultListAndAuditAlarm
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
NtAddAtom
NtAddBootEntry
NtAdjustGroupsToken
NtAdjustPrivilegesToken
NtAlertResumeThread
NtAlertThread
NtAllocateLocallyUniqueId
NtAllocateUserPhysicalPages
NtAllocateUuids
NtAllocateVirtualMemory
NtAreMappedFilesTheSame
NtAssignProcessToJobObject
NtCallbackReturn
NtCancelDeviceWakeupRequest
1216 more exports
Show all


          // Number of PE resources by type

RT_MESSAGETABLE 1
RT_VERSION 1


          // Number of PE resources by language

ENGLISH US 2


          // ExifTool file metadata

SubsystemVersion
4.1

LinkerVersion
7.1

ImageVersion
5.1

FileSubtype
0

FileVersionNumber
5.1.2600.6055

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
211968

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)

TimeStamp
2010:12:09 16:15:09+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
ntdll.dll

FileAccessDate
2014:04:08 14:19:26+01:00

ProductVersion
5.1.2600.6055

FileDescription
NT Layer DLL

OSVersion
5.1

FileCreateDate
2014:04:08 14:19:26+01:00

OriginalFilename
ntdll.dll

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
512000

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.1.2600.6055

EntryPoint
0x120f8

ObjectFileType
Dynamic link library

An error occurred
An error occurred
*No comments.* No VirusTotal Community member has commented on this item
yet, be the first one to do so!
    Filename: ntdll.dll. PE32 from Windows XP SP3 #goodware #whitelist

Posted 1 year, 2 months ago by Bernardo.Quintero
</en/user/Bernardo.Quintero/>
More comments <#>


      Leave your comment...

?
Rich Text Area
Toolbar
    Bold (Ctrl+B) <javascript:;>    Italic (Ctrl+I) <javascript:;>    Underline
(Ctrl+U) <javascript:;>    Undo (Ctrl+Z) <javascript:;>    Redo (Ctrl+Y)
<javascript:;>        
StylesStyles <javascript:;>    ▼ <javascript:;>

        Remove Formatting <javascript:;>    

<#>

Post comment <#>

*You have not signed in.* Only registered users can leave comments, sign
in and have a voice!

Sign in <#dlg-signin> Join the community <#dlg-join>
*No votes*. No one has voted on this item yet, be the first one to do so!
More votes <#>
// Blog <http://blog.virustotal.com> | // Twitter
<http://twitter.com/#!/virustotal> | // [email protected]
</en/about/contact/> | // Google groups
<http://groups.google.com/forum/#!forum/virustotal> | // ToS
</en/about/terms-of-service/> | // Privacy policy </en/about/privacy/>
× </en/>


      Recover your password

Enter the email address associated to your VirusTotal Community account
and we'll send you a message so you can setup a new password.

Email:

loading Recover password <javascript:resetPassword()> Cancel </en/>
× </en/>


      Join VirusTotal Community

Interact with other VirusTotal users and have an active voice when
fighting today's Internet threats. Find out more about VirusTotal
Community. </en/documentation/virustotal-community/>

First name
Last name
Username
*
Email
*
Password
*
Confirm password
*
* Required field

loading Cancel </en/> Sign up <javascript:signup()>
× </en/>


      Sign in

Username or email
Password
Forgot your password? <#>

loading Cancel </en/> Sign in <javascript:signin('')>

====================

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Dad on Tue 04/08/2014 at  6:43:35.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\domaiq uninstaller



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\strongvault online backup"



~~~ FireFox

Emptied folder: C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\mozilla\firefox\profiles\846bmugo.default-1370280888171\minidumps [2 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/08/2014 at  6:53:03.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

====================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by Dad (administrator) on HOMERJAY on 08-04-2014 07:31:23
Running from C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Microsoft) C:\WINDOWS\arservice.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
(Intel Corporation) C:\WINDOWS\system32\IProsetMonitor.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files\Norton 360\Norton 360\Engine\21.2.0.38\N360.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\WINDOWS\system32\atwtusb.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Symantec Corporation) C:\Program Files\Norton 360\Norton 360\Engine\21.2.0.38\N360.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(WALTOP International Corp.) C:\WINDOWS\system32\TblMouse.exe
(PixArt Imaging Incorporation) C:\WINDOWS\PixArt\PAC7302\Monitor.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Apache Software Foundation) C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
(Logitech Inc.) C:\Program Files\SetPoint\SetPoint.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
() C:\WINDOWS\system32\atwtusb.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TblMouse] - C:\WINDOWS\system32\TblMouse.exe [65184 2007-10-09] (WALTOP International Corp.)
HKLM\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [PAC7302_Monitor] - C:\WINDOWS\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20026472 1999-12-31] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [15512424 2012-09-23] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMCTray.dll [108392 2012-09-23] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1634112 2012-09-23] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-229142031-1004967283-3177539258-1008\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1804648 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-229142031-1004967283-3177539258-1008\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-229142031-1004967283-3177539258-1008\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-229142031-1004967283-3177539258-1008\...\MountPoints2: K - K:\VZW_Software_upgrade_assistant.exe
Lsa: [Authentication Packages] msv1_0 nwprovau
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
ShortcutTarget: Monitor Apache Servers.lnk -> C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe (Apache Software Foundation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk
ShortcutTarget: SetPoint.lnk -> C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\LogMeInRemoteUser\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\UpdatusUser\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE8HP&PC=UP61
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Norton 360\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Norton 360\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: Hosts file not detected in the default directory

FireFox:
========
FF ProfilePath: C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\846bmugo.default-1370280888171
FF DefaultSearchEngine: Ask Jeeves
FF Homepage: file:///c:/home.htm
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2105 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2163 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1212 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\846bmugo.default-1370280888171\searchplugins\ask-jeeves.xml
FF Extension: Firebug - C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\846bmugo.default-1370280888171\Extensions\[email protected] [2013-08-05]
FF Extension: Lightbeam - C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\846bmugo.default-1370280888171\Extensions\[email protected] [2013-10-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-01-29]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []

========================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor9.0; C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-05] (Adobe Systems Incorporated)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 1999-12-31] (LSI Corporation)
R2 ARSVC; C:\WINDOWS\arservice.exe [58880 2005-08-03] (Microsoft)
R2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [110752 2010-09-21] (Intel Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [67400 2011-04-01] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43129288 2012-06-29] (Microsoft Corporation)
R2 N360; C:\Program Files\Norton 360\Norton 360\Engine\21.2.0.38\N360.exe [265040 2014-03-12] (Symantec Corporation)
R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-13] (Microsoft Corporation)
S0 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [379848 2012-06-29] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [528256 2012-12-11] (Wacom Technology, Corp.)
R2 WTService; C:\WINDOWS\system32\atwtusb.exe [364192 2007-12-06] ()

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 1999-12-31] (Creative)
S3 Andbus; C:\WINDOWS\System32\DRIVERS\lgandbus.sys [14336 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\WINDOWS\System32\DRIVERS\lganddiag.sys [20736 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\WINDOWS\System32\DRIVERS\lgandgps.sys [20096 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\WINDOWS\System32\DRIVERS\lgandmodem.sys [25088 2012-03-02] (LG Electronics Inc.)
S3 androidusb; C:\WINDOWS\System32\Drivers\lgandadb.sys [25728 2012-03-02] (Google Inc)
S3 aracpi; C:\WINDOWS\System32\DRIVERS\aracpi.sys [22784 2005-08-03] (Microsoft Corporation)
R3 arhidfltr; C:\WINDOWS\System32\DRIVERS\arhidfltr.sys [19200 2005-08-03] (Microsoft Corporation)
R3 arkbcfltr; C:\WINDOWS\System32\DRIVERS\arkbcfltr.sys [5376 2005-08-03] (Microsoft Corporation)
R3 armoucfltr; C:\WINDOWS\System32\DRIVERS\armoucfltr.sys [4992 2005-08-03] (Microsoft Corporation)
R3 ARPolicy; C:\WINDOWS\System32\DRIVERS\arpolicy.sys [10112 2005-08-03] (Microsoft Corporation)
S3 AVEO; C:\WINDOWS\System32\DRIVERS\AVEOdcnt.sys [224256 2010-01-21] (AVEO Corp)
R0 bb-run; C:\WINDOWS\System32\DRIVERS\bb-run.sys [17408 2003-11-05] (Promise Technology, Inc.)
R1 BHDrvx86; C:\Program Files\Norton 360\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx86.sys [1098968 2014-03-18] (Symantec Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360\1502000.026\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R3 CXFALCON; C:\WINDOWS\System32\drivers\cxfalcon.sys [100480 2005-08-16] (Conexant Systems, Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2014-01-31] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2014-01-28] (Symantec Corporation)
R0 ftsata2; C:\WINDOWS\System32\DRIVERS\ftsata2.sys [175104 2005-06-30] (Promise Technology, Inc.)
R3 hidkmdf; C:\WINDOWS\System32\DRIVERS\hidkmdf.sys [11680 2012-12-03] (Windows ® Win 7 DDK provider)
R3 IDSxpx86; C:\Program Files\Norton 360\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140405.001\IDSxpx86.sys [383120 2014-03-25] (Symantec Corporation)
R3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28688 2007-04-11] (Logitech, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 1999-12-31] (Creative Technology Ltd.)
R3 NAVENG; C:\Program Files\Norton 360\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140407.024\NAVENG.SYS [93272 2014-04-02] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton 360\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140407.024\NAVEX15.SYS [1612376 2014-04-02] (Symantec Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [124264 2012-07-03] (NVIDIA Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-10] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-10] (Microsoft Corporation)
R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation)
S3 PAC7302; C:\WINDOWS\System32\DRIVERS\PAC7302.SYS [457216 2009-04-28] (PixArt Imaging Inc.)
S4 RsFx0153; C:\WINDOWS\System32\DRIVERS\RsFx0153.sys [249288 2012-06-29] (Microsoft Corporation)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R3 SRTSP; C:\WINDOWS\System32\Drivers\N360\1502000.026\SRTSP.SYS [664280 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360\1502000.026\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [12984 2012-04-13] ()
R0 SymDS; C:\WINDOWS\System32\drivers\N360\1502000.026\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\N360\1502000.026\SYMEFA.SYS [936152 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2014-01-29] (Symantec Corporation)
S3 SymIM; C:\WINDOWS\System32\DRIVERS\SymIM.sys [47960 2013-09-09] (Symantec Corporation)
R3 SymIMMP; C:\WINDOWS\System32\DRIVERS\SymIM.sys [47960 2013-09-09] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360\1502000.026\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\N360\1502000.026\SYMTDI.SYS [423256 2014-02-17] (Symantec Corporation)
R3 WacHidRouter; C:\WINDOWS\System32\DRIVERS\wachidrouter.sys [70048 2012-12-03] (Wacom Technology)
R3 wacomrouterfilter; C:\WINDOWS\System32\DRIVERS\wacomrouterfilter.sys [13728 2012-11-15] (Wacom Technology)
S3 WN5301; C:\WINDOWS\System32\DRIVERS\wn5301.sys [468768 2005-10-05] (Liteon Technology Inc.)
S3 dsNcAdpt; system32\DRIVERS\dsNcAdpt.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
U1 WS2IFSL;
S2 zumbus; system32\DRIVERS\zumbus.sys [X]

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2014-04-08 06:53 - 2014-04-08 06:53 - 00001280 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\JRT.txt
2014-04-08 06:43 - 2014-04-08 06:43 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-08 06:31 - 2014-04-08 06:34 - 00000000 ____D () C:\AdwCleaner
2014-04-08 06:26 - 2014-04-08 06:26 - 00008548 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\ntdllDllSysScan.txt
2014-04-08 06:20 - 2014-04-08 06:22 - 00006919 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\dxgthkSysScan.txt
2014-04-08 06:08 - 2014-04-08 06:08 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\TFC.exe
2014-04-08 06:05 - 2014-04-08 06:05 - 01016261 _____ (Thisisu) C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\JRT.exe
2014-04-08 05:59 - 2014-04-08 05:59 - 01426178 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\adwcleaner.exe
2014-04-07 12:10 - 2014-04-07 12:10 - 00003593 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\aswMBR.txt
2014-04-07 12:10 - 2014-04-07 12:10 - 00000512 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\MBR.dat
2014-04-07 12:09 - 2014-04-07 12:09 - 01139874 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\AVAST_JustBeforeItFails.bmp
2014-04-07 10:36 - 2014-04-07 10:36 - 01139874 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\AVAST_SuspiciousError.bmp
2014-04-07 07:24 - 2014-04-07 07:26 - 00042011 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Addition.txt
2014-04-07 07:23 - 2014-04-08 07:31 - 00020141 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\FRST.txt
2014-04-07 07:21 - 2014-04-08 07:12 - 00000000 ____D () C:\FRST
2014-04-07 07:17 - 2014-04-07 07:17 - 04745728 _____ (AVAST Software) C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\aswmbr.exe
2014-04-07 07:15 - 2014-04-07 07:15 - 01145856 _____ (Farbar) C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\FRST.exe
2014-04-06 17:02 - 2014-04-06 17:02 - 03423972 ____R () C:\2013Backup_2014-04-06_170202.mbf
2014-04-06 15:49 - 2014-04-06 15:49 - 03408054 ____R () C:\2013Backup_2014-04-06_154912.mbf
2014-04-04 15:47 - 2014-04-04 15:51 - 00000000 ____D () C:\WINDOWS\system32\CATRJunk
2014-04-04 15:38 - 2014-04-04 15:38 - 03182166 _____ () C:\WINDOWS\4_14image.bmp
2014-04-03 07:25 - 2014-04-03 07:25 - 03396905 ____R () C:\2013Backup_2014-04-03_072538.mbf
2014-03-31 11:37 - 2014-04-08 07:02 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-31 11:37 - 2014-03-31 11:37 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-29 20:58 - 2013-09-09 19:47 - 00047960 ____R (Symantec Corporation) C:\WINDOWS\system32\Drivers\SymIM.sys
2014-03-28 20:52 - 2014-03-30 13:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-27 03:03 - 2014-03-27 03:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-27 03:00 - 2014-03-27 03:03 - 00006821 _____ () C:\WINDOWS\KB2934207.log
2014-03-26 15:40 - 2014-02-25 18:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-03-26 15:40 - 2014-02-25 18:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-03-21 22:40 - 2014-03-21 22:39 - 00110592 _____ () C:\WINDOWS\Minidump\Mini032114-01.dmp
2014-03-21 07:34 - 2014-04-06 10:38 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\PattenU
2014-03-16 14:33 - 2014-04-07 07:08 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Mary Moose
2014-03-15 12:30 - 2014-03-15 12:30 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\SelfMV
2014-03-15 12:30 - 2014-03-15 12:30 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\samsung
2014-03-15 12:30 - 2014-03-15 12:30 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\NativeFus_Log
2014-03-15 12:30 - 2014-02-25 16:48 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\system32\secman.dll
2014-03-15 12:29 - 2014-04-02 13:46 - 00000000 ____D () C:\Program Files\Samsung
2014-03-15 12:27 - 2014-03-15 12:27 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Downloaded Installations
2014-03-15 12:20 - 2008-04-13 19:12 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusd.dll
2014-03-15 12:20 - 2001-08-17 22:36 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusb.dll
2014-03-15 12:12 - 2014-03-15 12:30 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Samsung
2014-03-15 12:12 - 2014-03-15 12:12 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\SmartSwitch
2014-03-14 03:06 - 2014-03-14 03:07 - 00132116 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-14 03:06 - 2014-03-14 03:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-14 03:06 - 2014-03-14 03:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-14 03:01 - 2014-03-14 03:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-03-13 06:50 - 2014-03-14 03:06 - 00130647 _____ () C:\WINDOWS\KB2929961.log
2014-03-13 06:49 - 2014-03-14 03:06 - 00134032 _____ () C:\WINDOWS\KB2930275.log
2014-03-11 12:10 - 2014-04-04 16:32 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Mulvaney

==================== One Month Modified Files and Folders =======

2014-04-08 07:31 - 2014-04-07 07:23 - 00020141 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\FRST.txt
2014-04-08 07:12 - 2014-04-07 07:21 - 00000000 ____D () C:\FRST
2014-04-08 07:05 - 2005-08-31 05:17 - 01333955 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-08 07:04 - 2005-08-31 05:02 - 00000776 _____ () C:\WINDOWS\win.ini
2014-04-08 07:03 - 2005-09-01 11:58 - 00000000 ____D () C:\WINDOWS\Registration
2014-04-08 07:02 - 2014-03-31 11:37 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-08 07:02 - 2013-11-11 16:33 - 00000642 _____ () C:\WINDOWS\Tasks\Amazon Music Helper.job
2014-04-08 07:02 - 2010-02-25 11:48 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-08 07:02 - 2010-02-25 11:48 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-08 07:01 - 2005-08-31 05:17 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-08 07:01 - 2005-08-30 21:55 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-08 07:01 - 2005-08-30 21:55 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-04-08 07:00 - 2013-05-09 04:49 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-08 07:00 - 2012-02-14 18:45 - 00000178 ___SH () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\ntuser.ini
2014-04-08 07:00 - 2005-08-31 05:17 - 00032198 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-08 06:53 - 2014-04-08 06:53 - 00001280 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\JRT.txt
2014-04-08 06:45 - 2012-02-18 22:07 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Adobe
2014-04-08 06:43 - 2014-04-08 06:43 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-08 06:34 - 2014-04-08 06:31 - 00000000 ____D () C:\AdwCleaner
2014-04-08 06:26 - 2014-04-08 06:26 - 00008548 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\ntdllDllSysScan.txt
2014-04-08 06:22 - 2014-04-08 06:20 - 00006919 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\dxgthkSysScan.txt
2014-04-08 06:08 - 2014-04-08 06:08 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\TFC.exe
2014-04-08 06:05 - 2014-04-08 06:05 - 01016261 _____ (Thisisu) C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\JRT.exe
2014-04-08 05:59 - 2014-04-08 05:59 - 01426178 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\adwcleaner.exe
2014-04-08 02:00 - 2012-11-16 17:47 - 00000338 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-HOMERJAY-Dad.job
2014-04-08 02:00 - 2010-11-18 19:32 - 00000364 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-HOMERJAY-HP_Administrator.job
2014-04-07 15:10 - 2005-12-08 10:24 - 00000152 _____ () C:\WINDOWS\WININIT.INI
2014-04-07 12:10 - 2014-04-07 12:10 - 00003593 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\aswMBR.txt
2014-04-07 12:10 - 2014-04-07 12:10 - 00000512 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\MBR.dat
2014-04-07 12:09 - 2014-04-07 12:09 - 01139874 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\AVAST_JustBeforeItFails.bmp
2014-04-07 10:36 - 2014-04-07 10:36 - 01139874 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\AVAST_SuspiciousError.bmp
2014-04-07 07:26 - 2014-04-07 07:24 - 00042011 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Addition.txt
2014-04-07 07:17 - 2014-04-07 07:17 - 04745728 _____ (AVAST Software) C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\aswmbr.exe
2014-04-07 07:15 - 2014-04-07 07:15 - 01145856 _____ (Farbar) C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\FRST.exe
2014-04-07 07:08 - 2014-03-16 14:33 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Mary Moose
2014-04-07 05:07 - 2014-01-29 08:55 - 00125533 _____ () C:\WINDOWS\setupapi.log
2014-04-06 17:02 - 2014-04-06 17:02 - 03423972 ____R () C:\2013Backup_2014-04-06_170202.mbf
2014-04-06 17:02 - 2012-02-24 19:34 - 16097280 _____ () C:\2012Feb.mny
2014-04-06 15:49 - 2014-04-06 15:49 - 03408054 ____R () C:\2013Backup_2014-04-06_154912.mbf
2014-04-06 14:54 - 2013-06-06 07:43 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\NPE
2014-04-06 14:54 - 2005-08-30 23:34 - 00000279 __RSH () C:\boot.ini
2014-04-06 10:38 - 2014-03-21 07:34 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\PattenU
2014-04-06 10:10 - 2013-11-20 12:34 - 00070656 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Daily List.xls
2014-04-05 11:56 - 2014-01-14 16:27 - 00109145 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\2014BillPay.xlsx
2014-04-04 16:32 - 2014-03-11 12:10 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Mulvaney
2014-04-04 15:51 - 2014-04-04 15:47 - 00000000 ____D () C:\WINDOWS\system32\CATRJunk
2014-04-04 15:38 - 2014-04-04 15:38 - 03182166 _____ () C:\WINDOWS\4_14image.bmp
2014-04-03 23:38 - 2006-04-27 22:50 - 00000000 ____D () C:\Program Files\Las Vegas Casino
2014-04-03 23:36 - 2010-02-10 08:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-04-03 15:21 - 2012-03-08 19:53 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-04-03 07:25 - 2014-04-03 07:25 - 03396905 ____R () C:\2013Backup_2014-04-03_072538.mbf
2014-04-02 15:18 - 2005-09-01 11:54 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-04-02 14:11 - 2010-05-19 08:56 - 00000000 ____D () C:\Program Files\Lexmark 1200 Series
2014-04-02 14:11 - 2008-07-20 14:30 - 00000000 ____D () C:\Program Files\ABBYY FineReader 5.0 Sprint
2014-04-02 13:46 - 2014-03-15 12:29 - 00000000 ____D () C:\Program Files\Samsung
2014-04-01 11:25 - 2013-07-22 10:05 - 00001011 _____ () C:\home.htm
2014-04-01 11:23 - 2013-07-22 10:05 - 00000000 ____D () C:\home_files
2014-03-31 22:42 - 2008-08-20 21:02 - 00002187 _____ () C:\Documents and Settings\All Users\Desktop\Safari.lnk
2014-03-31 11:37 - 2014-03-31 11:37 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-31 11:34 - 2013-05-08 05:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-30 13:54 - 2014-03-28 20:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 21:01 - 2014-01-29 09:18 - 00000000 ____D () C:\WINDOWS\system32\Drivers\N360
2014-03-29 20:57 - 2014-01-29 09:24 - 00001975 _____ () C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
2014-03-29 20:57 - 2014-01-29 09:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
2014-03-27 03:03 - 2014-03-27 03:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-27 03:03 - 2014-03-27 03:00 - 00006821 _____ () C:\WINDOWS\KB2934207.log
2014-03-27 03:03 - 2005-08-31 05:04 - 00912948 _____ () C:\WINDOWS\tsoc.log
2014-03-27 03:03 - 2005-08-31 05:04 - 00654517 _____ () C:\WINDOWS\comsetup.log
2014-03-27 03:03 - 2005-08-31 05:04 - 00398319 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-27 03:03 - 2005-08-31 05:04 - 00240333 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-27 03:03 - 2005-08-31 05:04 - 00232234 _____ () C:\WINDOWS\iis6.log
2014-03-27 03:03 - 2005-08-31 05:04 - 00111793 _____ () C:\WINDOWS\ehOCGen.log
2014-03-27 03:03 - 2005-08-31 05:04 - 00108384 _____ () C:\WINDOWS\ocmsn.log
2014-03-27 03:03 - 2005-08-31 05:04 - 00099104 _____ () C:\WINDOWS\tabletoc.log
2014-03-27 03:03 - 2005-08-31 05:04 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-27 03:03 - 2005-08-31 04:59 - 01983696 _____ () C:\WINDOWS\FaxSetup.log
2014-03-27 03:03 - 2005-08-31 04:59 - 00972531 _____ () C:\WINDOWS\ocgen.log
2014-03-27 03:03 - 2005-08-31 04:59 - 00360008 _____ () C:\WINDOWS\netfxocm.log
2014-03-27 03:03 - 2005-08-31 04:59 - 00230231 _____ () C:\WINDOWS\plusoc.log
2014-03-27 03:03 - 2005-08-31 04:59 - 00099445 _____ () C:\WINDOWS\msgsocm.log
2014-03-27 03:03 - 2005-08-31 04:57 - 00617814 _____ () C:\WINDOWS\msmqinst.log
2014-03-26 18:30 - 2012-04-17 18:16 - 00001680 _____ () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
2014-03-21 22:40 - 2006-06-03 10:35 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-21 22:39 - 2014-03-21 22:40 - 00110592 _____ () C:\WINDOWS\Minidump\Mini032114-01.dmp
2014-03-18 15:29 - 2013-08-14 03:14 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-18 15:25 - 2012-02-21 09:00 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-15 12:30 - 2014-03-15 12:30 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\SelfMV
2014-03-15 12:30 - 2014-03-15 12:30 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\samsung
2014-03-15 12:30 - 2014-03-15 12:30 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\NativeFus_Log
2014-03-15 12:30 - 2014-03-15 12:12 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Samsung
2014-03-15 12:29 - 2005-12-08 10:09 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-15 12:27 - 2014-03-15 12:27 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Downloaded Installations
2014-03-15 12:12 - 2014-03-15 12:12 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\SmartSwitch
2014-03-14 03:27 - 2005-08-31 05:05 - 03628824 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-14 03:25 - 2010-02-13 10:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 03:07 - 2014-03-14 03:06 - 00132116 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-14 03:07 - 2005-12-08 09:55 - 00263358 _____ () C:\WINDOWS\updspapi.log
2014-03-14 03:07 - 2005-08-31 05:04 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-03-14 03:06 - 2014-03-14 03:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-14 03:06 - 2014-03-14 03:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-14 03:06 - 2014-03-13 06:50 - 00130647 _____ () C:\WINDOWS\KB2929961.log
2014-03-14 03:06 - 2014-03-13 06:49 - 00134032 _____ () C:\WINDOWS\KB2930275.log
2014-03-14 03:03 - 2008-07-20 13:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-03-14 03:01 - 2014-03-14 03:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-03-13 00:43 - 2012-02-14 18:45 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75
2014-03-12 12:00 - 2012-06-29 18:53 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-12 12:00 - 2012-06-29 18:53 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-12 08:26 - 2011-01-11 11:35 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\SarasDoodles
2014-03-11 09:10 - 2014-03-04 08:10 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Sallie Mae
2014-03-10 12:26 - 2012-03-28 18:11 - 00000000 ____D () C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Taxes
2014-03-09 22:24 - 2005-08-31 05:07 - 00688336 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


  • 0

#8
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi :)

Have the warnings stopped from Avast? Also, I will check my links for Junkware Removal Tool. Thank you for alerting me to that.

I don't see the Adwcleaner log, please post that and we'll continue. :thumbsup:
  • 0

#9
mikechWA

mikechWA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

I just ran AVAST and it ran all the way through just fine. I don't know what I clicked on (with the Junk Removal Tool), but there are so many links it's easy to see what might have happened. I just thought a brief warning to click on the button that says "Author's Site" might be helpful. It was me, not you. :0)

 

So, here goes:

 

# AdwCleaner v3.023 - Report created 08/04/2014 at 06:34:18
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Dad - HOMERJAY
# Running from : C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\AI_RecycleBin
Folder Deleted : C:\WINDOWS\system32\AI_RecycleBin
Folder Deleted : C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\boost_interprocess
Folder Deleted : C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\strongvault
File Deleted : C:\WINDOWS\Downloaded Program Files\popcaploader.inf

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Bench

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\846bmugo.default-1370280888171\prefs.js ]


[ File : C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\846bmugo.default-1370280888171\prefs.js ]


[ File : C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\846bmugo.default-1370280888171\prefs.js ]


[ File : C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\846bmugo.default-1370280888171\prefs.js ]


[ File : C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\846bmugo.default-1370280888171\prefs.js ]


[ File : C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\846bmugo.default-1370280888171\prefs.js ]


[ File : C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\846bmugo.default-1370280888171\prefs.js ]


*************************

AdwCleaner[R0].txt - [4976 octets] - [08/04/2014 06:32:34]
AdwCleaner[S0].txt - [4008 octets] - [08/04/2014 06:34:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4068 octets] ##########

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-04-08 13:47:48
-----------------------------
13:47:48.468    OS Version: Windows 5.1.2600 Service Pack 3
13:47:48.468    Number of processors: 2 586 0x404
13:47:48.468    ComputerName: HOMERJAY  UserName: Dad
13:47:49.703    Initialize success
13:51:39.640    AVAST engine defs: 14040802
13:51:43.062    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
13:51:43.062    Disk 0 Vendor: Maxtor_6L300S0 BACE1G10 Size: 286168MB BusType: 3
13:51:43.437    Disk 0 MBR read successfully
13:51:43.437    Disk 0 MBR scan
13:51:43.515    Disk 0 unknown MBR code
13:51:43.515    Disk 0 Partition 1 00     0C    FAT32 LBA RECOVERY     8714 MB offset 63
13:51:43.546    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       277442 MB offset 17848215
13:51:43.546    Disk 0 scanning sectors +586051200
13:51:43.609    Disk 0 scanning C:\WINDOWS\system32\drivers
13:52:03.781    Service scanning
13:52:09.312    Service BHDrvx86 C:\Program Files\Norton 360\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx86.sys **LOCKED** 5
13:52:11.703    Service ccSet_N360 C:\WINDOWS\system32\drivers\N360\1502000.026\ccSetx86.sys **LOCKED** 5
13:52:14.546    Service eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys **LOCKED** 5
13:52:15.359    Service EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
13:52:18.453    Service IDSxpx86 C:\Program Files\Norton 360\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140405.001\IDSxpx86.sys **LOCKED** 5
13:52:31.734    Service NAVENG C:\Program Files\Norton 360\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140407.024\NAVENG.SYS **LOCKED** 5
13:52:31.953    Service NAVEX15 C:\Program Files\Norton 360\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140407.024\NAVEX15.SYS **LOCKED** 5
13:52:40.343    Service SRTSPX C:\WINDOWS\system32\drivers\N360\1502000.026\SRTSPX.SYS **LOCKED** 5
13:52:41.375    Service SymDS C:\WINDOWS\system32\drivers\N360\1502000.026\SYMDS.SYS **LOCKED** 5
13:52:41.750    Service SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS **LOCKED** 5
13:52:41.937    Service SymIRON C:\WINDOWS\system32\drivers\N360\1502000.026\Ironx86.SYS **LOCKED** 5
13:52:42.031    Service SYMTDI C:\WINDOWS\System32\Drivers\N360\1502000.026\SYMTDI.SYS **LOCKED** 5
13:52:47.468    Modules scanning
13:52:54.953    Module: C:\WINDOWS\System32\drivers\dxgthk.sys  **SUSPICIOUS**
13:52:57.390    Module: C:\WINDOWS\system32\ntdll.dll  **SUSPICIOUS**
13:52:57.390    Disk 0 trace - called modules:
13:52:57.421    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:52:57.421    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aeb9ab8]
13:52:57.421    3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\0000007b[0x8aea3968]
13:52:57.421    5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8aead940]
13:52:58.234    AVAST engine scan C:\WINDOWS
13:53:41.906    AVAST engine scan C:\WINDOWS\system32
13:58:34.312    AVAST engine scan C:\WINDOWS\system32\drivers
13:59:06.890    AVAST engine scan C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75
13:59:55.187    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\MBR.dat"
13:59:55.187    The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\aswMBR_Rev.txt"


=============

 

Thanks !


  • 0

#10
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I just ran AVAST and it ran all the way through just fine. I don't know what I clicked on (with the Junk Removal Tool), but there are so many links it's easy to see what might have happened. I just thought a brief warning to click on the button that says "Author's Site" might be helpful. It was me, not you. :0)



That's good to hear and no worries. Let's run a sweep for remnants and check for any out of date programs on your machine. :)



Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop



Step 2: ESET Online Virus Scan

Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#11
mikechWA

mikechWA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hello - wow! I cannot believe we're still finding threats. I am glad we're going through this whole thing. I thought this had been taken care of.

 

One note. I ran MBAM first and it found no threats. Then let ESET run over night. When I woke up MBAM had run again and found three threats. So, I included both, just be aware of the dates when you review them.

 

=========== first MBAM ===============

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/8/2014
Scan Time: 9:55:39 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.03.04.09
Rootkit Database: v2014.02.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Dad

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 404018
Time Elapsed: 1 hr, 5 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

==============ESET ===================

 

[email protected] as downloader log:
Can not open [email protected] as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=be5dfeaa95695c44958f137a9d597561
# engine=17805
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-04-09 12:26:00
# local_time=2014-04-09 05:26:00 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3592 16777213 100 90 0 147622456 0 0
# scanned=384791
# found=1
# cleaned=0
# scan_time=25863
sh=28B29A0AA2F451EC3837933CE5B1BD353CF0DF3E ft=1 fh=d9a532cac918a019 vn="MSIL/Adware.StrongVault.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\AI_RecycleBin\{05DD86E0-3A1E-4390-ACB7-B261C7510FB7}\3\Strongvault\StrongVaultApp.exe.vir"
 

 

========== MBAM from this morning ==================

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/9/2014
Scan Time: 7:30:30 AM
Logfile: MBAM_0409.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.08.09
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Dad

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 416415
Time Elapsed: 4 hr, 31 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.StartSavin.A, HKU\S-1-5-21-229142031-1004967283-3177539258-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}, , [d712f532a8d387af471c33db32d0d828],
PUP.Optional.Linkey.A, HKU\S-1-5-21-229142031-1004967283-3177539258-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, , [806969be3c3f2214e1814bc351b18a76],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\SYSTEMK\General, , [6782c2650a71d363cc765c08a260e917],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

=========== Security Check ===============

 

 Results of screen317's Security Check version 0.99.81  
 Windows XP Service Pack 3 x86 (UAC is disabled!)  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Norton 360    
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 51  
 Adobe Flash Player     12.0.0.77  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (28.0)
 Mozilla Thunderbird (17.0.6)
 Google Chrome 16.0.912.75  
 Google Chrome 16.0.912.77  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````
 

 

==============END ==================

 

Thank You!


  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Hello - wow! I cannot believe we're still finding threats. I am glad we're going through this whole thing. I thought this had been taken care of.


In this case, we're good, as the item that ESET detected was already quarantined and is no threat. :) MBAM found and removed some errant registry keys as well.


Thank You!


You are quite welcome, it's my pleasure. :thumbsup: which brings me to my next point...


Great news, your logs are CLEAN! :thumbsup: :) But we still have a few things we need to address namely:
  • I need to remove the tools we installed on your machine.
  • We also have some programs on your machine that need updating to help protect you in the future.
  • I also have some information and tips for you, as well as protection against a new ransomware program called CryptoLocker.
Step 1: Tool Removal and Creation of a Clean Restore Point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
  • You can uninstall ESET Online Scanner at this time.
  • I'd recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week.
Step 2: Java Warning, Update Adobe Reader, and Install FileHippo


A word about Java

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.

If you do have software that requires it, then disable it until such time as it's needed by those programs.

Please click the link below for instructions to disable Java.

How to Disable Java in your Web Browser


If you wish to continue to use Java on your machine, please be sure to keep it updated by following the instructions below.
  • Click on this link Java Website and click Do I Have Java?
  • Then click the Verify Java Version button. It will scan your current version and show you if you have the most current version.
You can also download a tool called JavaRa that will automatically search for new updates and remove older versions of Java.
Click the link below to go to the download page to get the tool.

JavaRa

Once you have downloaded JavaRa
  • Unzip the files to the directory of your choice.
  • Double click the JavaRa icon in the directory and choose your language preference.
  • Click Remove Older Versions from the menu.
  • Click Yes.
  • If you get a warning that Internet Explorer needs to be closed, close it, then click ok.
  • JavaRa will then search for and remove old versions of Java from your machine.
You can find instructions for manually removing older versions for Windows XP, Vista, and 7 by clicking the link below:

Instructions for manually removing old versions of Java



Updating Adobe Reader
  • Malware will exploit any vulnerabilities it can find in outdated software. If you are using Adobe Reader for reading pdf files, try using FoxIt Reader. It is a very capable alternative to Adobe.
  • Please click here to download FoxIt Reader.
  • If you wish to continue to use Adobe Reader, then please update it by clicking here.
  • Please remember to uncheck the option to install Chrome as your browser.
Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker


Step 3: Tips, Information, and Protection against CryptoLocker


Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go. :)

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

A warning about CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

Please download and install CryptoPrevent to lock your machine down from this infection.

CryptoPrevent_zps1835f65d.jpg

Are there any further issues I can assist you with?
  • 0






Similar Topics


Also tagged with one or more of these keywords: suspicious cloud 9 conduit st, conduit, start savin, startsavin, livey, suspicious, Bamboo, Tablet

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP