Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ividi


  • This topic is locked This topic is locked

#46
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Here are the instructions to get to the MBAM log:

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, or if the View button is greyed out, double click the latest log, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.
 

aswmbr run twice & both times a trojan got flagged after about 20 mins.


Did aswMBR run to completion? If so, please post the log along with the MBAM log.

Things I need to see in your next post

MBAM Log

aswMBR Log

  • 0

Advertisements


#47
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

eset unexpected error 2002


  • 0

#48
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
We're getting a bit off track here, and that's my fault. Forget ESET at the moment. Did you run MBAM again and delete the items it found? If so, go ahead and post the log from MBAM. If not, please run it again, delete the items, and post the log.

Also, if aswMBR has run to completion, please post that log as well. :thumbsup:
  • 0

#49
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 28/6/2557
Scan Time: 22:01:28
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.28.03
Rootkit Database: v2014.06.23.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 268190
Time Elapsed: 18 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 10
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [7a59a3daeb9071c57cb97fcff80a4db3],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-854245398-839522115-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [7a59a3daeb9071c57cb97fcff80a4db3],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363}, Quarantined, [2da60c71bfbc4beb22e67ad4fb0741bf],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77}, Quarantined, [d4ffe39a770444f216f3ed61a75b54ac],
PUP.Optional.iVIDI.A, HKLM\SOFTWARE\CLASSES\esrv.ividiESrvc, Quarantined, [e7ec3e3f5e1d082ebf56ffcf778b21df],
PUP.Optional.iVIDI.A, HKLM\SOFTWARE\CLASSES\esrv.ividiESrvc.1, Quarantined, [b71ce49991eaf541fe17f9d50ef47d83],
PUP.Optional.Ividi.A, HKLM\SOFTWARE\CLASSES\ividi.ividiappCore, Quarantined, [ddf64f2e92e9bc7a91b4c50c5ea429d7],
PUP.Optional.Ividi.A, HKLM\SOFTWARE\CLASSES\ividi.ividiappCore.1, Quarantined, [14bf136aaecd56e0172ec30e03ff9f61],
PUP.Optional.SearchProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CLTMNGSVC, Quarantined, [15be1a637ffce5516e55d531d82c8977],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, Quarantined, [844f90edb6c5b77fb73a874c2bd7d22e],

Registry Values: 0
(No malicious items detected)

Registry Data: 2
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[0fc4423bd6a55bdbc4626223f014e61a]
PUM.Disabled.SecurityCenter, HKU\S-1-5-21-854245398-839522115-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),Replaced,[19baeb92d3a8d264e33fef9618ec08f8]

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Conduit.A, C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences, Good: (), Bad: (  "search_url": "http://search.condui...archTerms}=",), Replaced,[b3202b522655072f51458f2a907412ee]

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#50
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Looks good :thumbsup: No more ividi registry keys. Did aswMBR run to completion?
  • 0

#51
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Tried aswmbr twice. Crashed.

 

Where we stand:

 

Addition.txt & MBAM.txt - ok or not?

aswmbr - to be run

eset - problem loading

security check - pending the above

 

Pls advise


  • 0

#52
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Addition.txt & MBAM.txt - ok or not?

aswmbr - to be run

eset - problem loading

security check - pending the above


I've seen what I need to see with MBAM at the moment, and your machine doesn't seem to like aswmbr. We can look a bit later with eset and figure out what's stopping it. Hold off on security check until we're sure all the malware is gone. :thumbsup:


Ok, let's take a fresh look with FRST, and then I want to run a scan with a different tool to check for rootkits on your machine.



Step 1: Fresh FRST Scan

Note: Please make sure that you are running FRST from your Desktop.
  • Start FRST and place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Step 2: Scan with TDSSKiller


Please download TDSSKiller to the desktop.

Alternate download is here.
  • Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
  • When the main GUI(graphical user interface) window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C: >> TDSSKiller.V.V.V.VV_DD.DD.YYYY_TT.TT.TT_log <-- The letters denote the version and date & time etc.
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!

Things I need to see in your next post:

Fresh FRST Log

Addition.txt Log

TDSSKiller Log

  • 0

#53
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-06-2014
Ran by User at 2014-06-30 01:42:17
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton Internet Security (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

==================== Installed Programs ======================

 Adobe Photoshop (HKLM\...\ Adobe Photoshop) (Version:  - )
ACDSee Pro 6 (HKLM\...\{D40B2C78-30CA-4A8F-A157-C86B491C73AF}) (Version: 6.0.169 - ACD Systems International Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.5.502.110 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.5.502.110 - Adobe Systems Incorporated)
Adobe Illustrator CS5 (HKLM\...\{E7C95B46-4554-4F45-B4E9-3D1BFF134D64}_is1) (Version:  - Adobe)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.5 - Sereby Corporation)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Camfrog Video Chat 6.1 (HKLM\...\Camfrog 6.1) (Version: 6.1.151 - Camshare Inc.)
CyberLink PowerDVD 12 (HKLM\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1514.54 - CyberLink Corp.)
CyberLink PowerDVD 12 (Version: 12.0.1514.54 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
DirectX 9.0c Extra Files (x86, x64) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation)
EnglishToThai (HKLM\...\ST6UNST #2) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FormatFactory 3.00 (HKLM\...\FormatFactory) (Version: 3.00 - Free Time)
GOM Player (HKLM\...\GOM Player) (Version: 2.1.43.5119 - Gretech Corporation)
Google Chrome (HKCU\...\Google Chrome) (Version: 25.0.1359.3 - Google Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
iDeer Blu-ray Player (HKLM\...\iDeer Blu-ray Player) (Version: 1.1.5.1106 - iDeerApp Software Inc.)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 7 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.6.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 9.6.0 - )
LINE (HKLM\...\LINE) (Version: 3.6.0.32 - LINE Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.3.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders  (Thai) 14 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 18.0 (x86 en-US) (HKLM\...\Mozilla Firefox 18.0 (x86 en-US)) (Version: 18.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 18.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 8 Lite 8.3.2.1 (HKLM\...\Nero8Lite_is1) (Version: 8.3.2.1 - Updatepack.nl)
Nitro Pro 7 (HKLM\...\{ADBFD1D4-0D9C-4A11-9C23-74F533C5D9CE}) (Version: 7.5.0.15 - Nitro PDF Software)
Norton Internet Security (HKLM\...\NIS) (Version: 21.3.0.12 - Symantec Corporation)
Pandora Service (HKLM\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version:  - Pandora.TV)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
PowerISO (HKLM\...\PowerISO) (Version: 5.4 - Power Software Ltd)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6722 - Realtek Semiconductor Corp.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13348 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spark (HKCU\...\Spark) (Version: 22.1.2100.154 - Baidu, Inc.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Thai Translator Tool (HKLM\...\ST6UNST #1) (Version:  - )
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.4.0.56 - KMP Media co., Ltd)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-041E-0000-0000000FF1CE}_Office14.PROPLUS_{4DB84A0A-EF37-4E43-973C-4F0BA57B550A}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-041E-0000-0000000FF1CE}_Office14.PROPLUS_{A1265F78-B373-43C9-B96F-FDD861D1A5C1}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.0-git-20120501-0005 (HKLM\...\VLC media player) (Version: 2.1.0-git-20120501-0005 - VideoLAN)
WebcamMax (HKLM\...\WebcamMax) (Version: 7.1.3.2.MultiLanguage - )
Winamp (HKLM\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Xilisoft HD Video Converter (HKLM\...\Xilisoft HD Video Converter) (Version: 7.5.0.20120822 - Xilisoft)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Your Uninstaller! 7 (HKLM\...\YU2010_is1) (Version: 7.4.2012.5 - URSoft, Inc.)
Zoom Player (remove only) (HKLM\...\ZoomPlayer) (Version:  - )

==================== Restore Points  =========================

22-05-2014 06:31:45 System Checkpoint
22-05-2014 06:50:40 Restore Operation
23-05-2014 16:12:51 Norton_Power_Eraser_20140524001246000
23-05-2014 17:48:50 Software Distribution Service 3.0
25-05-2014 15:26:22 System Checkpoint
01-06-2014 16:46:43 System Checkpoint
03-06-2014 07:19:34 System Checkpoint
12-06-2014 15:34:36 Software Distribution Service 3.0
28-06-2014 17:03:16 System Checkpoint

==================== Hosts content: ==========================

2008-04-14 20:00 - 2014-05-22 11:44 - 00451170 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 ood.opsource.net
127.0.0.1 CRL.VERISIGN.NET
127.0.0.1 adobeereg.com
127.0.0.1 OCSP.SPO1.VERISIGN.COM
127.0.0.1 activate-sea.adobe.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-854245398-839522115-682003330-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-854245398-839522115-682003330-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-22 09:48 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-05-22 09:48 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-05-22 09:48 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2008-04-14 20:00 - 2008-04-14 20:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 20:00 - 2008-04-14 20:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-01-23 23:24 - 2012-02-08 12:23 - 00541683 _____ () C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\sqlite3.dll
2012-07-12 20:34 - 2013-01-02 14:48 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2014-05-22 09:48 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-05-22 09:48 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-01-23 23:30 - 2012-10-22 12:15 - 01277952 _____ () C:\Program Files\PANDORA.TV\PanService\avformat-53.dll
2013-01-23 23:30 - 2012-07-09 18:57 - 02090496 _____ () C:\Program Files\PANDORA.TV\PanService\avcodec-53.dll
2013-01-23 23:30 - 2011-12-06 17:19 - 00133632 _____ () C:\Program Files\PANDORA.TV\PanService\avutil-51.dll
2013-01-23 23:30 - 2012-03-23 11:07 - 00224768 _____ () C:\Program Files\PANDORA.TV\PanService\libupnp.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\DPsFnshr.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fullglass.lnk => C:\WINDOWS\pss\Fullglass.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RocketDock.lnk => C:\WINDOWS\pss\RocketDock.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SkinPackMenu.lnk => C:\WINDOWS\pss\SkinPackMenu.lnkCommon Startup
MSCONFIG\startupreg: ACPW06EN => "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe" /pid ACPW06EN
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: PowerDVD12Agent => "C:\Program Files\CyberLink\PowerDVD12\PowerDVD12Agent.exe"
MSCONFIG\startupreg: PowerDVD12DMREngine => "C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: WebcamMaxAutoRun => "C:\Program Files\WebcamMax\WebcamMax.exe" -a

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/30/2014 01:27:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Security Center Service%%1053

Error: (06/30/2014 01:27:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Security Center Service

Error: (06/29/2014 01:14:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000MBAMService

Error: (06/29/2014 01:13:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Security Center Service%%1053

Error: (06/29/2014 01:13:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Security Center Service

Error: (06/29/2014 00:37:27 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000MBAMService

Error: (06/29/2014 00:36:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Security Center Service%%1053

Error: (06/29/2014 00:36:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Security Center Service

Error: (06/28/2014 11:41:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000MBAMService

Error: (06/28/2014 11:40:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Security Center Service%%1053

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (06/30/2014 01:27:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Security Center Service%%1053

Error: (06/30/2014 01:27:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Security Center Service

Error: (06/29/2014 01:14:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000MBAMService

Error: (06/29/2014 01:13:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Security Center Service%%1053

Error: (06/29/2014 01:13:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Security Center Service

Error: (06/29/2014 00:37:27 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000MBAMService

Error: (06/29/2014 00:36:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Security Center Service%%1053

Error: (06/29/2014 00:36:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Security Center Service

Error: (06/28/2014 11:41:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000MBAMService

Error: (06/28/2014 11:40:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Security Center Service%%1053

==================== Memory info ===========================

Percentage of memory in use: 54%
Total physical RAM: 2008.54 MB
Available physical RAM: 904.33 MB
Total Pagefile: 3904.05 MB
Available Pagefile: 2931.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.56 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.77 GB) (Free:18.56 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (DISK1_VOL2) (Fixed) (Total:121.09 GB) (Free:58.61 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 94D59539)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=121 GB) - (Type=OF Extended)

==================== End Of Log ============================


  • 0

#54
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-06-2014
Ran by User at 2014-06-30 01:42:17
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton Internet Security (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

==================== Installed Programs ======================

 Adobe Photoshop (HKLM\...\ Adobe Photoshop) (Version:  - )
ACDSee Pro 6 (HKLM\...\{D40B2C78-30CA-4A8F-A157-C86B491C73AF}) (Version: 6.0.169 - ACD Systems International Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.5.502.110 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.5.502.110 - Adobe Systems Incorporated)
Adobe Illustrator CS5 (HKLM\...\{E7C95B46-4554-4F45-B4E9-3D1BFF134D64}_is1) (Version:  - Adobe)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.5 - Sereby Corporation)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Camfrog Video Chat 6.1 (HKLM\...\Camfrog 6.1) (Version: 6.1.151 - Camshare Inc.)
CyberLink PowerDVD 12 (HKLM\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1514.54 - CyberLink Corp.)
CyberLink PowerDVD 12 (Version: 12.0.1514.54 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
DirectX 9.0c Extra Files (x86, x64) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation)
EnglishToThai (HKLM\...\ST6UNST #2) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FormatFactory 3.00 (HKLM\...\FormatFactory) (Version: 3.00 - Free Time)
GOM Player (HKLM\...\GOM Player) (Version: 2.1.43.5119 - Gretech Corporation)
Google Chrome (HKCU\...\Google Chrome) (Version: 25.0.1359.3 - Google Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
iDeer Blu-ray Player (HKLM\...\iDeer Blu-ray Player) (Version: 1.1.5.1106 - iDeerApp Software Inc.)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 7 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.6.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 9.6.0 - )
LINE (HKLM\...\LINE) (Version: 3.6.0.32 - LINE Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.3.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Thai) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders  (Thai) 14 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 18.0 (x86 en-US) (HKLM\...\Mozilla Firefox 18.0 (x86 en-US)) (Version: 18.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 18.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 8 Lite 8.3.2.1 (HKLM\...\Nero8Lite_is1) (Version: 8.3.2.1 - Updatepack.nl)
Nitro Pro 7 (HKLM\...\{ADBFD1D4-0D9C-4A11-9C23-74F533C5D9CE}) (Version: 7.5.0.15 - Nitro PDF Software)
Norton Internet Security (HKLM\...\NIS) (Version: 21.3.0.12 - Symantec Corporation)
Pandora Service (HKLM\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version:  - Pandora.TV)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
PowerISO (HKLM\...\PowerISO) (Version: 5.4 - Power Software Ltd)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6722 - Realtek Semiconductor Corp.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13348 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spark (HKCU\...\Spark) (Version: 22.1.2100.154 - Baidu, Inc.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Thai Translator Tool (HKLM\...\ST6UNST #1) (Version:  - )
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.4.0.56 - KMP Media co., Ltd)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-041E-0000-0000000FF1CE}_Office14.PROPLUS_{4DB84A0A-EF37-4E43-973C-4F0BA57B550A}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-041E-0000-0000000FF1CE}_Office14.PROPLUS_{A1265F78-B373-43C9-B96F-FDD861D1A5C1}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.0-git-20120501-0005 (HKLM\...\VLC media player) (Version: 2.1.0-git-20120501-0005 - VideoLAN)
WebcamMax (HKLM\...\WebcamMax) (Version: 7.1.3.2.MultiLanguage - )
Winamp (HKLM\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Xilisoft HD Video Converter (HKLM\...\Xilisoft HD Video Converter) (Version: 7.5.0.20120822 - Xilisoft)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Your Uninstaller! 7 (HKLM\...\YU2010_is1) (Version: 7.4.2012.5 - URSoft, Inc.)
Zoom Player (remove only) (HKLM\...\ZoomPlayer) (Version:  - )

==================== Restore Points  =========================

22-05-2014 06:31:45 System Checkpoint
22-05-2014 06:50:40 Restore Operation
23-05-2014 16:12:51 Norton_Power_Eraser_20140524001246000
23-05-2014 17:48:50 Software Distribution Service 3.0
25-05-2014 15:26:22 System Checkpoint
01-06-2014 16:46:43 System Checkpoint
03-06-2014 07:19:34 System Checkpoint
12-06-2014 15:34:36 Software Distribution Service 3.0
28-06-2014 17:03:16 System Checkpoint

==================== Hosts content: ==========================

2008-04-14 20:00 - 2014-05-22 11:44 - 00451170 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 ood.opsource.net
127.0.0.1 CRL.VERISIGN.NET
127.0.0.1 adobeereg.com
127.0.0.1 OCSP.SPO1.VERISIGN.COM
127.0.0.1 activate-sea.adobe.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-854245398-839522115-682003330-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-854245398-839522115-682003330-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-22 09:48 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-05-22 09:48 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-05-22 09:48 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2008-04-14 20:00 - 2008-04-14 20:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 20:00 - 2008-04-14 20:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-01-23 23:24 - 2012-02-08 12:23 - 00541683 _____ () C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\sqlite3.dll
2012-07-12 20:34 - 2013-01-02 14:48 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2014-05-22 09:48 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-05-22 09:48 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-01-23 23:30 - 2012-10-22 12:15 - 01277952 _____ () C:\Program Files\PANDORA.TV\PanService\avformat-53.dll
2013-01-23 23:30 - 2012-07-09 18:57 - 02090496 _____ () C:\Program Files\PANDORA.TV\PanService\avcodec-53.dll
2013-01-23 23:30 - 2011-12-06 17:19 - 00133632 _____ () C:\Program Files\PANDORA.TV\PanService\avutil-51.dll
2013-01-23 23:30 - 2012-03-23 11:07 - 00224768 _____ () C:\Program Files\PANDORA.TV\PanService\libupnp.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\DPsFnshr.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fullglass.lnk => C:\WINDOWS\pss\Fullglass.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RocketDock.lnk => C:\WINDOWS\pss\RocketDock.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SkinPackMenu.lnk => C:\WINDOWS\pss\SkinPackMenu.lnkCommon Startup
MSCONFIG\startupreg: ACPW06EN => "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe" /pid ACPW06EN
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: PowerDVD12Agent => "C:\Program Files\CyberLink\PowerDVD12\PowerDVD12Agent.exe"
MSCONFIG\startupreg: PowerDVD12DMREngine => "C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: WebcamMaxAutoRun => "C:\Program Files\WebcamMax\WebcamMax.exe" -a

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/30/2014 01:27:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Security Center Service%%1053

Error: (06/30/2014 01:27:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Security Center Service

Error: (06/29/2014 01:14:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000MBAMService

Error: (06/29/2014 01:13:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Security Center Service%%1053

Error: (06/29/2014 01:13:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Security Center Service

Error: (06/29/2014 00:37:27 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000MBAMService

Error: (06/29/2014 00:36:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Security Center Service%%1053

Error: (06/29/2014 00:36:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Security Center Service

Error: (06/28/2014 11:41:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000MBAMService

Error: (06/28/2014 11:40:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Security Center Service%%1053

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (06/30/2014 01:27:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Security Center Service%%1053

Error: (06/30/2014 01:27:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Security Center Service

Error: (06/29/2014 01:14:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000MBAMService

Error: (06/29/2014 01:13:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Security Center Service%%1053

Error: (06/29/2014 01:13:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Security Center Service

Error: (06/29/2014 00:37:27 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000MBAMService

Error: (06/29/2014 00:36:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Security Center Service%%1053

Error: (06/29/2014 00:36:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Security Center Service

Error: (06/28/2014 11:41:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000MBAMService

Error: (06/28/2014 11:40:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Security Center Service%%1053

==================== Memory info ===========================

Percentage of memory in use: 54%
Total physical RAM: 2008.54 MB
Available physical RAM: 904.33 MB
Total Pagefile: 3904.05 MB
Available Pagefile: 2931.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.56 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.77 GB) (Free:18.56 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (DISK1_VOL2) (Fixed) (Total:121.09 GB) (Free:58.61 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 94D59539)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=121 GB) - (Type=OF Extended)

==================== End Of Log ============================


  • 0

#55
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi :)

The Addition log looks good, but you've posted that one twice. Please post the FRST log located here: C:\Documents and Settings\User\Desktop and the RogueKiller log when complete. :thumbsup:
  • 0

Advertisements


#56
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-06-2014
Ran by User (administrator) on PC2013050811HCV on 30-06-2014 02:02:40
Running from C:\Documents and Settings\User\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AbeGunnerZ Lab) C:\Program Files\USB Disk Security\USBGuard.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(CyberLink) C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.3.0.12\NIS.exe
(Nitro PDF Software) C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
(Pandora.TV) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.3.0.12\NIS.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(PandoraTV) C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [USB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [2347008 2011-11-10] (AbeGunnerZ Lab)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-854245398-839522115-682003330-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://th.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = th
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5E9B67B2A976CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.th/
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 203.144.207.29 203.144.207.49

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\re6rraor.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0-git-20120501-0005 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: Feedback - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\re6rraor.default\Extensions\[email protected] [2013-01-23]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-17]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-06-04]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2014-06-30]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF [2014-06-29]

========================== Services (Whitelisted) =================

R2 CLHNServiceForPowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336 2012-03-14] (CyberLink Corp.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048 2012-03-14] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232 2012-03-14] (CyberLink)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [161768 2013-01-23] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation)
R2 NitroDriverReadSpool2; C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe [184840 2012-07-08] (Nitro PDF Software)
R2 PanService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3291008 2013-08-14] (Skype Technologies S.A.)

==================== Drivers (Whitelisted) ====================

R3 AgereSoftModem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [1202560 2009-08-11] (Agere Systems) [File not signed]
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140606.001\BHDrvx86.sys [1101616 2014-06-07] (Symantec Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1503000.00C\ccSetx86.sys [127064 2014-02-21] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-23] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-23] (Symantec Corporation)
R1 FsVga; C:\WINDOWS\System32\DRIVERS\fsvga.sys [12160 2012-07-12] (Microsoft Corporation)
R3 ialm; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [2019232 2012-02-23] (Intel Corporation) [File not signed]
R3 IDSxpx86; C:\Program Files\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140627.001\IDSxpx86.sys [383120 2014-06-27] (Symantec Corporation)
S1 Inport; C:\WINDOWS\System32\drivers\inport.sys [13056 2001-08-17] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-30] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [13616 2012-07-12] (Marvell Semiconductor Inc.)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140627.009\NAVENG.SYS [93272 2014-06-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140627.009\NAVEX15.SYS [1612376 2014-06-23] (Symantec Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 ntk_PowerDVD12; C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12.sys [120432 2011-10-27] (Cyberlink Corp.)
R3 RTL819xp; C:\WINDOWS\System32\DRIVERS\rtl819xp.sys [532456 2010-12-22] (Realtek Semiconductor Corporation                           )
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [113104 2012-08-24] (Power Software Ltd)
R3 SRTSP; C:\WINDOWS\System32\Drivers\NIS\1503000.00C\SRTSP.SYS [664280 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1503000.00C\SRTSPX.SYS [32344 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1503000.00C\SYMDS.SYS [367704 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1503000.00C\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2014-06-29] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1503000.00C\Ironx86.SYS [206936 2013-10-30] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\NIS\1503000.00C\SYMTDI.SYS [423256 2014-02-18] (Symantec Corporation)
S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [33512 2013-02-14] (AnchorFree Inc)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [299424 2012-03-27] (Marvell)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [87536 2012-03-19] (CyberLink Corp.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S0 SMBALI; system32\DRIVERS\SMBALI.sys [X]
S0 SMBHC; system32\DRIVERS\SMBHC.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-02] ()
S3 usbohci; system32\DRIVERS\usbohci.sys [X]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-30 01:42 - 2014-06-30 01:42 - 00030234 _____ () C:\Documents and Settings\User\Desktop\Addition.txt
2014-06-29 00:38 - 2014-06-29 00:38 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
2014-06-29 00:14 - 2014-06-29 00:38 - 00001973 _____ () C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
2014-06-28 23:37 - 2014-06-28 23:37 - 00000000 ____D () C:\Program Files\ESET
2014-06-28 22:20 - 2014-06-29 00:42 - 00003416 _____ () C:\Documents and Settings\User\Desktop\MBAM.txt
2014-06-28 21:43 - 2014-06-28 21:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-06-28 21:26 - 2014-06-30 01:53 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 21:26 - 2014-06-28 21:26 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-28 21:26 - 2014-06-28 21:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-28 21:26 - 2014-06-28 21:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 21:26 - 2014-06-28 21:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-06-28 21:26 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-28 21:26 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-28 21:23 - 2014-06-28 21:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Documents and Settings\User\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-27 23:41 - 2014-06-30 02:03 - 00018684 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-06-27 23:38 - 2014-06-27 23:38 - 00000661 _____ () C:\Documents and Settings\User\Desktop\JRT.txt
2014-06-27 23:31 - 2014-06-27 23:31 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-06-27 23:30 - 2014-06-27 23:30 - 01016261 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
2014-06-26 22:37 - 2014-06-30 02:02 - 00000000 ____D () C:\FRST
2014-06-26 21:25 - 2014-06-26 21:25 - 00000000 ____D () C:\Documents and Settings\User\My Documents\New Folder (2)
2014-06-26 20:43 - 2014-06-26 20:43 - 01073152 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-06-26 20:22 - 2014-06-26 20:22 - 00002025 _____ () C:\Documents and Settings\User\fixlist.txt
2014-06-25 08:26 - 2014-06-25 08:26 - 00001844 _____ () C:\Documents and Settings\User\Desktop\ckfiles.txt
2014-06-22 21:15 - 2014-06-26 22:35 - 00000000 ____D () C:\Documents and Settings\User\Desktop\FRST

==================== One Month Modified Files and Folders =======

2014-06-30 02:03 - 2014-06-27 23:41 - 00018684 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-06-30 02:03 - 2013-01-23 22:43 - 00000000 ____D () C:\TEMP
2014-06-30 02:02 - 2014-06-26 22:37 - 00000000 ____D () C:\FRST
2014-06-30 01:54 - 2013-09-11 03:13 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-30 01:53 - 2014-06-28 21:26 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 01:53 - 2014-05-22 09:49 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-06-30 01:53 - 2013-05-08 12:09 - 01288676 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-30 01:53 - 2013-01-23 22:57 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Skype
2014-06-30 01:52 - 2014-03-27 23:35 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-06-30 01:52 - 2014-01-22 15:09 - 00000276 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-854245398-839522115-682003330-1003.job
2014-06-30 01:52 - 2013-09-11 03:13 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-30 01:52 - 2013-01-23 22:41 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-30 01:42 - 2014-06-30 01:42 - 00030234 _____ () C:\Documents and Settings\User\Desktop\Addition.txt
2014-06-29 02:21 - 2013-05-08 11:46 - 00032510 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-29 02:21 - 2013-01-23 22:41 - 00000178 ___SH () C:\Documents and Settings\User\ntuser.ini
2014-06-29 01:34 - 2013-07-13 21:58 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-06-29 00:42 - 2014-06-28 22:20 - 00003416 _____ () C:\Documents and Settings\User\Desktop\MBAM.txt
2014-06-29 00:41 - 2014-02-04 19:22 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-06-29 00:41 - 2014-02-04 19:22 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-06-29 00:38 - 2014-06-29 00:38 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
2014-06-29 00:38 - 2014-06-29 00:14 - 00001973 _____ () C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
2014-06-29 00:38 - 2013-07-13 21:57 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NIS
2014-06-29 00:14 - 2013-07-13 21:58 - 00142936 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2014-06-29 00:14 - 2013-07-13 21:58 - 00008194 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT.CAT
2014-06-29 00:14 - 2013-07-13 21:57 - 00000000 ____D () C:\Program Files\Norton Internet Security
2014-06-29 00:14 - 2013-07-13 21:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2014-06-28 23:37 - 2014-06-28 23:37 - 00000000 ____D () C:\Program Files\ESET
2014-06-28 23:37 - 2014-02-12 15:56 - 00015430 _____ () C:\WINDOWS\setupapi.log
2014-06-28 22:22 - 2013-08-14 13:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2850869$
2014-06-28 21:43 - 2014-06-28 21:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-06-28 21:42 - 2013-06-13 23:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2839229$
2014-06-28 21:26 - 2014-06-28 21:26 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-28 21:26 - 2014-06-28 21:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-28 21:26 - 2014-06-28 21:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 21:26 - 2014-06-28 21:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-06-28 21:23 - 2014-06-28 21:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Documents and Settings\User\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-28 01:47 - 2014-03-21 22:51 - 00002265 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-06-27 23:38 - 2014-06-27 23:38 - 00000661 _____ () C:\Documents and Settings\User\Desktop\JRT.txt
2014-06-27 23:31 - 2014-06-27 23:31 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-06-27 23:30 - 2014-06-27 23:30 - 01016261 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
2014-06-27 23:14 - 2013-09-10 18:50 - 00000000 ____D () C:\AdwCleaner
2014-06-26 22:35 - 2014-06-22 21:15 - 00000000 ____D () C:\Documents and Settings\User\Desktop\FRST
2014-06-26 21:45 - 2013-01-23 23:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-26 21:25 - 2014-06-26 21:25 - 00000000 ____D () C:\Documents and Settings\User\My Documents\New Folder (2)
2014-06-26 20:43 - 2014-06-26 20:43 - 01073152 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-06-26 20:38 - 2013-01-23 23:44 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2014-06-26 20:22 - 2014-06-26 20:22 - 00002025 _____ () C:\Documents and Settings\User\fixlist.txt
2014-06-26 20:08 - 2013-05-09 23:29 - 00000000 ____D () C:\Documents and Settings\User\Application Data\BitTorrent
2014-06-25 08:26 - 2014-06-25 08:26 - 00001844 _____ () C:\Documents and Settings\User\Desktop\ckfiles.txt
2014-06-23 13:19 - 2013-01-23 23:29 - 00002465 _____ () C:\Documents and Settings\All Users\Desktop\Microsoft Word 2010.lnk
2014-06-19 22:45 - 2008-04-14 20:00 - 00002228 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-18 13:20 - 2013-01-23 23:42 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-06-17 00:50 - 2013-01-23 23:02 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-06-15 21:43 - 2013-05-09 23:25 - 00001536 _____ () C:\Documents and Settings\User\Desktop\YouTube - Broadcast Yourself..url
2014-06-12 23:42 - 2013-01-23 23:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-06-12 23:41 - 2013-07-15 00:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-12 23:38 - 2012-07-12 20:35 - 92708840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt.exe
2014-06-03 15:35 - 2014-02-12 21:28 - 00000375 _____ () C:\WINDOWS\setupact.log
2014-06-01 00:31 - 2014-05-22 09:49 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================


  • 0

#57
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

A/c det's saved but pc still crashes.  Has ividi bred?  Can't run tdss re. yr instructions


  • 0

#58
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

A/c det's saved but pc still crashes. Has ividi bred? Can't run tdss re. yr instructions


I don't see anything malware related in the last FRST scan, and MBAM got rid of the items it found. We may be looking at a hardware issue, but what do you mean by A/c det's saved?

Regarding TDSSKiller, download the .exe version, and double click on it, as your OS is Windows XP. :)
  • 0

#59
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

For example, when I log on to G2G, Piffler7 hasn't been deleted as login name.  Will look at TDSS again tonight (if sober) or tomorrow & let you know


  • 0

#60
piffler7

piffler7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

TDSS is as popular with my computer as eset & aswmbr.  So no dice there.  Also my A/c det's are being deleted again - another hallmark of ividi.  I seem to have a ghost in the machine.  Did the economics.  We've got a week to sort this out. Then it's a system wipe.  If that doesn't work, I can (just) get 9 mths credit on a new computer before my contract runs out. Then I quit smoking on my birthday (17/7) as I've been rumbled by my  7 yr old.  Plan A looks good.  Anything you can do saviour?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP