Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

60 Second timer starts at boot up and forces reboot [Solved]

timer reboot 60 second

  • This topic is locked This topic is locked

#16
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

OK, keep me posted :)

 

Cheers,

Naat


  • 0

Advertisements


#17
hi-marsh

hi-marsh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Greetings Naat,

 

The fixlist.txt worked and I no longer have the timer forcing the reboot :D .  So, I can now safely boot up in normal mode.

 

Here is the text from the fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:21-05-2014
Ran by Owner Supervisor at 2014-06-19 12:24:35 Run:1
Running from C:\Documents and Settings\Owner Supervisor\Desktop
Boot Mode: Safe Mode (minimal)

==============================================

Content of fixlist:
*****************
Replace: C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll C:\WINDOWS\system32\dllcache\rpcss.dll
Replace: C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll C:\WINDOWS\system32\rpcss.dll
Ad-Aware (Version: 8.0.7 - Lavasoft) Hidden
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state off
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reboot:
*****************

C:\WINDOWS\system32\dllcache\rpcss.dll => Moved successfully.
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll copied successfully to C:\WINDOWS\system32\dllcache\rpcss.dll
C:\WINDOWS\system32\rpcss.dll => Moved successfully.
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll copied successfully to C:\WINDOWS\system32\rpcss.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware\\SystemComponent => Value not found.

=========  netsh advfirewall reset =========

WARNING: Could not obtain host information from machine: [UNIT1]. Some commands may not be available.
The RPC server is unavailable.

The following command was not found: advfirewall reset.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state off =========

WARNING: Could not obtain host information from machine: [UNIT1]. Some commands may not be available.
The RPC server is unavailable.

The following command was not found: advfirewall set allprofiles state off.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully

========= End of Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully

========= End of Reg: =========

 

The system needed a reboot.

==== End of Fixlog ====

 

Here is the text from the FRST.txt file:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-05-2014
Ran by Owner Supervisor (administrator) on UNIT1 on 19-06-2014 12:31:50
Running from C:\Documents and Settings\Owner Supervisor\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
() C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [EM_EXEC] => C:\Program Files\MouseWare\system\EM_EXEC.EXE [28672 2002-05-01] (Logitech Inc.                    )
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18671104 2009-07-28] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2009-07-08] (Symantec Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-03-17] (Apple Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-543026260-1871380738-2602940609-1005\...\RunOnce: [AutoLaunch] - C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe [669936 2011-06-15] ()
HKU\S-1-5-21-543026260-1871380738-2602940609-1005\...\MountPoints2: {0a046975-df85-11e1-bab3-0024e8086ff2} - F:\TL-Bootstrap.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)

FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-04-21]

========================== Services (Whitelisted) =================

R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-04-12] (Sun Microsystems, Inc.)
R2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1036104 2011-06-15] (Lavasoft)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-07-13] (Symantec Corporation)
R2 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [1864888 2009-09-17] (Symantec Corporation)
S4 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [341320 2009-09-17] (Symantec Corporation)
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-14] (SupportSoft, Inc.)
R2 Symantec AntiVirus; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2477304 2009-09-17] (Symantec Corporation)
R2 WSWNDA3100v2; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
S3 BCMH43XX; C:\WINDOWS\System32\DRIVERS\bcmwlhigh5.sys [1034240 2011-03-28] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 COH_Mon; C:\WINDOWS\system32\Drivers\COH_Mon.sys [23888 2009-07-14] (Symantec Corporation)
S3 Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [11264 2007-12-03] (Realtek Semiconductor Corporation)
R2 DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)
R2 DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)
R2 DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)
R2 DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)
R2 DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)
R2 DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)
R2 DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)
R2 DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-19] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-12-05] (Symantec Corporation)
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23904 2010-05-14] (Logitech Inc.)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [47249 2006-05-18] (FTDI Ltd.)
S3 giveio; C:\WINDOWS\system32\giveio.sys [5248 2013-03-28] ()
R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [79960 2008-08-18] (JMicron Technology Corp.)
R2 LANPkt; C:\WINDOWS\System32\DRIVERS\LANPkt.sys [8960 2007-11-19] (Realtek Semiconductor Corporation)
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64160 2009-07-03] (Lavasoft AB)
R3 LKbdFlt2; C:\WINDOWS\System32\DRIVERS\LKbdFlt2.sys [5840 2002-04-15] (Logitech)
R3 LVPr2Mon; C:\WINDOWS\System32\Drivers\LVPr2Mon.sys [25824 2010-05-07] ()
R3 LVUSBSta; C:\WINDOWS\System32\DRIVERS\LVUSBSta.sys [41752 2008-12-16] (Logitech Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20140520.008\NAVENG.SYS [93272 2013-09-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20140520.008\NAVEX15.SYS [1612376 2013-09-16] (Symantec Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)
S3 PTDUBus; C:\WINDOWS\System32\DRIVERS\PTDUBus.sys [33024 2008-08-10] (DEVGURU Co,LTD.)
S3 PTDUMdm; C:\WINDOWS\System32\DRIVERS\PTDUMdm.sys [41344 2008-08-10] (DEVGURU Co,LTD.)
S3 PTDUVsp; C:\WINDOWS\System32\DRIVERS\PTDUVsp.sys [39936 2008-08-10] (DEVGURU Co,LTD.)
S3 PTDUWWAN; C:\WINDOWS\System32\DRIVERS\PTDUWWAN.sys [59904 2008-08-10] (DEVGURU Co,LTD.)
R3 RTHDMIAzAudService; C:\WINDOWS\System32\drivers\RtKHDMI.sys [3734976 2009-06-24] (Realtek Semiconductor Corp.)
S3 RTLVLAN; C:\WINDOWS\System32\DRIVERS\RTLVLAN.SYS [16640 2007-11-19] (Realtek Semiconductor Corporation)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2009-08-26] (Symantec Corporation)
R1 SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [281648 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [320560 2009-08-25] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [43696 2009-08-25] (Symantec Corporation)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-03-19] ()
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [124976 2011-02-13] (Symantec Corporation)
R3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [26416 2009-09-03] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [188080 2009-09-03] (Symantec Corporation)
S4 SysPlant; C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys [92488 2009-09-17] (Symantec Corporation)
R3 Teefer2; C:\WINDOWS\System32\DRIVERS\teefer2.sys [50064 2009-05-27] (Symantec Corporation)
R1 WPS; C:\WINDOWS\system32\drivers\wpsdrvnt.sys [42312 2009-09-17] (Symantec Corporation)
R3 WpsHelper; C:\WINDOWS\system32\drivers\WpsHelper.sys [174056 2012-09-30] (Symantec Corporation)
S3 cpuz132; \??\C:\DOCUME~1\OWNERS~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [X]
U5 l8042pr2; C:\Windows\System32\Drivers\l8042pr2.sys [52224 2002-04-15] (Logitech)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-19 12:27 - 2014-06-19 12:27 - 00000408 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-19 12:27 - 2014-06-19 12:27 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-06-19 12:27 - 2014-06-19 12:27 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-06-19 12:27 - 2014-06-19 12:27 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-06-19 12:19 - 2014-06-19 12:32 - 00016629 _____ () C:\Documents and Settings\Owner Supervisor\Desktop\FRST.txt
2014-06-19 12:19 - 2014-06-10 20:47 - 00029596 _____ () C:\Documents and Settings\Owner Supervisor\Desktop\Addition.txt
2014-06-19 12:19 - 2014-05-22 17:24 - 01056768 _____ (Farbar) C:\Documents and Settings\Owner Supervisor\Desktop\FRST.exe
2014-06-05 20:16 - 2014-06-05 20:17 - 00000000 ___SD () C:\ComboFix
2014-05-27 21:03 - 2014-05-27 21:03 - 00000000 ____D () C:\rsit
2014-05-24 20:41 - 2014-05-24 21:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SecTaskMan
2014-05-24 20:41 - 2014-05-24 20:41 - 00000000 ____D () C:\Program Files\Security Task Manager
2014-05-24 20:39 - 2014-05-24 21:35 - 00065536 _____ () C:\WINDOWS\system32\config\iolo App.evt
2014-05-24 20:39 - 2014-05-24 21:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\iolo
2014-05-24 20:39 - 2014-05-24 20:39 - 00074703 _____ () C:\WINDOWS\system32\mfc45.dat
2014-05-24 20:39 - 2014-05-24 20:39 - 00000000 ____D () C:\Documents and Settings\Owner Supervisor\Application Data\iolo
2014-05-24 20:24 - 2014-05-24 20:24 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-24 20:24 - 2014-05-24 20:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-24 20:24 - 2014-05-24 20:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-24 20:24 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-24 20:24 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-24 20:12 - 2014-05-24 20:13 - 00005528 _____ () C:\Documents and Settings\Owner Supervisor\Desktop\Rkill.txt
2014-05-24 20:11 - 2014-05-24 20:11 - 00000000 ____D () C:\WINDOWS\erdnt
2014-05-24 20:11 - 2014-05-24 20:11 - 00000000 ____D () C:\Qoobox
2014-05-24 19:54 - 2014-06-19 12:31 - 00000000 ____D () C:\FRST

==================== One Month Modified Files and Folders =======

2014-06-19 12:32 - 2014-06-19 12:19 - 00016629 _____ () C:\Documents and Settings\Owner Supervisor\Desktop\FRST.txt
2014-06-19 12:31 - 2014-05-24 19:54 - 00000000 ____D () C:\FRST
2014-06-19 12:28 - 2008-04-25 14:28 - 00009311 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-19 12:27 - 2014-06-19 12:27 - 00000408 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-19 12:27 - 2014-06-19 12:27 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-06-19 12:27 - 2014-06-19 12:27 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-06-19 12:27 - 2014-06-19 12:27 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-06-19 12:27 - 2010-10-21 22:54 - 00000902 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-19 12:27 - 2010-08-12 21:16 - 00000000 ____D () C:\WINDOWS\system32\logishrd
2014-06-19 12:27 - 2008-04-25 14:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-19 12:26 - 2010-06-29 22:37 - 00000000 _____ () C:\WINDOWS\system32\Drivers\logiflt.iad
2014-06-19 12:26 - 2010-03-11 21:33 - 00143132 _____ () C:\aaw7boot.log
2014-06-19 12:26 - 2009-05-23 17:52 - 00000278 ___SH () C:\Documents and Settings\Owner Supervisor\ntuser.ini
2014-06-19 08:14 - 2008-04-25 09:16 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-10 20:47 - 2014-06-19 12:19 - 00029596 _____ () C:\Documents and Settings\Owner Supervisor\Desktop\Addition.txt
2014-06-05 20:17 - 2014-06-05 20:16 - 00000000 ___SD () C:\ComboFix
2014-05-27 21:03 - 2014-05-27 21:03 - 00000000 ____D () C:\rsit
2014-05-24 22:01 - 2009-05-23 17:58 - 00000000 __SHD () C:\Documents and Settings\Owner Supervisor\UserData
2014-05-24 21:35 - 2014-05-24 20:39 - 00065536 _____ () C:\WINDOWS\system32\config\iolo App.evt
2014-05-24 21:35 - 2014-05-24 20:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\iolo
2014-05-24 21:02 - 2014-05-24 20:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SecTaskMan
2014-05-24 20:41 - 2014-05-24 20:41 - 00000000 ____D () C:\Program Files\Security Task Manager
2014-05-24 20:39 - 2014-05-24 20:39 - 00074703 _____ () C:\WINDOWS\system32\mfc45.dat
2014-05-24 20:39 - 2014-05-24 20:39 - 00000000 ____D () C:\Documents and Settings\Owner Supervisor\Application Data\iolo
2014-05-24 20:24 - 2014-05-24 20:24 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-24 20:24 - 2014-05-24 20:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-24 20:24 - 2014-05-24 20:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-24 20:13 - 2014-05-24 20:12 - 00005528 _____ () C:\Documents and Settings\Owner Supervisor\Desktop\Rkill.txt
2014-05-24 20:11 - 2014-05-24 20:11 - 00000000 ____D () C:\WINDOWS\erdnt
2014-05-24 20:11 - 2014-05-24 20:11 - 00000000 ____D () C:\Qoobox
2014-05-22 17:24 - 2014-06-19 12:19 - 01056768 _____ (Farbar) C:\Documents and Settings\Owner Supervisor\Desktop\FRST.exe
2014-05-21 21:12 - 2010-10-21 22:54 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-21 20:23 - 2008-04-25 02:22 - 00554110 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

Here is the text from the addition.txt file:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-05-2014
Ran by Owner Supervisor at 2014-06-19 12:32:20
Running from C:\Documents and Settings\Owner Supervisor\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Symantec Endpoint Protection (Disabled - Up to date) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection (Disabled) {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

==================== Installed Programs ======================

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Ad-Aware (HKLM\...\Ad-Aware) (Version:  - Lavasoft)
Ad-Aware (Version: 8.0.7 - Lavasoft) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.5.502.146 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{553255F3-78FD-40F1-A6F8-6882140265FE}) (Version: 1.2.1 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ArcSoft PhotoImpression 6 (HKLM\...\{D03E7B00-CA85-4684-9321-1888873C34BD}) (Version: 6 - ArcSoft)
ArcSoft Print Creations (HKLM\...\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}) (Version:  - ArcSoft)
ATI Catalyst Control Center (HKLM\...\{87841AF8-C785-42FF-A76E-CC0F0C2816CC}) (Version: 1.2.2735.37383 - )
ATI Catalyst Install Manager (HKLM\...\{52ACD100-226F-7209-C267-903E592A654B}) (Version: 3.0.745.0 - ATI Technologies, Inc.)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.493-080512a-064246C-Dell - )
ATI Problem Report Wizard (Version: 3.0.745.0 - ATI Technologies) Hidden
CameraHelperMsi (Version: 13.00.1774.0 - Logitech) Hidden
Canon Utilities Digital Photo Professional 3.10 (HKLM\...\DPP) (Version: 3.10.2.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Click to Call with Skype (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8153 - Skype Technologies S.A.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel PaintShop Pro Misc Content (Version: 1.0.0.45 - Corel Corporation) Hidden
Corel PaintShop Pro Misc Content (Version: 1.00.0000 - Corel Corporation) Hidden
Corel PaintShop Pro X5 (HKLM\...\_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}) (Version: 15.0.0.183 - Corel Corporation)
Corel PaintShop Pro X5 (Version: 15.3.0.8 - Corel Corporation) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.16 - Piriform)
Dell Backup and Recovery Manager (HKLM\...\{B0585E15-E03C-4F62-B20E-84639D4A01E5}) (Version: 1.3 - Dell, Inc.)
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
Device Doctor 1.0.0.1 (HKLM\...\{D575FBAA-D6D6-4221-A2C4-67541DB7AB5E}_is1) (Version:  - Device Doctor Software Inc.)
Diagnostics Utility (HKLM\...\{88253B77-33C9-4A9D-9E4C-4579E39D9158}) (Version: 1.00.0000 - Realtek)
EPSON Print CD (HKLM\...\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}) (Version: 1.60.000 - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON RX595 User's Guide (HKLM\...\Silent Package Run-Time Sample) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Stylus Photo RX595 Series Scanner Driver Update (HKLM\...\{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}) (Version:  - )
EPSON Web-To-Page (HKLM\...\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}) (Version:  - )
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FaceFilter Studio 2 (HKLM\...\{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}) (Version: 2.0 - Reallusion)
FTDI USB Serial Converter Drivers (HKLM\...\FTDICOMM) (Version: 2.00.00 - FTDI Ltd)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM\...\{3544DED1-07DB-40C0-98F3-435A6DA195C7}) (Version: 3.0.14346 - Google, Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HDD Health v3.3 Beta (HKLM\...\HDD Health_is1) (Version:  - )
ICA (Version: 15.0.0.183 - Corel Corporation) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IPM_PSP_COM (Version: 15.0.0.183 - Corel Corporation) Hidden
Jarte 3.4 (HKLM\...\Jarte_is1) (Version: 3.4 - Carolina Road Software L.L.C.)
Java Auto Updater (Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
LiveUpdate 3.3 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.3.0.92 - Symantec Corporation)
Logitech QuickCam Driver Package (HKLM\...\lvdrivers_11.90) (Version:  - )
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS Facebook (Version: 13.00.1777.0 - Logitech) Hidden
LWS Gallery (Version: 13.00.1778.0 - Logitech) Hidden
LWS Help_main (Version: 13.00.1783.0 - Logitech) Hidden
LWS Launcher (Version: 13.00.1776.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.00.1778.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.00.1778.0 - Logitech) Hidden
LWS Video Mask Maker (Version: 13.00.1774.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.00.1774.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.00.1774.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.00.1774.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.00.1777.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MaxiLink (HKLM\...\{58BEE9AE-625D-4177-BC5E-E6E0794C092E}) (Version: 1.05.0000 - Cen-Tech)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Search Enhancement Pack (Version: 1.3.59.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 2.0.31005.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MouseWare 9.60  (HKLM\...\{5809E7CF-4DCF-11D4-9875-00105ACE7734}) (Version:  - )
MSN (HKLM\...\MSNINST) (Version:  - )
MSN Toolbar (HKLM\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 4.0.0379.0 - Microsoft Corporation)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB927977) (HKLM\...\{5A710547-B58E-488B-828D-CA9A25A0533C}) (Version: 6.00.3890.0 - Microsoft Corporation)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
Nik Color Efex Pro 3.0 (HKLM\...\_{BA7B3A61-EB8C-4C70-8179-93DDA248AA49}) (Version: 1.0.0.53 - Corel Corporation)
Nik Color Efex Pro 3.0 (Version: 1.00.0000 - Corel Corporation) Hidden
PANTECH UM175 Driver (HKLM\...\{C13AF9C7-8E06-4354-B629-DF6192CE4A66}) (Version: 3.1.20.1215 - PANTECH CO.,LTD)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
PSPPContent (Version: 15.3.0.8 - Corel Corporation) Hidden
PSPPHelp (Version: 15.1.0.11 - Corel Corporation) Hidden
QuickTime (HKLM\...\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}) (Version: 7.66.71.0 - Apple Inc.)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.30.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5904 - Realtek Semiconductor Corp.)
Roxio Activation Module (HKLM\...\{07159635-9DFE-4105-BFC0-2817DB540C68}) (Version: 1.0 - Roxio)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41C6-8752-958A45325C82}) (Version: 3.5.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.5.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}) (Version: 3.5.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4C52-84D5-77E344289F87}) (Version: 3.5.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.5.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ED8-B104-03393876DFDF}) (Version: 3.5.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.1 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
Security Task Manager 1.8g (HKLM\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Setup (Version: 15.0.0.183 - Corel Corporation) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (HKLM\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SSC Service Utility v4.30 (HKLM\...\SSC Service Utility_is1) (Version:  - SSC Localization Group)
Symantec Endpoint Protection (HKLM\...\{2EFCC193-D915-4CCB-9201-31773A27BC06}) (Version: 11.0.5002.333 - Symantec Corporation)
Ultimate Creative Collection (X5) (HKLM\...\_{AE4364BD-ED09-4D94-8DA2-315C10A57CD1}) (Version: 1.0.0.50 - Corel Corporation)
Ultimate Creative Collection (X5) (Version: 1.00.0000 - Corel Corporation) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB969497) (HKLM\...\KB969497-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951618-v2) (HKLM\...\KB951618-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VZAccess Manager (HKLM\...\VZAccess Manager) (Version: 6.10.10 - Smith Micro Software, Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - FTDI CDM Driver Package (05/19/2006 2.00.00) (HKLM\...\23C892DBF52DDAF3C9BD2BB6E9805E79FCD09A67) (Version: 05/19/2006 2.00.00 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (05/19/2006 2.00.00) (HKLM\...\A2E63BDAC649E514867CB43CE0B4F9DB111206C2) (Version: 05/19/2006 2.00.00 - FTDI)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Toolbar (Version: 14.0.8052.1208 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
WModem Driver Installer (HKLM\...\HTC_WModemDriver) (Version: 2.0.6.7 - HTC)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

==================== Restore Points  =========================

12-02-2014 04:22:28 System Checkpoint
17-02-2014 19:27:34 System Checkpoint
09-03-2014 23:09:45 System Checkpoint
20-03-2014 04:46:43 Software Distribution Service 3.0
20-03-2014 05:04:58 Removed DriverUpdate
29-03-2014 06:01:21 System Checkpoint
01-04-2014 04:19:34 Software Distribution Service 3.0
07-04-2014 01:01:44 Software Distribution Service 3.0
21-04-2014 01:07:59 System Checkpoint
29-04-2014 03:53:58 System Checkpoint
08-05-2014 05:43:08 System Checkpoint

==================== Hosts content: ==========================

2008-04-25 09:16 - 2014-06-19 12:24 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-07-03 07:49 - 2011-06-15 20:58 - 00090592 _____ () C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
2007-07-23 13:04 - 2007-07-23 13:04 - 00068080 _____ () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
2009-07-03 07:49 - 2011-06-15 20:58 - 00256424 _____ () C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
2009-07-03 07:49 - 2011-06-15 20:58 - 01640216 _____ () C:\Program Files\Lavasoft\Ad-Aware\Resources.dll
2009-07-03 07:49 - 2009-07-03 07:49 - 00168960 _____ () C:\Program Files\Lavasoft\Ad-Aware\unrar.dll
2012-12-12 20:38 - 2011-12-14 18:53 - 00303360 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
2012-12-12 20:38 - 2011-12-14 11:22 - 00319488 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiLib.dll
2012-12-12 20:38 - 2011-12-14 18:55 - 08453376 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2012-12-12 20:38 - 2011-12-14 11:43 - 00278528 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2014 00:27:58 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index metadata cannot be read.   (0xc0041801)

Error: (06/19/2014 00:27:58 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index metadata cannot be read.   (0xc0041801)

Error: (06/19/2014 00:27:58 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.   (0x80070490)

Error: (06/19/2014 00:27:53 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index metadata cannot be read.   (0xc0041801)

Error: (06/19/2014 00:27:53 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
 0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  )

Error: (06/19/2014 00:27:53 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
 0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  )

Error: (06/19/2014 00:19:45 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.

Error: (06/19/2014 00:19:45 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: The server name or address could not be resolved

Error: (06/19/2014 00:17:14 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: The server name or address could not be resolved

Error: (06/19/2014 00:16:08 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.

System errors:
=============
Error: (06/19/2014 00:28:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (06/19/2014 00:28:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Windows Search service to connect.

Error: (06/19/2014 00:28:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1053" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (06/19/2014 00:28:08 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

Error: (06/19/2014 00:16:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

Error: (06/19/2014 00:16:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
eeCtrl
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SRTSP
SRTSPX
SYMTDI
Tcpip
WPS
WS2IFSL

Error: (06/19/2014 00:16:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Error: (06/19/2014 00:16:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31

Error: (06/19/2014 00:16:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (06/19/2014 00:16:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31

Microsoft Office Sessions:
=========================
Error: (06/19/2014 00:27:58 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
 The content index metadata cannot be read.   (0xc0041801)

Error: (06/19/2014 00:27:58 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index metadata cannot be read.   (0xc0041801)

Error: (06/19/2014 00:27:58 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.   (0x80070490)
Search.TripoliIndexer

Error: (06/19/2014 00:27:53 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index metadata cannot be read.   (0xc0041801)
Search.JetPropStore

Error: (06/19/2014 00:27:53 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  )

Error: (06/19/2014 00:27:53 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
 0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  )

Error: (06/19/2014 00:19:45 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (06/19/2014 00:19:45 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download....hrootseq.txtThe server name or address could not be resolved

Error: (06/19/2014 00:17:14 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download....hrootseq.txtThe server name or address could not be resolved

Error: (06/19/2014 00:16:08 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 3070.91 MB
Available physical RAM: 2372.21 MB
Total Pagefile: 4955.75 MB
Available Pagefile: 4511.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1963.16 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:232.79 GB) (Free:146.45 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive j: (Lexar) (Removable) (Total:7.45 GB) (Free:7.31 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0C)

==================== End Of Log ============================

 

 

Again, I am sincerely grateful for your work on my behalf. :yes:

 

Cheers,

Hi-marsh


  • 0

#18
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)
 
 

I have a 100K trip to town to download the file

 
Why would you have to do that? Some issues with your ISP?
 
 
I see that you're running more than one antivirus program at the same time.

  • Lavasoft Ad-Aware
  • Symantec Endpoint Protection

This is a bad idea.


Using more than one AV will not give you any better protection, but may cause interferences between them, slow your machine or even completely block your OS. You should choose only one to stay, and remove any others. Think carefully and stay with only one AV. Personally I recommend to get rid of Ad-Aware as its reputation isn't exactly good.
It should be done before any other steps in malware removing will be taken.

In your next reply I'd like to know which one will stay and which one will go.
You may remove it from the Control Panel (Start > Control Panel > Uninstall a program or Programs and Features if in Classic View) and in my next post I will provide also the tool that will take care of the uninstalled AV's remnants.
 
 
 
 
 
Download TFC by OldTimer to your desktop.

  • Double-click TFC.exe to run it. (Note: If you are running Vista or higher, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Download aswMBR by avast! and save it to your desktop.

  • Simply double-click the 51a5f5c328e95-aswmbr16.png icon to run it. It will ask for administrator privileges.
  • Once prompted to download the database, click No.
  • Choose None for the AV Scan option.
  • Press Scan.

    aswMBR2-1.gif

  • Once done, click Save Log and choose your desktop.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

Performing general FRST scan

Please re-run Farbar Recovery Scan Tool

  • Right click on 12579.gif to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • You will be presented with a window like below:

    FRSTconsole-2.jpg

  • Make sure that the Addition box is checked.
  • Press Scan button.
  • It will produce two logs called FRST.txt and Addition.txt in the same directory the tool is run from.
  • Please copy and paste them back here.

Now in your next reply please include these ones for my review:
icon_arrow.gif aswMBR report
icon_arrow.gif FRST.txt
icon_arrow.gif Addition.txt

I don't mind multiple posts if necessary.

Cheers,
Naat  :)


  • 0

#19
hi-marsh

hi-marsh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I have not gone online with my computer since this problem began, thinking it may cause further problems. I will eliminate the Ad-Aware, but my Symantec program has been damaged or corrupted by some of this malware. I will get on the PC and begin the process you have outlined.
Cheers,
Hi-marsh.
  • 0

#20
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi :)

Your machine may be safely connected to the Internet, no issues here.
Keep me posted :thumbsup:

Regards,
Naat :)
  • 0

#21
hi-marsh

hi-marsh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Greetings Naat,

 

I have removed the Ad-Aware.  The Symantec program is working fine with no corruptions or detectable problem.  I had to disable it to download the aswMBR program as it kept quarantining it as some sort of trojan.

 

 

Here is the aswMBR report:
 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-06-22 15:21:49
-----------------------------
15:21:49.390    OS Version: Windows 5.1.2600 Service Pack 3
15:21:49.390    Number of processors: 4 586 0x1707
15:21:49.390    ComputerName: UNIT1  UserName:
15:21:50.531    Initialize success
15:21:50.546    VM: initialized successfully
15:21:50.562    VM: Intel CPU virtualization not supported
15:22:49.890    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
15:22:49.890    Disk 0 Vendor: ST325031 4.AD Size: 238418MB BusType: 3
15:22:50.015    Disk 0 MBR read successfully
15:22:50.015    Disk 0 MBR scan
15:22:50.015    Disk 0 Windows VISTA default MBR code
15:22:50.015    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
15:22:50.031    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       238377 MB offset 81920
15:22:50.046    Disk 0 default boot code
15:22:50.046    Disk 0 scanning sectors +488279202
15:22:50.125    Disk 0 scanning C:\WINDOWS\system32\drivers
15:22:58.687    Service scanning
15:23:10.140    Service SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
15:23:10.281    Service Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys **LOCKED** 32
15:23:11.406    Service WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys **LOCKED** 32
15:23:11.437    Service WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys **LOCKED** 32
15:23:12.281    Modules scanning
15:23:19.640    Disk 0 trace - called modules:
15:23:19.656    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:23:19.656    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad1b720]
15:23:19.656    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x8a6f6028]
15:23:19.656    Scan finished successfully
15:23:34.968    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner Supervisor\Desktop\MBR.dat"
15:23:34.968    The log file has been saved successfully to "C:\Documents and Settings\Owner Supervisor\Desktop\aswMBR.txt"

 

 

Here is the FRST.txt report:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014
Ran by Owner Supervisor (administrator) on UNIT1 on 22-06-2014 15:24:33
Running from C:\Documents and Settings\Owner Supervisor\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
() C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\WINWORD.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [EM_EXEC] => C:\Program Files\MouseWare\system\EM_EXEC.EXE [28672 2002-05-01] (Logitech Inc.                    )
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18671104 2009-07-28] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2009-07-08] (Symantec Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-03-17] (Apple Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-543026260-1871380738-2602940609-1005\...\MountPoints2: {0a046975-df85-11e1-bab3-0024e8086ff2} - F:\TL-Bootstrap.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-23]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-04-21]

========================== Services (Whitelisted) =================

R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-04-12] (Sun Microsystems, Inc.)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-07-13] (Symantec Corporation)
R2 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [1864888 2009-09-17] (Symantec Corporation)
S4 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [341320 2009-09-17] (Symantec Corporation)
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-14] (SupportSoft, Inc.)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [69632 2007-07-11] (MicroVision Development, Inc.) [File not signed]
R2 Symantec AntiVirus; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2477304 2009-09-17] (Symantec Corporation)
R2 WSWNDA3100v2; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R3 BCMH43XX; C:\WINDOWS\System32\DRIVERS\bcmwlhigh5.sys [1034240 2011-03-28] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 COH_Mon; C:\WINDOWS\system32\Drivers\COH_Mon.sys [23888 2009-07-14] (Symantec Corporation)
S3 Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [11264 2007-12-03] (Realtek Semiconductor Corporation) [File not signed]
R2 DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)
R2 DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)
R2 DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)
R2 DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)
R2 DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)
R2 DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)
R2 DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)
R2 DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-08] (Symantec Corporation)
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23904 2010-05-14] (Logitech Inc.)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [47249 2006-05-18] (FTDI Ltd.)
S3 giveio; C:\WINDOWS\system32\giveio.sys [5248 2013-03-28] () [File not signed]
R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [79960 2008-08-18] (JMicron Technology Corp.)
R2 LANPkt; C:\WINDOWS\System32\DRIVERS\LANPkt.sys [8960 2007-11-19] (Realtek Semiconductor Corporation)
R3 LKbdFlt2; C:\WINDOWS\System32\DRIVERS\LKbdFlt2.sys [5840 2002-04-15] (Logitech)
R3 LVPr2Mon; C:\WINDOWS\System32\Drivers\LVPr2Mon.sys [25824 2010-05-07] ()
R3 LVUSBSta; C:\WINDOWS\System32\DRIVERS\LVUSBSta.sys [41752 2008-12-16] (Logitech Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20140622.003\NAVENG.SYS [93272 2013-09-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20140622.003\NAVEX15.SYS [1612376 2013-09-16] (Symantec Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)
S3 PTDUBus; C:\WINDOWS\System32\DRIVERS\PTDUBus.sys [33024 2008-08-10] (DEVGURU Co,LTD.)
S3 PTDUMdm; C:\WINDOWS\System32\DRIVERS\PTDUMdm.sys [41344 2008-08-10] (DEVGURU Co,LTD.)
S3 PTDUVsp; C:\WINDOWS\System32\DRIVERS\PTDUVsp.sys [39936 2008-08-10] (DEVGURU Co,LTD.)
S3 PTDUWWAN; C:\WINDOWS\System32\DRIVERS\PTDUWWAN.sys [59904 2008-08-10] (DEVGURU Co,LTD.)
R3 RTHDMIAzAudService; C:\WINDOWS\System32\drivers\RtKHDMI.sys [3734976 2009-06-24] (Realtek Semiconductor Corp.)
S3 RTLVLAN; C:\WINDOWS\System32\DRIVERS\RTLVLAN.SYS [16640 2007-11-19] (Realtek Semiconductor Corporation)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2009-08-26] (Symantec Corporation)
R1 SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [281648 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [320560 2009-08-25] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [43696 2009-08-25] (Symantec Corporation)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-03-19] ()
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [124976 2011-02-13] (Symantec Corporation)
R3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [26416 2009-09-03] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [188080 2009-09-03] (Symantec Corporation)
S4 SysPlant; C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys [92488 2009-09-17] (Symantec Corporation)
R3 Teefer2; C:\WINDOWS\System32\DRIVERS\teefer2.sys [50064 2009-05-27] (Symantec Corporation)
R1 WPS; C:\WINDOWS\system32\drivers\wpsdrvnt.sys [42312 2009-09-17] (Symantec Corporation)
S3 WpsHelper; C:\WINDOWS\system32\drivers\WpsHelper.sys [174056 2012-10-05] (Symantec Corporation)
S3 cpuz132; \??\C:\DOCUME~1\OWNERS~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [X]
U5 l8042pr2; C:\Windows\System32\Drivers\l8042pr2.sys [52224 2002-04-15] (Logitech)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 aswMBR; \??\C:\DOCUME~1\OWNERS~1\LOCALS~1\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\DOCUME~1\OWNERS~1\LOCALS~1\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-22 15:24 - 2014-06-22 15:24 - 00000000 ____D () C:\Documents and Settings\Owner Supervisor\Desktop\FRST-OlderVersion
2014-06-22 15:23 - 2014-06-22 15:23 - 00002070 _____ () C:\Documents and Settings\Owner Supervisor\Desktop\aswMBR.txt
2014-06-22 15:23 - 2014-06-22 15:23 - 00000512 _____ () C:\Documents and Settings\Owner Supervisor\Desktop\MBR.dat
2014-06-22 15:21 - 2014-06-22 15:21 - 05185536 _____ (AVAST Software) C:\Documents and Settings\Owner Supervisor\Desktop\aswMBR.exe
2014-06-22 15:07 - 2014-06-22 15:07 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Owner Supervisor\Desktop\TFC.exe
2014-06-19 12:27 - 2014-06-22 15:18 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-06-19 12:27 - 2014-06-22 15:17 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-06-19 12:27 - 2014-06-22 15:16 - 00003340 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-19 12:27 - 2014-06-19 12:27 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-06-19 12:19 - 2014-06-22 15:24 - 01073152 _____ (Farbar) C:\Documents and Settings\Owner Supervisor\Desktop\FRST.exe
2014-06-19 12:19 - 2014-06-22 15:24 - 00016688 _____ () C:\Documents and Settings\Owner Supervisor\Desktop\FRST.txt
2014-06-19 12:19 - 2014-06-19 12:32 - 00030507 _____ () C:\Documents and Settings\Owner Supervisor\Desktop\Addition.txt
2014-06-05 20:16 - 2014-06-05 20:17 - 00000000 ___SD () C:\ComboFix
2014-05-27 21:03 - 2014-05-27 21:03 - 00000000 ____D () C:\rsit
2014-05-24 20:41 - 2014-05-24 21:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SecTaskMan
2014-05-24 20:41 - 2014-05-24 20:41 - 00000000 ____D () C:\Program Files\Security Task Manager
2014-05-24 20:39 - 2014-05-24 21:35 - 00065536 _____ () C:\WINDOWS\system32\config\iolo App.evt
2014-05-24 20:39 - 2014-05-24 21:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\iolo
2014-05-24 20:39 - 2014-05-24 20:39 - 00074703 _____ () C:\WINDOWS\system32\mfc45.dat
2014-05-24 20:39 - 2014-05-24 20:39 - 00000000 ____D () C:\Documents and Settings\Owner Supervisor\Application Data\iolo
2014-05-24 20:24 - 2014-05-24 20:24 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-24 20:24 - 2014-05-24 20:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-24 20:24 - 2014-05-24 20:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-24 20:24 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-24 20:24 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-24 20:12 - 2014-05-24 20:13 - 00005528 _____ () C:\Documents and Settings\Owner Supervisor\Desktop\Rkill.txt
2014-05-24 20:11 - 2014-05-24 20:11 - 00000000 ____D () C:\WINDOWS\erdnt
2014-05-24 20:11 - 2014-05-24 20:11 - 00000000 ____D () C:\Qoobox
2014-05-24 19:54 - 2014-06-22 15:24 - 00000000 ____D () C:\FRST

==================== One Month Modified Files and Folders =======

2014-06-22 15:24 - 2014-06-22 15:24 - 00000000 ____D () C:\Documents and Settings\Owner Supervisor\Desktop\FRST-OlderVersion
2014-06-22 15:24 - 2014-06-19 12:19 - 01073152 _____ (Farbar) C:\Documents and Settings\Owner Supervisor\Desktop\FRST.exe
2014-06-22 15:24 - 2014-06-19 12:19 - 00016688 _____ () C:\Documents and Settings\Owner Supervisor\Desktop\FRST.txt
2014-06-22 15:24 - 2014-05-24 19:54 - 00000000 ____D () C:\FRST
2014-06-22 15:24 - 2009-05-23 17:52 - 00000000 ____D () C:\Documents and Settings\Owner Supervisor\Local Settings\Temp
2014-06-22 15:23 - 2014-06-22 15:23 - 00002070 _____ () C:\Documents and Settings\Owner Supervisor\Desktop\aswMBR.txt
2014-06-22 15:23 - 2014-06-22 15:23 - 00000512 _____ () C:\Documents and Settings\Owner Supervisor\Desktop\MBR.dat
2014-06-22 15:21 - 2014-06-22 15:21 - 05185536 _____ (AVAST Software) C:\Documents and Settings\Owner Supervisor\Desktop\aswMBR.exe
2014-06-22 15:19 - 2009-07-06 22:57 - 00002473 _____ () C:\Documents and Settings\Owner Supervisor\Desktop\Word.lnk
2014-06-22 15:19 - 2008-04-25 14:28 - 00023854 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-22 15:18 - 2014-06-19 12:27 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-06-22 15:18 - 2010-10-21 22:54 - 00000902 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-22 15:17 - 2014-06-19 12:27 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-06-22 15:17 - 2010-08-12 21:16 - 00000000 ____D () C:\WINDOWS\system32\logishrd
2014-06-22 15:17 - 2010-06-29 22:37 - 00000000 _____ () C:\WINDOWS\system32\Drivers\logiflt.iad
2014-06-22 15:17 - 2008-04-25 14:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-22 15:16 - 2014-06-19 12:27 - 00003340 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-22 15:16 - 2009-05-23 17:52 - 00000278 ___SH () C:\Documents and Settings\Owner Supervisor\ntuser.ini
2014-06-22 15:15 - 2010-02-22 10:59 - 00000000 ____D () C:\Documents and Settings\Di\Local Settings\Temp
2014-06-22 15:07 - 2014-06-22 15:07 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Owner Supervisor\Desktop\TFC.exe
2014-06-22 15:04 - 2009-05-23 17:58 - 00000000 __SHD () C:\Documents and Settings\Owner Supervisor\UserData
2014-06-22 14:58 - 2010-03-10 16:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-06-22 14:56 - 2010-10-21 22:54 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-22 14:47 - 2008-04-25 02:22 - 00554110 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-22 14:41 - 2010-03-11 21:33 - 00143580 _____ () C:\aaw7boot.log
2014-06-22 14:41 - 2008-04-25 09:16 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-19 12:32 - 2014-06-19 12:19 - 00030507 _____ () C:\Documents and Settings\Owner Supervisor\Desktop\Addition.txt
2014-06-19 12:27 - 2014-06-19 12:27 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-06-19 12:18 - 2011-02-18 20:21 - 00000000 ____D () C:\Temp
2014-06-05 20:17 - 2014-06-05 20:16 - 00000000 ___SD () C:\ComboFix
2014-05-27 21:03 - 2014-05-27 21:03 - 00000000 ____D () C:\rsit
2014-05-24 21:35 - 2014-05-24 20:39 - 00065536 _____ () C:\WINDOWS\system32\config\iolo App.evt
2014-05-24 21:35 - 2014-05-24 20:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\iolo
2014-05-24 21:02 - 2014-05-24 20:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SecTaskMan
2014-05-24 20:41 - 2014-05-24 20:41 - 00000000 ____D () C:\Program Files\Security Task Manager
2014-05-24 20:39 - 2014-05-24 20:39 - 00074703 _____ () C:\WINDOWS\system32\mfc45.dat
2014-05-24 20:39 - 2014-05-24 20:39 - 00000000 ____D () C:\Documents and Settings\Owner Supervisor\Application Data\iolo
2014-05-24 20:24 - 2014-05-24 20:24 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-24 20:24 - 2014-05-24 20:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-24 20:24 - 2014-05-24 20:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-24 20:13 - 2014-05-24 20:12 - 00005528 _____ () C:\Documents and Settings\Owner Supervisor\Desktop\Rkill.txt
2014-05-24 20:11 - 2014-05-24 20:11 - 00000000 ____D () C:\WINDOWS\erdnt
2014-05-24 20:11 - 2014-05-24 20:11 - 00000000 ____D () C:\Qoobox

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

Here is the Addition.txt report:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:22-06-2014
Ran by Owner Supervisor at 2014-06-22 15:25:09
Running from C:\Documents and Settings\Owner Supervisor\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Symantec Endpoint Protection (Disabled - Up to date) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection (Disabled) {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

==================== Installed Programs ======================

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.5.502.146 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{553255F3-78FD-40F1-A6F8-6882140265FE}) (Version: 1.2.1 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ArcSoft PhotoImpression 6 (HKLM\...\{D03E7B00-CA85-4684-9321-1888873C34BD}) (Version: 6 - ArcSoft)
ArcSoft Print Creations (HKLM\...\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}) (Version:  - ArcSoft)
ATI Catalyst Control Center (HKLM\...\{87841AF8-C785-42FF-A76E-CC0F0C2816CC}) (Version: 1.2.2735.37383 - )
ATI Catalyst Install Manager (HKLM\...\{52ACD100-226F-7209-C267-903E592A654B}) (Version: 3.0.745.0 - ATI Technologies, Inc.)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.493-080512a-064246C-Dell - )
ATI Problem Report Wizard (Version: 3.0.745.0 - ATI Technologies) Hidden
CameraHelperMsi (Version: 13.00.1774.0 - Logitech) Hidden
Canon Utilities Digital Photo Professional 3.10 (HKLM\...\DPP) (Version: 3.10.2.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Click to Call with Skype (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8153 - Skype Technologies S.A.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel PaintShop Pro Misc Content (Version: 1.0.0.45 - Corel Corporation) Hidden
Corel PaintShop Pro Misc Content (Version: 1.00.0000 - Corel Corporation) Hidden
Corel PaintShop Pro X5 (HKLM\...\_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}) (Version: 15.0.0.183 - Corel Corporation)
Corel PaintShop Pro X5 (Version: 15.3.0.8 - Corel Corporation) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.16 - Piriform)
Dell Backup and Recovery Manager (HKLM\...\{B0585E15-E03C-4F62-B20E-84639D4A01E5}) (Version: 1.3 - Dell, Inc.)
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
Device Doctor 1.0.0.1 (HKLM\...\{D575FBAA-D6D6-4221-A2C4-67541DB7AB5E}_is1) (Version:  - Device Doctor Software Inc.)
Diagnostics Utility (HKLM\...\{88253B77-33C9-4A9D-9E4C-4579E39D9158}) (Version: 1.00.0000 - Realtek)
EPSON Print CD (HKLM\...\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}) (Version: 1.60.000 - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON RX595 User's Guide (HKLM\...\Silent Package Run-Time Sample) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Stylus Photo RX595 Series Scanner Driver Update (HKLM\...\{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}) (Version:  - )
EPSON Web-To-Page (HKLM\...\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}) (Version:  - )
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FaceFilter Studio 2 (HKLM\...\{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}) (Version: 2.0 - Reallusion)
FTDI USB Serial Converter Drivers (HKLM\...\FTDICOMM) (Version: 2.00.00 - FTDI Ltd)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM\...\{3544DED1-07DB-40C0-98F3-435A6DA195C7}) (Version: 3.0.14346 - Google, Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HDD Health v3.3 Beta (HKLM\...\HDD Health_is1) (Version:  - )
ICA (Version: 15.0.0.183 - Corel Corporation) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IPM_PSP_COM (Version: 15.0.0.183 - Corel Corporation) Hidden
Jarte 3.4 (HKLM\...\Jarte_is1) (Version: 3.4 - Carolina Road Software L.L.C.)
Java Auto Updater (Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
LiveUpdate 3.3 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.3.0.92 - Symantec Corporation)
Logitech QuickCam Driver Package (HKLM\...\lvdrivers_11.90) (Version:  - )
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS Facebook (Version: 13.00.1777.0 - Logitech) Hidden
LWS Gallery (Version: 13.00.1778.0 - Logitech) Hidden
LWS Help_main (Version: 13.00.1783.0 - Logitech) Hidden
LWS Launcher (Version: 13.00.1776.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.00.1778.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.00.1778.0 - Logitech) Hidden
LWS Video Mask Maker (Version: 13.00.1774.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.00.1774.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.00.1774.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.00.1774.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.00.1777.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MaxiLink (HKLM\...\{58BEE9AE-625D-4177-BC5E-E6E0794C092E}) (Version: 1.05.0000 - Cen-Tech)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Search Enhancement Pack (Version: 1.3.59.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 2.0.31005.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MouseWare 9.60  (HKLM\...\{5809E7CF-4DCF-11D4-9875-00105ACE7734}) (Version:  - )
MSN (HKLM\...\MSNINST) (Version:  - )
MSN Toolbar (HKLM\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 4.0.0379.0 - Microsoft Corporation)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB927977) (HKLM\...\{5A710547-B58E-488B-828D-CA9A25A0533C}) (Version: 6.00.3890.0 - Microsoft Corporation)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
Nik Color Efex Pro 3.0 (HKLM\...\_{BA7B3A61-EB8C-4C70-8179-93DDA248AA49}) (Version: 1.0.0.53 - Corel Corporation)
Nik Color Efex Pro 3.0 (Version: 1.00.0000 - Corel Corporation) Hidden
PANTECH UM175 Driver (HKLM\...\{C13AF9C7-8E06-4354-B629-DF6192CE4A66}) (Version: 3.1.20.1215 - PANTECH CO.,LTD)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
PSPPContent (Version: 15.3.0.8 - Corel Corporation) Hidden
PSPPHelp (Version: 15.1.0.11 - Corel Corporation) Hidden
QuickTime (HKLM\...\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}) (Version: 7.66.71.0 - Apple Inc.)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.30.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5904 - Realtek Semiconductor Corp.)
Roxio Activation Module (HKLM\...\{07159635-9DFE-4105-BFC0-2817DB540C68}) (Version: 1.0 - Roxio)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41C6-8752-958A45325C82}) (Version: 3.5.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.5.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}) (Version: 3.5.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4C52-84D5-77E344289F87}) (Version: 3.5.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.5.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ED8-B104-03393876DFDF}) (Version: 3.5.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.1 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
Security Task Manager 1.8g (HKLM\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Setup (Version: 15.0.0.183 - Corel Corporation) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (HKLM\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SSC Service Utility v4.30 (HKLM\...\SSC Service Utility_is1) (Version:  - SSC Localization Group)
Symantec Endpoint Protection (HKLM\...\{2EFCC193-D915-4CCB-9201-31773A27BC06}) (Version: 11.0.5002.333 - Symantec Corporation)
Ultimate Creative Collection (X5) (HKLM\...\_{AE4364BD-ED09-4D94-8DA2-315C10A57CD1}) (Version: 1.0.0.50 - Corel Corporation)
Ultimate Creative Collection (X5) (Version: 1.00.0000 - Corel Corporation) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB969497) (HKLM\...\KB969497-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951618-v2) (HKLM\...\KB951618-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VZAccess Manager (HKLM\...\VZAccess Manager) (Version: 6.10.10 - Smith Micro Software, Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - FTDI CDM Driver Package (05/19/2006 2.00.00) (HKLM\...\23C892DBF52DDAF3C9BD2BB6E9805E79FCD09A67) (Version: 05/19/2006 2.00.00 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (05/19/2006 2.00.00) (HKLM\...\A2E63BDAC649E514867CB43CE0B4F9DB111206C2) (Version: 05/19/2006 2.00.00 - FTDI)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Toolbar (Version: 14.0.8052.1208 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
WModem Driver Installer (HKLM\...\HTC_WModemDriver) (Version: 2.0.6.7 - HTC)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

==================== Restore Points  =========================

12-02-2014 04:22:28 System Checkpoint
17-02-2014 19:27:34 System Checkpoint
09-03-2014 23:09:45 System Checkpoint
20-03-2014 04:46:43 Software Distribution Service 3.0
20-03-2014 05:04:58 Removed DriverUpdate
29-03-2014 06:01:21 System Checkpoint
01-04-2014 04:19:34 Software Distribution Service 3.0
07-04-2014 01:01:44 Software Distribution Service 3.0
21-04-2014 01:07:59 System Checkpoint
29-04-2014 03:53:58 System Checkpoint
08-05-2014 05:43:08 System Checkpoint

==================== Hosts content: ==========================

2008-04-25 09:16 - 2014-06-19 12:24 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2007-07-23 13:04 - 2007-07-23 13:04 - 00068080 _____ () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
2012-12-12 20:38 - 2011-12-14 18:53 - 00303360 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
2012-12-12 20:38 - 2011-12-14 11:22 - 00319488 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiLib.dll
2012-12-12 20:38 - 2011-12-14 18:55 - 08453376 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2012-12-12 20:38 - 2011-12-14 11:43 - 00278528 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/22/2014 03:19:57 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Documents and Settings\Owner Supervisor\Desktop\aswMBR.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (06/22/2014 03:15:52 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: UNIT1)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
Event Info:  Terminate Thread
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Owner Supervisor\Desktop\TFC.exe (PID 2128)
Time:  Sunday, June 22, 2014  3:15:52 PM

Error: (06/22/2014 03:15:52 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: UNIT1)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
Event Info:  Terminate Process
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Owner Supervisor\Desktop\TFC.exe (PID 2128)
Time:  Sunday, June 22, 2014  3:15:52 PM

Error: (06/22/2014 03:15:52 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: UNIT1)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info:  Terminate Thread
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Owner Supervisor\Desktop\TFC.exe (PID 2128)
Time:  Sunday, June 22, 2014  3:15:52 PM

Error: (06/22/2014 03:15:52 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: UNIT1)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info:  Terminate Process
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Owner Supervisor\Desktop\TFC.exe (PID 2128)
Time:  Sunday, June 22, 2014  3:15:52 PM

Error: (06/22/2014 03:15:52 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: UNIT1)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
Event Info:  Terminate Thread
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Owner Supervisor\Desktop\TFC.exe (PID 2128)
Time:  Sunday, June 22, 2014  3:15:52 PM

Error: (06/22/2014 03:15:52 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: UNIT1)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
Event Info:  Terminate Process
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Owner Supervisor\Desktop\TFC.exe (PID 2128)
Time:  Sunday, June 22, 2014  3:15:52 PM

Error: (06/22/2014 03:15:52 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: UNIT1)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
Event Info:  Terminate Thread
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Owner Supervisor\Desktop\TFC.exe (PID 2128)
Time:  Sunday, June 22, 2014  3:15:52 PM

Error: (06/22/2014 03:15:52 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: UNIT1)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
Event Info:  Terminate Process
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Owner Supervisor\Desktop\TFC.exe (PID 2128)
Time:  Sunday, June 22, 2014  3:15:52 PM

Error: (06/22/2014 03:15:52 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: UNIT1)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
Event Info:  Terminate Thread
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Owner Supervisor\Desktop\TFC.exe (PID 2128)
Time:  Sunday, June 22, 2014  3:15:52 PM

System errors:
=============
Error: (06/22/2014 03:15:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WSWNDA3100v2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/22/2014 03:15:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Matrix Storage Event Monitor service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/22/2014 03:15:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/22/2014 03:15:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Process Monitor service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/22/2014 03:15:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SeaPort service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/22/2014 03:15:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SupportSoft Sprocket Service (dellsupportcenter) service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/22/2014 03:15:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Protexis Licensing V2 service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/22/2014 03:15:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PMBDeviceInfoProvider service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/22/2014 03:15:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/22/2014 03:15:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ati HotKey Poller service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (06/22/2014 03:19:57 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Documents and Settings\Owner Supervisor\Desktop\aswMBR.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (06/22/2014 03:15:52 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: UNIT1)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
Event Info:  Terminate Thread
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Owner Supervisor\Desktop\TFC.exe (PID 2128)
Time:  Sunday, June 22, 2014  3:15:52 PM

Error: (06/22/2014 03:15:52 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: UNIT1)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
Event Info:  Terminate Process
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Owner Supervisor\Desktop\TFC.exe (PID 2128)
Time:  Sunday, June 22, 2014  3:15:52 PM

Error: (06/22/2014 03:15:52 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: UNIT1)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info:  Terminate Thread
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Owner Supervisor\Desktop\TFC.exe (PID 2128)
Time:  Sunday, June 22, 2014  3:15:52 PM

Error: (06/22/2014 03:15:52 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: UNIT1)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info:  Terminate Process
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Owner Supervisor\Desktop\TFC.exe (PID 2128)
Time:  Sunday, June 22, 2014  3:15:52 PM

Error: (06/22/2014 03:15:52 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: UNIT1)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
Event Info:  Terminate Thread
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Owner Supervisor\Desktop\TFC.exe (PID 2128)
Time:  Sunday, June 22, 2014  3:15:52 PM

Error: (06/22/2014 03:15:52 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: UNIT1)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
Event Info:  Terminate Process
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Owner Supervisor\Desktop\TFC.exe (PID 2128)
Time:  Sunday, June 22, 2014  3:15:52 PM

Error: (06/22/2014 03:15:52 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: UNIT1)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
Event Info:  Terminate Thread
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Owner Supervisor\Desktop\TFC.exe (PID 2128)
Time:  Sunday, June 22, 2014  3:15:52 PM

Error: (06/22/2014 03:15:52 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: UNIT1)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
Event Info:  Terminate Process
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Owner Supervisor\Desktop\TFC.exe (PID 2128)
Time:  Sunday, June 22, 2014  3:15:52 PM

Error: (06/22/2014 03:15:52 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: UNIT1)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
Event Info:  Terminate Thread
Action Taken:  Blocked
Actor Process:  C:\Documents and Settings\Owner Supervisor\Desktop\TFC.exe (PID 2128)
Time:  Sunday, June 22, 2014  3:15:52 PM

==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 3070.91 MB
Available physical RAM: 2395.21 MB
Total Pagefile: 4955.8 MB
Available Pagefile: 4438.51 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.15 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:232.79 GB) (Free:146.97 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Back to you.  :whistling:

 

Regards,

Hi-marsh

 
 


  • 0

#22
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)

Do you face any other issues? Couple of next scans below :)

Please re-run Malwarebytes' Anti-Malware

  • Once it has updated select Settings > Detection and Protection >Tick Scan for rootkits

    MBAMsettings.JPG
     

  • Go back to the Dashboard and select Scan Now

    MBAMScan.JPG
     

  • If threats are detected, click the Apply Actions button, MBAM will ask for a reboot

    MBAMReboot.JPG
     

  • On completion of the scan (or after the reboot) select View Detailed Log

    Select Export > Select text file and save it to the desktop.

    MBAMLog.JPG

 

  • Please post that log for my review.

= = = = = = = = = = = = = = = = = = = =



ESET Online Scanner
icon_idea.gif This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox

icon_arrow.gif Please visit ESET site.
Click there fxn8GTf.jpg

If using Internet Explorer:

  • Accept the Terms of Use and click Start
  • Allow the running of add-on

If using other browsers:

  • Download esetsmartinstaller_enu.exe that you'll be given link to
  • Double click esetsmartinstaller_enu.exe
  • Allow the Terms of Use and click Start

icon_exclaim.gif Make sure that:

  • Remove found threats is unchecked
  • Scan archives is checked, in Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked

lUnQ7NW.png

  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan
  • When the scan is done, click Finish
  • A log.txt file will be created at C:\Program Files\ESET\ESET Online Scanner. Open it using Notepad.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

= = = = = = = = = = = = = = = = = = = =



Download Security Check by screen317.
icon_arrow.gif Save it to your Desktop and:

  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt;

Please post the content of that document.

 

= = = = = = = = = = = = = = = = = = = =



Now in your next reply please include these ones for my review:
icon_arrow.gif MBAM report
icon_arrow.gif ESET report
icon_arrow.gif Security Check report

I don't mind multiple posts if necessary.

Cheers,
Naat :)


  • 0

#23
hi-marsh

hi-marsh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Greetings Naat,

 

At this point, I do not seem to be having any problems.  It appears that everything is back to normal.  I have completed the Mbam scan and am currently performing the ESET scan.

 

Here is the content of the Malwarebytes log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/23/2014
Scan Time: 9:48:35 PM
Logfile: MBAM6-23-14.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.24.03
Rootkit Database: v2014.06.23.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Owner Supervisor

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 317341
Time Elapsed: 13 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

I will forward the ESET results tomorrow. :rolleyes:   Thanks again.

 

Cheers,

Hi-marsh


  • 0

#24
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

OK, keep me posted :thumbsup:
 
Naat


  • 0

#25
hi-marsh

hi-marsh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hi Naat,

 

The ESET scan took about an hour and is now complete.  Here is a copy of the log file:

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=e24cd893144ff34d862e86b5e0c9d9ad
# engine=18852
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-24 06:22:10
# local_time=2014-06-23 11:22:10 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=100805
# found=3
# cleaned=0
# scan_time=3182
sh=A798F9766BBC602943F7BCB57FFB89FE2E665EFC ft=1 fh=0648fecfda7b3d59 vn="Win32/Patched.IB trojan" ac=I fn="C:\FRST\Quarantine\C\WINDOWS\system32\rpcss.dll.xBAD"
sh=5A4438E5DC5520DA246B3C5132D67BD46050772F ft=1 fh=0648fecf5215124e vn="Win32/Patched.IB trojan" ac=I fn="C:\FRST\Quarantine\C\WINDOWS\system32\dllcache\rpcss.dll.xBAD"
sh=F657BBC20D2C7D1A94BD46754CB8A6719190BB88 ft=1 fh=0e66d56b2fa82350 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Program Files\Configger\DeviceDoctor_Bundle.exe"
 

 

The Security Check will follow soon.

Regards,

Hi-marsh


  • 0

Advertisements


#26
hi-marsh

hi-marsh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Once more, hello.

 

Here is the Security Check report:

 

 Results of screen317's Security Check version 0.99.85 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Symantec Endpoint Protection  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner    
 Java™ 6 Update 20 
 Java version out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 3%
````````````````````End of Log``````````````````````
 

 

I will check in tomorrow.

 

Regards,

Hi-marsh


  • 0

#27
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)
 
We need to update some programs that may be a security risk if left this way.


Updating Adobe Reader manually

  • Go here. You will see a download option there for the newest Adobe Acrobat version.
  • In the center part you will be prompted to install McAfee Security Scan Plus as a free program. This is foistware. Remember to leave the box for McAfee UNCHECKED.
  • Click on Install, save the file to a convenient location, double-click it and follow the prompts.

 

Updating Java manually

  • Click the Start button
  • Click Control Panel
  • Double click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed.
  • If prompted (during the installation) to also install ASK toolbar, leave this unchecked - Ask does not have a good reputation.
  • From Control panel also please remove any older versions of Java - do not leave them installed!.

After that


Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
  • Paste it for my review.


    Cheers,
    Naat :)

  • 0

#28
hi-marsh

hi-marsh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Greetings Naat,

 

Here is the DelFix report:

 

# DelFix v10.7 - Logfile created 24/06/2014 at 23:13:34
# Updated 27/04/2014 by Xplode
# Username : Owner Supervisor - UNIT1
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\RSIT
Deleted : C:\Combofix
Deleted : C:\FRST
Deleted : C:\Documents and Settings\Owner Supervisor\Desktop\FRST-OlderVersion
Deleted : C:\Documents and Settings\Owner Supervisor\Desktop\Addition.txt
Deleted : C:\Documents and Settings\Owner Supervisor\Desktop\aswMBR.txt
Deleted : C:\Documents and Settings\Owner Supervisor\Desktop\Fixlog.txt
Deleted : C:\Documents and Settings\Owner Supervisor\Desktop\FRST.exe
Deleted : C:\Documents and Settings\Owner Supervisor\Desktop\FRST.txt
Deleted : C:\Documents and Settings\Owner Supervisor\Desktop\MBR.dat
Deleted : C:\Documents and Settings\Owner Supervisor\Desktop\Rkill.txt
Deleted : C:\Documents and Settings\Owner Supervisor\Desktop\SecurityCheck.exe
Deleted : C:\Documents and Settings\Owner Supervisor\Desktop\TFC.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\Soeperman Enterprises Ltd.
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

Deleted : RP #194 [System Checkpoint | 02/12/2014 04:22:28]
Deleted : RP #195 [System Checkpoint | 02/17/2014 19:27:34]
Deleted : RP #196 [System Checkpoint | 03/09/2014 23:09:45]
Deleted : RP #197 [Software Distribution Service 3.0 | 03/20/2014 04:46:43]
Deleted : RP #198 [Removed DriverUpdate | 03/20/2014 05:04:58]
Deleted : RP #199 [System Checkpoint | 03/29/2014 06:01:21]
Deleted : RP #200 [Software Distribution Service 3.0 | 04/01/2014 04:19:34]
Deleted : RP #201 [Software Distribution Service 3.0 | 04/07/2014 01:01:44]
Deleted : RP #202 [System Checkpoint | 04/21/2014 01:07:59]
Deleted : RP #203 [System Checkpoint | 04/29/2014 03:53:58]
Deleted : RP #204 [System Checkpoint | 05/08/2014 05:43:08]
Deleted : RP #205 [Removed Adobe Reader XI (11.0.07). | 06/25/2014 05:49:54]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

 

 

That's all for tonight. 

Cheers! :D

Hi-marsh


  • 0

#29
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)
 
Subject to no further problems, I think that you're ready to go!

Below you will find some general tips and my personal recommendations for staying clean and secure.  Take a couple of minutes to read them, maybe some of them will help you to stay better protected in the future  :)

First of all, staying updated is crucial, not only for your operating system, but also for any third-party installed software. Exploits are often found in software that is delivered by external vendors.

icon_exclaim.gifjava.gif Actually Java is one of the most vulnerable third party software products to malware (especially exploits).  I highly recommend that you completely uninstall Java unless you need it to run an important piece of software, or at least disable it in your browsers.  If java is not necessary for you, but you want to keep it, please visit this link and disable it in your browsers.  Also remember to update it whenever a new release is available.

icon_exclaim.gifStart%20Orb.jpg Bare in mind that the bugs will always appear, as well as matching fixes.  The best way to stay always updated is to enable automatic updates.
 

icon_idea.gif As you are still a Windows XP user, my best recommendation would be to start thinking about changing it to some newer Windows edition.  All Microsoft support for this OS has already ended, so that leaves this OS totally vulnerable to all sorts of attacks.  Being absolutely honest - it is pretty obvious that criminals just waited for the opportunity to attack while no other patches will be released.  :whistling:

 
icon_exclaim.gif A few good methods to keep your installed software up to date would be to use Secunia Personal Software Inspector or FileHippo.

icon_exclaim.gif For good maintenance of your computer, these two are must-have in my opinion:

icon_arrow.giftfc.pngTFC
A small tool that is used to clean unneeded temporary files.  Very simple - you just run it and press the Start button.  Be sure to finish all your work and save it before using TFC, because it will kill all processes and force a reboot to do its job properly.
TFC Download
icon_arrow.gif51a46ae42d560-malwarebytes_anti_malware.Malwarebytes' Anti-Malware
The best scanner ever, used frequently on many forums to deal with malware.  It should be your first move when any unexpected symptoms will appear on your machine.  As you already installed it, bare in mind what the wise people around here say: that it is good to perform a scan from time to time.   Also remember that the free version is not equipped with automatic updates - so you need to update it manually before every scan.
Malwarebytes' homepage

 

Now please sit down, grab some coke  :pepsi:  and read this great article by GaryR and Wingman:
icon_exclaim.gifComputer Security - a short guide to staying safer online. icon_exclaim.gif
It is written with a very simple language for the people who are just average computer users.  Read it carefully and you will benefit from some useful advice about safe computing.

After that you may fully enjoy your clean computer once again!  :yes:

Or, if you wish to do so, you may read about some more and add some additional security programs that are purely optional. I recommend them because they are very light (even invisible) but should limit your risk of getting infected in two cases involving infections spread by removable media and exploits.

icon_arrow.gifMcShield
McShield was designed to automaticaly scan and detect infections spread by any removable media like flash drives and media cards. After the first installation it will perform a scan of your machine to determine whether it is infected or not, and later it will automatically scan any plugged-in removable media to search for any infections before it is accessible.
McShield - homepage

icon_arrow.gifMalwarebytes' Anti-Exploit
This tool is still in its beta-stage, but as far as I am concerned Malwarebytes' research team is still improving its functionality.  It is able to catch and block many exploits we are vulnerable to when surfing the net.
Malwarebytes' website

icon_arrow.gifCryptoPrevent
The CryptoLocker infection is very severe and it leaves private files totally undecryptable. Many great minds in the Antimalware community are trying to find a way to decrypt these files, but the cure is still unknown due to a very complicated encryption key that this nasty little bug uses. The best way to prevent this is to use a small program called CryptoPrevent, which will set some extra policies for executing files in unusual locations.
CryptoPrevent - details & download

icon_arrow.gifUnchecky
Lately we have observed a great infestation of various browser hijackers and adware, which sneak-in into our systems together with 3rd party apps we are installing. This software runs silently in the background and discovers bundled toolbars and additional foistware that is trying to install itself. Obviously it does not cover all of the possibilities so we still need to be careful when installing any new software.
Unchecky - homepage

Well, that's really all from me, unless you have any other questions.  If so, just shoot me another message and I will be very glad to answer them  :thumbsup:

Cheers,
Naat :)


  • 0

#30
hi-marsh

hi-marsh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hi Naat,

 

Thank you for all the information.  I was going to ask about your recommendations, so you beat me to it.  I have already downloaded many of the programs on your list.  Instead of TFC, I already have CCleaner on my PC which I have used for several years and it seems to do a thorough job.

 

You have been a great help, as have the services offered by geeks to go.  Thanks again.

 

Best wishes,

Hi-marsh


  • 0






Similar Topics


Also tagged with one or more of these keywords: timer, reboot, 60 second

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP