TechSpot

Multiple iexplore.exe running in task manager, even if IE isn't open

Solved
By Linda R
Jan 1, 2014
  1. I see someone else just had the same problem as I'm experiencing. I am hoping you will be able to help me clean my machine too! I think I clicked on a bogus link to update java and that's when the problems started. I have run MBAM 3 times, so I will attach all three reports. I have tried several times to run the DDS report. I turned off the firewall and antivirus and disconnected from the internet, but every time I run it, it only gives me the attach.txt file and never gives me a dds.txt file. Something must still be blocking it from running correctly but I don't know what it is. Thanks in advance for any help you can offer me! This is the computer I use for work and I'm really hoping I can clean it because installing all the software and making it all work with the company network again will be a pain at the very least!
     
  2. Linda R

    Linda R TS Rookie Topic Starter Posts: 36

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org
    Database version: v2013.12.31.08
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Linda :: WELLSCO-LAPPY [administrator]
    Protection: Enabled
    12/31/2013 9:49:21 PM
    mbam-log-2013-12-31 (21-49-21).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 271118
    Time elapsed: 31 minute(s),
    Memory Processes Detected: 52
    C:\WINDOWS\system32\ykelw.exe (Trojan.Agent.SCS) -> 672 -> Delete on reboot.
    C:\WINDOWS\system32\azoftomyc.exe (Trojan.Agent.SCS) -> 3036 -> Delete on reboot.
    C:\WINDOWS\system32\afapl.exe (Trojan.Agent.SCS) -> 3408 -> Delete on reboot.
    C:\WINDOWS\system32\ygrynob.exe (Trojan.Agent.SCS) -> 3776 -> Delete on reboot.
    C:\WINDOWS\system32\huxopep.exe (Trojan.Agent.SCS) -> 1748 -> Delete on reboot.
    C:\WINDOWS\system32\ybdiimakor.exe (Trojan.Agent.SCS) -> 2480 -> Delete on reboot.
    C:\WINDOWS\system32\keiftakuri.exe (Trojan.Agent.SCS) -> 2860 -> Delete on reboot.
    C:\WINDOWS\system32\ykylihanty.exe (Trojan.Agent.SCS) -> 2332 -> Delete on reboot.
    C:\WINDOWS\system32\ubque.exe (Trojan.Agent.SCS) -> 3072 -> Delete on reboot.
    C:\WINDOWS\system32\puywew.exe (Trojan.Agent.SCS) -> 2168 -> Delete on reboot.
    C:\WINDOWS\system32\ycyxpyr.exe (Trojan.Agent.SCS) -> 2552 -> Delete on reboot.
    C:\WINDOWS\system32\exykbaoq.exe (Trojan.Agent.SCS) -> 3600 -> Delete on reboot.
    C:\WINDOWS\system32\ograobyru.exe (Trojan.Agent.SCS) -> 2372 -> Delete on reboot.
    C:\WINDOWS\system32\paovkytoab.exe (Trojan.Agent.SCS) -> 3252 -> Delete on reboot.
    C:\WINDOWS\system32\ydixpeaz.exe (Trojan.Agent.SCS) -> 3020 -> Delete on reboot.
    C:\WINDOWS\system32\ocxumixuon.exe (Trojan.Agent.SCS) -> 664 -> Delete on reboot.
    C:\WINDOWS\system32\alxepezozu.exe (Trojan.Agent.SCS) -> 944 -> Delete on reboot.
    C:\WINDOWS\system32\enemilorc.exe (Trojan.Agent.SCS) -> 2708 -> Delete on reboot.
    C:\WINDOWS\system32\unvidyn.exe (Trojan.Agent.SCS) -> 3240 -> Delete on reboot.
    C:\WINDOWS\system32\tinauwu.exe (Trojan.Agent.SCS) -> 3928 -> Delete on reboot.
    C:\WINDOWS\system32\xiaheb.exe (Trojan.Agent.SCS) -> 2208 -> Delete on reboot.
    C:\WINDOWS\system32\geulogora.exe (Trojan.Agent.SCS) -> 2604 -> Delete on reboot.
    C:\WINDOWS\system32\eqfaci.exe (Trojan.Agent.SCS) -> 3176 -> Delete on reboot.
    C:\WINDOWS\system32\igolokiw.exe (Trojan.Agent.SCS) -> 3344 -> Delete on reboot.
    C:\WINDOWS\system32\qiexat.exe (Trojan.Agent.SCS) -> 1300 -> Delete on reboot.
    C:\WINDOWS\system32\omurxakiid.exe (Trojan.Agent.SCS) -> 3604 -> Delete on reboot.
    C:\WINDOWS\system32\ebetqily.exe (Trojan.Agent.SCS) -> 3352 -> Delete on reboot.
    C:\WINDOWS\system32\buhyo.exe (Trojan.Agent.SCS) -> 3216 -> Delete on reboot.
    C:\WINDOWS\system32\kapuv.exe (Trojan.Agent.SCS) -> 4040 -> Delete on reboot.
    C:\WINDOWS\system32\emzukiib.exe (Trojan.Agent.SCS) -> 3816 -> Delete on reboot.
    C:\WINDOWS\system32\daedge.exe (Trojan.Agent.SCS) -> 4088 -> Delete on reboot.
    C:\WINDOWS\system32\vaacxuo.exe (Trojan.Agent.SCS) -> 3736 -> Delete on reboot.
    C:\WINDOWS\system32\mocerin.exe (Trojan.Agent.SCS) -> 2488 -> Delete on reboot.
    C:\WINDOWS\system32\enosg.exe (Trojan.Agent.SCS) -> 3164 -> Delete on reboot.
    C:\WINDOWS\system32\cehuloesa.exe (Trojan.Agent.SCS) -> 820 -> Delete on reboot.
    C:\WINDOWS\system32\mymowu.exe (Trojan.Agent.SCS) -> 3572 -> Delete on reboot.
    C:\WINDOWS\system32\feesomu.exe (Trojan.Agent.SCS) -> 2800 -> Delete on reboot.
    C:\WINDOWS\system32\loanreywpi.exe (Trojan.Agent.SCS) -> 3272 -> Delete on reboot.
    C:\WINDOWS\system32\kyrydaoh.exe (Trojan.Agent.SCS) -> 3552 -> Delete on reboot.
    C:\WINDOWS\system32\nymog.exe (Trojan.Agent.SCS) -> 3024 -> Delete on reboot.
    C:\WINDOWS\system32\aqazwoew.exe (Trojan.Agent.SCS) -> 3200 -> Delete on reboot.
    C:\WINDOWS\system32\raobofymqo.exe (Trojan.Agent.SCS) -> 1548 -> Delete on reboot.
    C:\WINDOWS\system32\zeexeduq.exe (Trojan.Agent.SCS) -> 2680 -> Delete on reboot.
    C:\WINDOWS\system32\efewgodor.exe (Trojan.Agent.SCS) -> 2828 -> Delete on reboot.
    C:\WINDOWS\system32\wyibv.exe (Trojan.Agent.SCS) -> 3052 -> Delete on reboot.
    C:\WINDOWS\system32\dyarap.exe (Trojan.Agent.SCS) -> 4016 -> Delete on reboot.
    C:\WINDOWS\system32\boaqbize.exe (Trojan.Agent.SCS) -> 3932 -> Delete on reboot.
    C:\WINDOWS\system32\qaebuqq.exe (Trojan.Agent.SCS) -> 3256 -> Delete on reboot.
    C:\WINDOWS\system32\tovaan.exe (Trojan.Agent.SCS) -> 864 -> Delete on reboot.
    C:\WINDOWS\system32\uknuupadaz.exe (Trojan.Agent.SCS) -> 3016 -> Delete on reboot.
    C:\WINDOWS\system32\ocgyokyvzu.exe (Trojan.Agent.SCS) -> 768 -> Delete on reboot.
    C:\WINDOWS\system32\atoxzeg.exe (Trojan.Agent.SCS) -> 3056 -> Delete on reboot.
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 98
    HKLM\SYSTEM\CurrentControlSet\Services\Update outobox (PUP.Optional.Outobox.A) -> No action taken.
    HKLM\SYSTEM\CurrentControlSet\Services\Util outobox (PUP.Optional.Outobox.A) -> No action taken.
    HKCR\CLSID\{30f06672-0e95-41a9-80cb-dee386af99ad} (PUP.Optional.Outobox.A) -> No action taken.
    HKCR\TypeLib\{1eb0a0b0-cabb-495c-a85a-7c8f891799c7} (PUP.Optional.Outobox.A) -> No action taken.
    HKCR\Interface\{B1290521-AB01-40EB-B993-AD122BEFC9E2} (PUP.Optional.Outobox.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F06672-0E95-41A9-80CB-DEE386AF99AD} (PUP.Optional.Outobox.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F06672-0E95-41A9-80CB-DEE386AF99AD} (PUP.Optional.Outobox.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F06672-0E95-41A9-80CB-DEE386AF99AD} (PUP.Optional.Outobox.A) -> No action taken.
    HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> No action taken.
    HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.Smart) -> No action taken.
    HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.Smart) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\outobox (PUP.Optional.Outobox.A) -> No action taken.
    HKCU\Software\outobox (PUP.Optional.Outobox.A) -> No action taken.
    HKLM\Software\outobox (PUP.Optional.Outobox.A) -> No action taken.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1009129834 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1045277016 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1077681284 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1400526015 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer148055121 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1480660342 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1496601110 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1541930118 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1550004034 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1582427453 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1682931450 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1759603747 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1760132708 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer181222385 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1837202346 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1840105033 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1909327088 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1992904510 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2020043493 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2021079978 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2071366727 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2107501059 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2280120200 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2291387716 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2367266893 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2378935339 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2447576690 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2538284125 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer257106408 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2583144573 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2613112027 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2632061207 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2652522690 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2726434141 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2735106879 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2743614875 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer284634372 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2856962151 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2942013615 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer299863450 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3061588198 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3073345554 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3079806573 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer31111543 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3194045644 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3226180819 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3385171742 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3447155896 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3524203983 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer358465979 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3586148606 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3597356647 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3650910561 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3670946163 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3773383004 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3782461720 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3842007731 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3928626687 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer4021211599 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer4170343503 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer4217602016 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer4273213313 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer4276568966 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer4290167050 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer434999234 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer436956718 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer543060426 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer586283376 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer605251562 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer680620793 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer685441751 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer686400689 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer708139796 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer727974584 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer729828264 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer775874379 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer838199781 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer849625114 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer864406640 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer900547098 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer90892532 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer936339685 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer941090548 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer988588801 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GameServer50E (Trojan.Agent.TMSGen) -> Data: "C:\Documents and Settings\Linda\Application Data\Bentley\WINAC.exe" -> Quarantined and deleted successfully.
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 3
    C:\Program Files\outobox (PUP.Optional.Outobox.A) -> No action taken.
    C:\Program Files\outobox\bin (PUP.Optional.Outobox.A) -> No action taken.
    C:\Program Files\outobox\bin\plugins (PUP.Optional.Outobox.A) -> No action taken.
    Files Detected: 190
    C:\Program Files\outobox\updateoutobox.exe (PUP.Optional.Outobox.A) -> No action taken.
    C:\Program Files\outobox\bin\utiloutobox.exe (PUP.Optional.Outobox.A) -> No action taken.
    C:\Program Files\outobox\outoboxBHO.dll (PUP.Optional.Outobox.A) -> No action taken.
    C:\Documents and Settings\Linda\Local Settings\Temp\Outobox.exe (PUP.Optional.Outobox.A) -> No action taken.
    C:\Documents and Settings\Linda\Local Settings\Temp\DownloadManager.exe (PUP.Optional.Smart) -> No action taken.
    C:\Program Files\outobox\outobox.ico (PUP.Optional.Outobox.A) -> No action taken.
    C:\Program Files\outobox\fjpdnoojnohifgekbkmnfbiobhcbedka.crx (PUP.Optional.Outobox.A) -> No action taken.
    C:\Program Files\outobox\outoboxUninstall.exe (PUP.Optional.Outobox.A) -> No action taken.
    C:\Program Files\outobox\sqlite3.exe (PUP.Optional.Outobox.A) -> No action taken.
    C:\Program Files\outobox\updateoutobox.InstallState (PUP.Optional.Outobox.A) -> No action taken.
    C:\Program Files\outobox\bin\sqlite3.dll (PUP.Optional.Outobox.A) -> No action taken.
    C:\Program Files\outobox\bin\utiloutobox.InstallState (PUP.Optional.Outobox.A) -> No action taken.
    C:\Program Files\outobox\bin\plugins\outobox.FFUpdate.dll (PUP.Optional.Outobox.A) -> No action taken.
    C:\Program Files\outobox\bin\plugins\outobox.GCUpdate.dll (PUP.Optional.Outobox.A) -> No action taken.
    C:\Program Files\outobox\bin\plugins\outobox.IEUpdate.dll (PUP.Optional.Outobox.A) -> No action taken.
    C:\Documents and Settings\Linda\Application Data\Autodesk\WIN7B.exe (Trojan.Downloader.ED) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Linda\Local Settings\Temp\Java_Update_06c5260d.exe (Trojan.Agent.ED) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Linda\Local Settings\Temp\Java_Update_45b6b863.exe (Spyware.Zbot.ED) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Linda\Local Settings\Temp\hiiim.exe (Trojan.Downloader.ED) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Linda\Local Settings\Temp\hiiin.exe (Trojan.Downloader.ED) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Linda\Local Settings\Temp\1syasdsgscsafgrwonf.exe (Spyware.Passwords.ED) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Linda\Local Settings\Temp\2syasdsgscsafgrwonf.exe (Exploit.Drop.GS) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 1009129834.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 1045277016.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 1077681284.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 1400526015.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 148055121.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 1480660342.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 1496601110.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 1541930118.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 1550004034.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 1582427453.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 1682931450.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 1759603747.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 1760132708.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 181222385.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 1837202346.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 1840105033.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 1909327088.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 1992904510.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 2020043493.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 2021079978.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 2071366727.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 2107501059.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 2280120200.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 2291387716.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 2367266893.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 2378935339.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 2447576690.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 2538284125.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 257106408.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 2583144573.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 2613112027.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 2632061207.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 2652522690.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 2726434141.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 2735106879.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 2743614875.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 284634372.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 2856962151.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 2942013615.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 299863450.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 3061588198.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 3073345554.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 3079806573.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 31111543.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 3194045644.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 3226180819.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 3385171742.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 3447155896.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 3524203983.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 358465979.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 3586148606.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 3597356647.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 3650910561.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 3670946163.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 3773383004.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 3782461720.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 3842007731.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 3928626687.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 4021211599.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 4170343503.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 4217602016.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 4273213313.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 4276568966.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 4290167050.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 434999234.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 436956718.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 543060426.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 586283376.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 605251562.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 680620793.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 685441751.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 686400689.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 708139796.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 727974584.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 729828264.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 775874379.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 838199781.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 849625114.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 864406640.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 900547098.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 90892532.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 936339685.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 941090548.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\Security Center Update - 988588801.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ykelw.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\azoftomyc.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\afapl.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\ygrynob.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\huxopep.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\ybdiimakor.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\keiftakuri.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\ykylihanty.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\ubque.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\puywew.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\ycyxpyr.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\exykbaoq.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\ograobyru.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\paovkytoab.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\ydixpeaz.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\ocxumixuon.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\alxepezozu.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\enemilorc.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\unvidyn.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\tinauwu.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\xiaheb.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\geulogora.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\eqfaci.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\igolokiw.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\qiexat.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\omurxakiid.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\ebetqily.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\buhyo.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\kapuv.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\emzukiib.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\daedge.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\vaacxuo.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\mocerin.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\enosg.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\cehuloesa.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\mymowu.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\feesomu.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\loanreywpi.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\kyrydaoh.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\nymog.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\aqazwoew.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\raobofymqo.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\zeexeduq.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\efewgodor.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\wyibv.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\dyarap.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\boaqbize.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\qaebuqq.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\tovaan.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\uknuupadaz.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\ocgyokyvzu.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\atoxzeg.exe (Trojan.Agent.SCS) -> Delete on reboot.
    C:\WINDOWS\system32\uforqo.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gaahfyyxom.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yneteshuy.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ycurnuutu.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nailvemye.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\axsyfuekci.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\zogeortuuh.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mexexusyo.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\syumy.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\zecokahyk.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\quvam.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\okopkyiw.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gahacice.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\adezypa.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\exyli.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\exqumyxiy.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\amkykimo.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ikubi.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\neofsy.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pegiiq.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hepic.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\zaidduy.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\famadi.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\uxursyfy.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\roedapnody.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\baelymca.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\erwootna.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xeniitibe.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\osonbo.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ziapkou.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\toahobopi.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fyuch.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
    (end)
     
  3. Linda R

    Linda R TS Rookie Topic Starter Posts: 36

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org
    Database version: v2013.12.31.08
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Linda :: WELLSCO-LAPPY [administrator]
    Protection: Disabled
    12/31/2013 11:16:46 PM
    mbam-log-2013-12-31 (23-16-46).txt
    Scan type: Flash scan
    Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: Registry | File System | P2P
    Objects scanned: 217631
    Time elapsed: 3 minute(s), 23 second(s)
    Memory Processes Detected: 1
    C:\Program Files\outobox\bin\utiloutobox.exe (PUP.Optional.Outobox.A) -> 3240 -> Delete on reboot.
    Memory Modules Detected: 2
    C:\Program Files\outobox\outoboxBHO.dll (PUP.Optional.Outobox.A) -> Delete on reboot.
    C:\Program Files\outobox\bin\sqlite3.dll (PUP.Optional.Outobox.A) -> Delete on reboot.
    Registry Keys Detected: 11
    HKLM\SYSTEM\CurrentControlSet\Services\Util outobox (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{30f06672-0e95-41a9-80cb-dee386af99ad} (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{1eb0a0b0-cabb-495c-a85a-7c8f891799c7} (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
    HKCR\Interface\{B1290521-AB01-40EB-B993-AD122BEFC9E2} (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F06672-0E95-41A9-80CB-DEE386AF99AD} (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F06672-0E95-41A9-80CB-DEE386AF99AD} (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F06672-0E95-41A9-80CB-DEE386AF99AD} (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\Update outobox (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\outobox (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
    HKCU\Software\outobox (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
    HKLM\Software\outobox (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 3
    C:\Program Files\outobox (PUP.Optional.Outobox.A) -> Delete on reboot.
    C:\Program Files\outobox\bin (PUP.Optional.Outobox.A) -> Delete on reboot.
    C:\Program Files\outobox\bin\plugins (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
    Files Detected: 14
    C:\Program Files\outobox\bin\utiloutobox.exe (PUP.Optional.Outobox.A) -> Delete on reboot.
    C:\Program Files\outobox\outoboxBHO.dll (PUP.Optional.Outobox.A) -> Delete on reboot.
    C:\Program Files\outobox\updateoutobox.exe (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Linda\Local Settings\Temp\Outobox.exe (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
    C:\Program Files\outobox\outobox.ico (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
    C:\Program Files\outobox\fjpdnoojnohifgekbkmnfbiobhcbedka.crx (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
    C:\Program Files\outobox\outoboxUninstall.exe (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
    C:\Program Files\outobox\sqlite3.exe (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
    C:\Program Files\outobox\updateoutobox.InstallState (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
    C:\Program Files\outobox\bin\sqlite3.dll (PUP.Optional.Outobox.A) -> Delete on reboot.
    C:\Program Files\outobox\bin\utiloutobox.InstallState (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
    C:\Program Files\outobox\bin\plugins\outobox.FFUpdate.dll (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
    C:\Program Files\outobox\bin\plugins\outobox.GCUpdate.dll (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
    C:\Program Files\outobox\bin\plugins\outobox.IEUpdate.dll (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
    (end)
     
  4. Linda R

    Linda R TS Rookie Topic Starter Posts: 36

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org
    Database version: v2013.12.31.08
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Linda :: WELLSCO-LAPPY [administrator]
    Protection: Enabled
    12/31/2013 11:36:04 PM
    mbam-log-2013-12-31 (23-36-04).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 268797
    Time elapsed: 31 minute(s), 45 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 3
    HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.Smart) -> Quarantined and deleted successfully.
    HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.Smart) -> Quarantined and deleted successfully.
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Documents and Settings\Linda\Local Settings\Temp\DownloadManager.exe (PUP.Optional.Smart) -> Quarantined and deleted successfully.
    (end)
     
  5. Linda R

    Linda R TS Rookie Topic Starter Posts: 36

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/14/2010 5:42:57 PM
    System Uptime: 12/31/2013 10:37:51 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 309F
    Processor: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz | U10 | 2161/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 30 GiB total, 3.283 GiB free.
    D: is FIXED (NTFS) - 45 GiB total, 25.736 GiB free.
    E: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) PRO/Wireless 3945ABG Network Connection
    Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_135B103C&REV_02\4&4878531&0&00E1
    Manufacturer: Intel Corporation
    Name: Intel(R) PRO/Wireless 3945ABG Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_135B103C&REV_02\4&4878531&0&00E1
    Service: NETw4x32
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: MoGo_Mouse_BT _
    Device ID: PCMCIA\MOGO_MOUSE_BT-_-061F\1
    Manufacturer:
    Name: MoGo_Mouse_BT _
    PNP Device ID: PCMCIA\MOGO_MOUSE_BT-_-061F\1
    Service:
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description:
    Device ID: ACPI\IFX0102\4&28738126&0
    Manufacturer:
    Name:
    PNP Device ID: ACPI\IFX0102\4&28738126&0
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: DesignJet 800PS (C7780C)
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: Hewlett-Packard
    Name: DesignJet 800PS (C7780C)
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Cisco Systems VPN Adapter
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter
    PNP Device ID: ROOT\NET\0000
    Service: CVirtA
    .
    ==== System Restore Points ===================
    .
    RP842: 11/30/2013 10:12:30 PM - System Checkpoint
    RP843: 12/1/2013 10:55:39 PM - System Checkpoint
    RP844: 12/2/2013 11:11:27 PM - System Checkpoint
    RP845: 12/4/2013 12:11:55 AM - System Checkpoint
    RP846: 12/5/2013 12:40:15 AM - System Checkpoint
    RP847: 12/6/2013 1:37:58 AM - System Checkpoint
    RP848: 12/7/2013 2:37:58 AM - System Checkpoint
    RP849: 12/8/2013 3:38:00 AM - System Checkpoint
    RP850: 12/9/2013 8:40:16 PM - System Checkpoint
    RP851: 12/10/2013 8:53:15 PM - System Checkpoint
    RP852: 12/11/2013 11:10:38 PM - System Checkpoint
    RP853: 12/12/2013 3:00:19 AM - Software Distribution Service 3.0
    RP854: 12/13/2013 3:01:21 AM - Software Distribution Service 3.0
    RP855: 12/14/2013 4:04:36 PM - System Checkpoint
    RP856: 12/15/2013 6:17:07 PM - System Checkpoint
    RP857: 12/16/2013 1:46:33 PM - Printer Driver LogMeIn Printer Driver Installed
    RP858: 12/17/2013 2:14:30 PM - System Checkpoint
    RP859: 12/18/2013 3:27:28 PM - System Checkpoint
    RP860: 12/19/2013 7:42:26 PM - System Checkpoint
    RP861: 12/20/2013 7:56:56 PM - System Checkpoint
    RP862: 12/21/2013 8:58:00 PM - System Checkpoint
    RP863: 12/22/2013 9:56:55 PM - System Checkpoint
    RP864: 12/23/2013 10:10:53 PM - System Checkpoint
    RP865: 12/24/2013 10:56:56 PM - System Checkpoint
    RP866: 12/26/2013 5:13:14 PM - System Checkpoint
    RP867: 12/27/2013 6:47:47 PM - System Checkpoint
    RP868: 12/28/2013 7:01:50 PM - System Checkpoint
    RP869: 12/29/2013 7:48:57 PM - System Checkpoint
    RP870: 12/30/2013 8:18:04 PM - System Checkpoint
    .
    ==== Image File Execution Options =============
    .
    IFEO: Your Image File Name Here without a path - ntsd -d
    .
    ==== Installed Programs ======================
    .
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 48,004   +271

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  7. Linda R

    Linda R TS Rookie Topic Starter Posts: 36

    First of all, I want to say THANK YOU! so much for taking time out of your holiday to help me with this! I really appreciate it! Here are the logs:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2014
    Ran by Linda (administrator) on WELLSCO-LAPPY on 01-01-2014 16:09:47
    Running from F:\
    Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal

    ==================== Processes (Whitelisted) ===================

    (Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
    (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    (Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    (Cisco Systems, Inc.) D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    (Hewlett-Packard Corporation) C:\WINDOWS\system32\accelerometerST.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Microsoft Corporation) C:\WINDOWS\system32\regsvr32.exe
    (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    (Gordoware) C:\Program Files\gordoware\connectto.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2007-11-20] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [AccelerometerSysTrayApplet] - C:\WINDOWS\system32\accelerometerST.exe [53248 2006-01-16] (Hewlett-Packard Corporation)
    HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1028096 2008-01-18] (Synaptics, Inc.)
    HKLM\...\Run: [PTHOSTTR] - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe [145184 2007-01-09] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
    HKLM\...\Run: [Eqovfeaxysavi] - "C:\Documents and Settings\Linda\Application Data\Pabiwex\ykrosi.exe"
    HKLM\...\Run: [Oltanye] - "C:\Documents and Settings\Linda\Application Data\Lyukud\raikebo.exe"
    HKLM\...\Run: [Noekyp] - "C:\Documents and Settings\Linda\Application Data\Ocorypi\kooxhel.exe"
    HKLM\...\Run: [Oqyzlupeyndiq] - "C:\Documents and Settings\Linda\Application Data\Saecegyb\syniix.exe"
    HKLM\...\Run: [Urhyow] - "C:\Documents and Settings\Linda\Application Data\Unosehul\zedeamu.exe"
    HKLM\...\Run: [Ekpozuamyx] - "C:\Documents and Settings\Linda\Application Data\Sesalisi\gautedo.exe"
    HKLM\...\Run: [Vaibmiuto] - "C:\Documents and Settings\Linda\Application Data\Ipiqrioc\kyhub.exe"
    HKLM\...\Run: [Wibuu] - "C:\Documents and Settings\Linda\Application Data\Leiber\ruzeiny.exe"
    HKLM\...\Run: [Nyehfydiemsopuw] - "C:\Documents and Settings\Linda\Application Data\Esefibv\bazuesi.exe"
    HKLM\...\Run: [Diwalyevvoo] - "C:\Documents and Settings\Linda\Application Data\Duuvqet\uxsuk.exe"
    HKLM\...\Run: [Ykoqkyhezu] - "C:\Documents and Settings\Linda\Application Data\Exruhac\vyrado.exe"
    HKLM\...\Run: [Iwopukqe] - "C:\Documents and Settings\Linda\Application Data\Amfogaov\ewlipei.exe"
    HKLM\...\Run: [Isiqtefeu] - "C:\Documents and Settings\Linda\Application Data\Diriacq\vyokeg.exe"
    HKLM\...\Run: [Zowyguefobunn] - "C:\Documents and Settings\Linda\Application Data\Ihuvor\ryolu.exe"
    HKLM\...\Run: [Qyupi] - "C:\Documents and Settings\Linda\Application Data\Seibup\ucepa.exe"
    HKLM\...\Run: [Tauvu] - "C:\Documents and Settings\Linda\Application Data\Piaryk\biaqlak.exe"
    HKLM\...\Run: [Vaokgeozqoo] - "C:\Documents and Settings\Linda\Application Data\Asawpate\usyvy.exe"
    HKLM\...\Run: [Efneoqol] - "C:\Documents and Settings\Linda\Application Data\Huywypm\enegob.exe"
    HKLM\...\Run: [Bedot] - "C:\Documents and Settings\Linda\Application Data\Soluhi\fekaev.exe"
    HKLM\...\Run: [Yvsiagsiuxeccy] - "C:\Documents and Settings\Linda\Application Data\Pyexfudu\mesyuv.exe"
    HKLM\...\Run: [Beykbiagokekocb] - "C:\Documents and Settings\Linda\Application Data\Coyhut\gucisom.exe"
    HKLM\...\Run: [Vaizitysutzy] - "C:\Documents and Settings\Linda\Application Data\Fuoccai\wizinoy.exe"
    HKLM\...\Run: [Mitelugub] - "C:\Documents and Settings\Linda\Application Data\Coreebaf\geyqp.exe"
    HKLM\...\Run: [Ovokiqomaru] - "C:\Documents and Settings\Linda\Application Data\Ynedve\mefici.exe"
    HKLM\...\Run: [Owumruyp] - "C:\Documents and Settings\Linda\Application Data\Maryag\woisy.exe"
    HKLM\...\Run: [Kaagxi] - "C:\Documents and Settings\Linda\Application Data\Ubifcuol\rainin.exe"
    HKLM\...\Run: [Futikyegrai] - "C:\Documents and Settings\Linda\Application Data\Suvakir\fobeagm.exe"
    HKLM\...\Run: [Afunatpiabi] - "C:\Documents and Settings\Linda\Application Data\Usegyfw\onepz.exe"
    HKLM\...\Run: [Yqnakyewquneeps] - "C:\Documents and Settings\Linda\Application Data\Lumyza\duleqi.exe"
    HKLM\...\Run: [Azbuafq] - "C:\Documents and Settings\Linda\Application Data\Cuxyxuwu\iwhipa.exe"
    HKLM\...\Run: [Uxufiva] - "C:\Documents and Settings\Linda\Application Data\Puzaadu\opzoom.exe"
    HKLM\...\Run: [Ugocibr] - "C:\Documents and Settings\Linda\Application Data\Riigakk\ipquyg.exe"
    HKLM\...\Run: [Didaisy] - "C:\Documents and Settings\Linda\Application Data\Ohhaylk\encey.exe"
    HKLM\...\Run: [Luhooga] - "C:\Documents and Settings\Linda\Application Data\Zaxoneo\anpimui.exe"
    HKLM\...\Run: [Pigiixzu] - "C:\Documents and Settings\Linda\Application Data\Wiydhaca\eqini.exe"
    HKLM\...\Run: [Yxipud] - "C:\Documents and Settings\Linda\Application Data\Heovrex\ozmyy.exe"
    HKLM\...\Run: [Keimowvio] - "C:\Documents and Settings\Linda\Application Data\Dibuegfy\muymk.exe"
    HKLM\...\Run: [Itbyfuafaxecy] - "C:\Documents and Settings\Linda\Application Data\Ecivwity\byvigo.exe"
    HKLM\...\Run: [Ofolixylrode] - "C:\Documents and Settings\Linda\Application Data\Yqydkui\wyesoq.exe"
    HKLM\...\Run: [Voecvitocahe] - "C:\Documents and Settings\Linda\Application Data\Naheav\ilrol.exe"
    HKLM\...\Run: [Liiqniceys] - "C:\Documents and Settings\Linda\Application Data\Esbudu\muifeg.exe"
    HKLM\...\Run: [Asonukcivovi] - "C:\Documents and Settings\Linda\Application Data\Kutiqoka\vayfeve.exe"
    HKLM\...\Run: [Riixsaoku] - "C:\Documents and Settings\Linda\Application Data\Cyziudv\amame.exe"
    HKLM\...\Run: [Agedynyrohhato] - "C:\Documents and Settings\Linda\Application Data\Idxoeges\ranuapx.exe"
    HKLM\...\Run: [Esahorfiybzyc] - "C:\Documents and Settings\Linda\Application Data\Feywohaw\igxuafu.exe"
    HKLM\...\Run: [Suidmit] - "C:\Documents and Settings\Linda\Application Data\Tyyfepaq\epowu.exe"
    HKLM\...\Run: [Suetexetqoi] - "C:\Documents and Settings\Linda\Application Data\Beebyrl\igywru.exe"
    HKLM\...\Run: [Uryfcuednakea] - "C:\Documents and Settings\Linda\Application Data\Myuffiy\usyqn.exe"
    HKLM\...\Run: [Pixuumi] - "C:\Documents and Settings\Linda\Application Data\Elaphif\kenou.exe"
    HKLM\...\Run: [Ikdivesa] - "C:\Documents and Settings\Linda\Application Data\Yzynul\likavi.exe"
    HKLM\...\Run: [Ulwoweg] - "C:\Documents and Settings\Linda\Application Data\Ocubysc\naupx.exe"
    HKLM\...\Run: [Inhovuugkiib] - "C:\Documents and Settings\Linda\Application Data\Opityh\akuml.exe"
    HKLM\...\Run: [Pyfavyycakce] - "C:\Documents and Settings\Linda\Application Data\Xysayqod\oknoka.exe"
    HKLM\...\Run: [Qicegoq] - "C:\Documents and Settings\Linda\Application Data\Xisynu\okfuul.exe"
    HKLM\...\Run: [Ulawdu] - "C:\Documents and Settings\Linda\Application Data\Cuzeroro\deypek.exe"
    HKLM\...\Run: [Nutewyebav] - "C:\Documents and Settings\Linda\Application Data\Ufhada\ydydda.exe"
    HKLM\...\Run: [Xanahyeno] - "C:\Documents and Settings\Linda\Application Data\Axumyn\cotiubl.exe"
    HKLM\...\Run: [Ylnuguco] - "C:\Documents and Settings\Linda\Application Data\Omduiklo\icumduo.exe"
    HKLM\...\Run: [Wytoyp] - "C:\Documents and Settings\Linda\Application Data\Kyemyd\gyaduvi.exe"
    HKLM\...\Run: [Wiomsefarioxx] - "C:\Documents and Settings\Linda\Application Data\Ywcuum\kirite.exe"
    HKLM\...\Run: [Zoybiceqxyra] - "C:\Documents and Settings\Linda\Application Data\Cofuhyxi\olver.exe"
    HKLM\...\Run: [Zuniomxoda] - "C:\Documents and Settings\Linda\Application Data\Zyypop\adtate.exe"
    HKLM\...\Run: [Muofwavuanogyha] - "C:\Documents and Settings\Linda\Application Data\Kipoxai\osufe.exe"
    HKLM\...\Run: [Doteohobehleb] - "C:\Documents and Settings\Linda\Application Data\Evamiw\ytkudi.exe"
    HKLM\...\Run: [Umruitota] - "C:\Documents and Settings\Linda\Application Data\Cuaxro\qoseu.exe"
    HKLM\...\Run: [Pyxaledibovukup] - "C:\Documents and Settings\Linda\Application Data\Leroxo\pautod.exe"
    HKLM\...\Run: [Rypicagiakogheg] - "C:\Documents and Settings\Linda\Application Data\Hiuntot\cemybub.exe"
    HKLM\...\Run: [Uxednaofhaec] - "C:\Documents and Settings\Linda\Application Data\Myikrivu\qimyyd.exe"
    HKLM\...\Run: [Enbocoeh] - "C:\Documents and Settings\Linda\Application Data\Opiffao\zealod.exe"
    Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
    HKCU\...\Run: [Inpgsoft] - regsvr32.exe "C:\Documents and Settings\Linda\Local Settings\Application Data\Inpgsoft\normalPaddlg.dll" <===== ATTENTION
    HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-04-17] (Google Inc.)
    HKCU\...\Run: [Eqovfeaxysavi] - "C:\Documents and Settings\Linda\Application Data\Pabiwex\ykrosi.exe"
    HKCU\...\Run: [Oqyzlupeyndiq] - "C:\Documents and Settings\Linda\Application Data\Saecegyb\syniix.exe"
    HKCU\...\Run: [Oltanye] - "C:\Documents and Settings\Linda\Application Data\Lyukud\raikebo.exe"
    HKCU\...\Run: [Ekpozuamyx] - "C:\Documents and Settings\Linda\Application Data\Sesalisi\gautedo.exe"
    MountPoints2: {04d20c00-4d7b-11e3-ac40-444553544200} - F:\VZW_Software_upgrade_assistant_installer.exe
    MountPoints2: {3eb75dba-5419-11e2-ac0c-001a6b2a37c3} - F:\TLBootstrap_WPP.exe
    MountPoints2: {41f4f08e-323e-11e2-abfe-001a6b2a37c3} - "F:\WD SmartWare.exe" autoplay=true
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\checkmaps.lnk
    ShortcutTarget: checkmaps.lnk -> C:\Program Files\gordoware\checkmaps.exe ()
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\connectto.lnk
    ShortcutTarget: connectto.lnk -> C:\Program Files\gordoware\connectto.exe (Gordoware)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    URLSearchHook: HKCU - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
    SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.tb.ask.com/search/GGm...n=77fdc98f&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKCU - {07871812-1823-4118-B7A8-B2C956AC8742} URL = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir
    SearchScopes: HKCU - {8CC45221-51CE-4DD1-8F4A-822235DB4D63} URL = http://www.amazon.com/gp/search?ie=...amp=1789&creative=9325&keywords={searchTerms}
    SearchScopes: HKCU - {954B9569-E869-4AE5-B2AB-F2700519E569} URL = http://www.walmart.com/catalog/search-ng.gsp?search_constraint=0&search_query={searchTerms}
    SearchScopes: HKCU - {98383ACF-5F17-49F1-91D7-EE480B517CA8} URL = http://www.weather.com/search/enhanced?where={searchTerms}
    SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.tb.ask.com/search/GGm...n=77fdc98f&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKCU - {C2A09D41-25C9-4E60-A52B-BA6068DD941D} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
    SearchScopes: HKCU - {DDD8124F-D233-44C2-A68C-9B432298DA67} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
    BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO: PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
    BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO: Toolbar BHO - {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65bar.dll (Mindspark)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Search Assistant BHO - {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
    Toolbar: HKLM - PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
    Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    Toolbar: HKLM - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65bar.dll (Mindspark)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - FromDocToPDF - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65bar.dll (Mindspark)
    DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289781725609
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
    DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
    DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinner.com/games/v42/tilecity/tilecity.cab
    DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://fhebpsslvpn.verizon.com/dana-cached/sc/JuniperSetupClient.cab
    ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
    Hosts: 12.151.201.180 tup-dc1
    Tcpip\..\Interfaces\{AB3D519C-5373-4FCB-A433-74A7E344E4C9}: [NameServer]166.68.227.10,166.68.195.10

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default
    FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - c:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File
    FF Plugin: @FromDocToPDF_65.com/Plugin - C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (Mindspark)
    FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
    FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @Tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - c:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - c:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
    FF Extension: Status-bar Calculator - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\calculator@cmcculloh
    FF Extension: No Name - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\staged
    FF Extension: DAO.TableDef.120 - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\{36680766-DB0F-2FE2-454F-617C65152C54}
    FF Extension: Myibidder (Myibay) Bid Sniper for eBay - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\firefox1@myibay.com.xpi
    FF Extension: outobox - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\firefox@outobox.net.xpi
    FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
    FF Extension: Tab Mix Plus - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com/
    CHR RestoreOnStartup: "hxxp://www.google.com/"
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll No File
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll No File
    CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
    CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
    CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
    CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
    CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
    CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    CHR Plugin: (PDF-XChange Viewer) - c:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    CHR Extension: (Docs) - C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
    CHR Extension: (Google Drive) - C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
    CHR Extension: (YouTube) - C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
    CHR Extension: (Google Search) - C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
    CHR Extension: (Gmail) - C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
    CHR HKLM\...\Chrome\Extension: [fjpdnoojnohifgekbkmnfbiobhcbedka] - C:\Program Files\outobox\fjpdnoojnohifgekbkmnfbiobhcbedka.crx
     
  8. Linda R

    Linda R TS Rookie Topic Starter Posts: 36

    Here is the second part of the first log:

    ========================== Services (Whitelisted) =================

    R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660520 2009-09-12] (Acronis)
    R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2326920 2010-11-15] (Acronis)
    R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)
    R2 CVPND; D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528624 2009-11-17] (Cisco Systems, Inc.)
    S3 ExtranetAccess; C:\Program Files\Nortel Networks\Extranet_serv.exe [811008 2007-04-18] (Nortel Networks NA, Inc.)
    S2 FromDocToPDF_65Service; C:\Program Files\FromDocToPDF_65\bar\1.bin\65barsvc.exe [88648 2013-12-09] (COMPANYVERS_NAME)
    R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [162136 2013-02-20] (Juniper Networks, Inc.)
    R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
    S3 OracleClientCache80; C:\orant\BIN\ONRSD80.EXE [95744 1998-06-10] ()
    R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

    ==================== Drivers (Whitelisted) ====================

    R1 ATMDLC; C:\Windows\System32\DRIVERS\atmdlc.sys [40952 2009-08-27] (Attachmate Corporation)
    R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146560 2007-08-28] (AuthenTec, Inc.)
    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-27] (Avira Operations GmbH & Co. KG)
    S3 btaudio; C:\Windows\System32\drivers\btaudio.sys [401664 2006-02-15] (Broadcom Corporation.)
    S3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [30363 2006-02-15] (Broadcom Corporation.)
    R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [1342570 2006-02-15] (Broadcom Corporation.)
    S3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [148168 2006-02-15] (Broadcom Corporation.)
    S3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [44163 2006-02-15] (Broadcom Corporation.)
    S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [57096 2006-02-15] (Broadcom Corporation.)
    S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
    R2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [308859 2009-11-17] (Cisco Systems, Inc.)
    R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
    R3 Eacfilt; C:\Windows\System32\DRIVERS\eacfilt.sys [26137 2007-04-18] (Nortel Networks)
    R3 GTIPCI21; C:\Windows\System32\DRIVERS\gtipci21.sys [88192 2006-09-14] (Texas Instruments)
    R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [211200 2007-10-16] (Conexant Systems, Inc.)
    R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [989312 2007-10-16] (Conexant Systems, Inc.)
    S3 IPSECEXT; C:\Windows\System32\DRIVERS\ipsecw2k.sys [155152 2007-04-18] (Nortel Networks NA, Inc.)
    R3 IPSECSHM; C:\Windows\System32\DRIVERS\ipsecw2k.sys [155152 2007-04-18] (Nortel Networks NA, Inc.)
    R3 JNPRNA; C:\Windows\System32\DRIVERS\jnprna5.sys [446712 2013-01-17] (Juniper Networks, Inc.)
    S4 jnprTdi_730_32781; C:\WINDOWS\system32\Drivers\jnprTdi_730_32781.sys [90456 2013-02-19] (Juniper Networks, Inc.)
    S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [25456 2013-01-17] (Juniper Networks, Inc.)
    R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [36776 2013-01-17] (Juniper Networks, Inc.)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
    S3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2236544 2007-10-31] (Intel Corporation)
    S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys [32408 2009-05-25] (Smith Micro Inc.)
    R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
    R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [902432 2010-11-15] (Acronis)
    S3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)
    S3 dsNcAdpt; system32\DRIVERS\dsNcAdpt.sys [x]
    U1 eabfiltr;
    S4 LMIRfsClientNP; No ImagePath
    U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    S3 UIUSys; System32\DRIVERS\UIUSYS.SYS [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-01-01 16:08 - 2014-01-01 16:08 - 00000000 ____D C:\FRST
    2014-01-01 16:06 - 2014-01-01 16:08 - 00004754 _____ C:\WINDOWS\setupapi.log
    2013-12-31 23:06 - 2014-01-01 13:09 - 00003053 _____ C:\Documents and Settings\Linda\Desktop\attach.txt
    2013-12-31 22:42 - 2014-01-01 15:59 - 00000159 _____ C:\WINDOWS\wiadebug.log
    2013-12-31 22:42 - 2014-01-01 15:59 - 00000048 _____ C:\WINDOWS\wiaservc.log
    2013-12-31 22:42 - 2013-12-31 22:42 - 00000000 ____N C:\WINDOWS\Sti_Trace.log
    2013-12-31 17:26 - 2013-12-31 17:26 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Malwarebytes
    2013-12-31 17:25 - 2013-12-31 17:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2013-12-31 17:25 - 2013-12-31 17:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    2013-12-31 17:25 - 2013-12-31 17:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2013-12-31 17:25 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2013-12-31 17:06 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Opityh
    2013-12-31 17:06 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Elaphif
    2013-12-31 17:04 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Emreikit
    2013-12-31 17:04 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ocubysc
    2013-12-31 17:03 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ixfiam
    2013-12-31 17:03 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ywcuum
    2013-12-31 17:02 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Kyemyd
    2013-12-31 17:01 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Zyypop
    2013-12-31 17:01 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cofuhyxi
    2013-12-31 17:00 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Abpyitut
    2013-12-31 16:59 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cuzeroro
    2013-12-31 16:58 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Yzynul
    2013-12-31 16:58 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Tyyfepaq
    2013-12-31 16:57 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ipumeddu
    2013-12-31 16:56 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Udawzow
    2013-12-31 16:56 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cuaxro
    2013-12-31 16:55 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Taytgek
    2013-12-31 16:54 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Kipoxai
    2013-12-31 16:54 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Beebyrl
    2013-12-31 16:53 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Logahi
    2013-12-31 16:52 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Waguku
    2013-12-31 16:52 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Evamiw
    2013-12-31 16:51 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ufhada
    2013-12-31 16:51 - 2013-12-31 16:51 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ygviiryd
    2013-12-31 16:50 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Maalep
    2013-12-31 16:50 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Hyziexap
    2013-12-31 16:49 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Leroxo
    2013-12-31 16:48 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Opiffao
    2013-12-31 16:47 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Yqyfpal
    2013-12-31 16:47 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Folyce
    2013-12-31 16:46 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Xisynu
    2013-12-31 16:45 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Huziov
    2013-12-31 16:45 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Hiuntot
    2013-12-31 16:44 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Myuffiy
    2013-12-31 16:43 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Unixkypu
    2013-12-31 16:43 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Axumyn
    2013-12-31 16:42 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Xysayqod
    2013-12-31 16:41 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Omduiklo
    2013-12-31 16:41 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Myikrivu
    2013-12-31 16:40 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Feywohaw
    2013-12-31 16:39 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Idxoeges
    2013-12-31 16:38 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Kutiqoka
    2013-12-31 16:38 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cyziudv
    2013-12-31 16:37 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Esbudu
    2013-12-31 16:36 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Yqydkui
    2013-12-31 16:36 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Naheav
    2013-12-31 16:35 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ecivwity
    2013-12-31 16:34 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Heovrex
    2013-12-31 16:34 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Dibuegfy
    2013-12-31 16:33 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Wiydhaca
    2013-12-31 16:32 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Zaxoneo
    2013-12-31 16:31 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Riigakk
    2013-12-31 16:31 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ohhaylk
    2013-12-31 16:30 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Puzaadu
    2013-12-31 16:29 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cuxyxuwu
    2013-12-31 16:28 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Usegyfw
    2013-12-31 16:28 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Lumyza
    2013-12-31 16:27 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Suvakir
    2013-12-31 16:26 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ubifcuol
    2013-12-31 16:25 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ynedve
    2013-12-31 16:25 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Maryag
    2013-12-31 16:24 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Coreebaf
    2013-12-31 16:23 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Fuoccai
    2013-12-31 16:22 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Pyexfudu
    2013-12-31 16:22 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Coyhut
    2013-12-31 16:21 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Soluhi
    2013-12-31 16:20 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Huywypm
    2013-12-31 16:19 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Piaryk
    2013-12-31 16:19 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Asawpate
    2013-12-31 16:18 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Seibup
    2013-12-31 16:17 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ihuvor
    2013-12-31 16:17 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Diriacq
    2013-12-31 16:16 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Amfogaov
    2013-12-31 16:15 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Exruhac
    2013-12-31 16:14 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Esefibv
    2013-12-31 16:14 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Duuvqet
    2013-12-31 16:13 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Leiber
    2013-12-31 16:12 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Sesalisi
    2013-12-31 16:12 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ipiqrioc
    2013-12-31 16:11 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Unosehul
    2013-12-31 16:10 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Saecegyb
    2013-12-31 16:09 - 2014-01-01 16:07 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Vaqiusl
    2013-12-31 16:09 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ocorypi
    2013-12-31 16:08 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Lyukud
    2013-12-31 16:07 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Pabiwex
    2013-12-31 14:25 - 2014-01-01 14:26 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
    2013-12-11 21:38 - 2013-12-11 21:38 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    2013-12-11 21:38 - 2013-12-11 21:38 - 00000000 ____D C:\Program Files\CCleaner
    2013-12-11 21:38 - 2013-12-11 21:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
    2013-12-09 11:15 - 2013-12-09 11:15 - 00000000 ____D C:\Documents and Settings\Linda\Local Settings\Application Data\IAC
    2013-12-09 11:15 - 2013-12-09 11:15 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\FromDocToPDF_65
    2013-12-09 11:14 - 2013-12-09 11:14 - 00000000 ____D C:\Program Files\FromDocToPDF_65
    2013-12-04 13:57 - 2013-12-04 13:57 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Inpgsoft
    2013-12-03 16:39 - 2013-12-03 16:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Inpgsoft

    ==================== One Month Modified Files and Folders =======

    2014-01-01 16:08 - 2014-01-01 16:08 - 00000000 ____D C:\FRST
    2014-01-01 16:08 - 2014-01-01 16:06 - 00004754 _____ C:\WINDOWS\setupapi.log
    2014-01-01 16:07 - 2013-12-31 16:09 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Vaqiusl
    2014-01-01 16:06 - 2010-11-14 19:42 - 01882622 _____ C:\WINDOWS\WindowsUpdate.log
    2014-01-01 16:05 - 2003-03-31 07:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
    2014-01-01 15:59 - 2013-12-31 22:42 - 00000159 _____ C:\WINDOWS\wiadebug.log
    2014-01-01 15:59 - 2013-12-31 22:42 - 00000048 _____ C:\WINDOWS\wiaservc.log
    2014-01-01 15:59 - 2010-11-14 18:35 - 00027335 _____ C:\WINDOWS\system32\nvModes.001
    2014-01-01 15:58 - 2013-04-17 10:40 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-01-01 15:57 - 2010-11-14 17:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2014-01-01 15:55 - 2010-11-14 17:44 - 00032594 _____ C:\WINDOWS\SchedLgU.Txt
    2014-01-01 15:54 - 2013-12-31 17:04 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Emreikit
    2014-01-01 15:54 - 2013-12-31 17:03 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ixfiam
    2014-01-01 15:54 - 2013-12-31 17:00 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Abpyitut
    2014-01-01 15:54 - 2013-12-31 16:57 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ipumeddu
    2014-01-01 15:54 - 2013-12-31 16:56 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Udawzow
    2014-01-01 15:54 - 2013-12-31 16:55 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Taytgek
    2014-01-01 15:54 - 2013-12-31 16:53 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Logahi
    2014-01-01 15:54 - 2013-12-31 16:52 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Waguku
    2014-01-01 15:54 - 2013-12-31 16:50 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Maalep
    2014-01-01 15:54 - 2013-12-31 16:50 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Hyziexap
    2014-01-01 15:54 - 2013-12-31 16:47 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Yqyfpal
    2014-01-01 15:54 - 2013-12-31 16:47 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Folyce
    2014-01-01 15:54 - 2013-12-31 16:45 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Huziov
    2014-01-01 15:54 - 2013-12-31 16:43 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Unixkypu
    2014-01-01 15:45 - 2010-11-15 16:19 - 00000000 ____D C:\WINDOWS\system32\NtmsData
    2014-01-01 15:35 - 2013-12-31 17:06 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Opityh
    2014-01-01 15:35 - 2013-12-31 17:06 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Elaphif
    2014-01-01 15:35 - 2013-12-31 17:04 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ocubysc
    2014-01-01 15:35 - 2013-12-31 17:03 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ywcuum
    2014-01-01 15:35 - 2013-12-31 17:02 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Kyemyd
    2014-01-01 15:35 - 2013-12-31 17:01 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Zyypop
    2014-01-01 15:35 - 2013-12-31 17:01 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cofuhyxi
    2014-01-01 15:35 - 2013-12-31 16:59 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cuzeroro
    2014-01-01 15:35 - 2013-12-31 16:58 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Yzynul
    2014-01-01 15:35 - 2013-12-31 16:58 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Tyyfepaq
    2014-01-01 15:35 - 2013-12-31 16:56 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cuaxro
    2014-01-01 15:35 - 2013-12-31 16:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Kipoxai
    2014-01-01 15:35 - 2013-12-31 16:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Beebyrl
    2014-01-01 15:35 - 2013-12-31 16:52 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Evamiw
    2014-01-01 15:35 - 2013-12-31 16:51 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ufhada
    2014-01-01 15:35 - 2013-12-31 16:49 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Leroxo
    2014-01-01 15:35 - 2013-12-31 16:48 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Opiffao
    2014-01-01 15:35 - 2013-12-31 16:46 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Xisynu
    2014-01-01 15:35 - 2013-12-31 16:45 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Hiuntot
    2014-01-01 15:35 - 2013-12-31 16:44 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Myuffiy
    2014-01-01 15:35 - 2013-12-31 16:43 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Axumyn
    2014-01-01 15:35 - 2013-12-31 16:42 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Xysayqod
    2014-01-01 15:35 - 2013-12-31 16:41 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Omduiklo
    2014-01-01 15:35 - 2013-12-31 16:41 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Myikrivu
    2014-01-01 15:35 - 2013-12-31 16:40 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Feywohaw
    2014-01-01 15:35 - 2013-12-31 16:39 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Idxoeges
    2014-01-01 15:35 - 2013-12-31 16:38 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Kutiqoka
    2014-01-01 15:35 - 2013-12-31 16:38 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cyziudv
    2014-01-01 15:35 - 2013-12-31 16:37 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Esbudu
    2014-01-01 15:35 - 2013-12-31 16:36 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Yqydkui
    2014-01-01 15:35 - 2013-12-31 16:36 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Naheav
    2014-01-01 15:35 - 2013-12-31 16:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ecivwity
    2014-01-01 15:35 - 2013-12-31 16:34 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Heovrex
    2014-01-01 15:35 - 2013-12-31 16:34 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Dibuegfy
    2014-01-01 15:35 - 2013-12-31 16:33 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Wiydhaca
    2014-01-01 15:35 - 2013-12-31 16:32 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Zaxoneo
    2014-01-01 15:35 - 2013-12-31 16:31 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Riigakk
    2014-01-01 15:35 - 2013-12-31 16:31 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ohhaylk
    2014-01-01 15:35 - 2013-12-31 16:30 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Puzaadu
    2014-01-01 15:35 - 2013-12-31 16:29 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cuxyxuwu
    2014-01-01 15:35 - 2013-12-31 16:28 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Usegyfw
    2014-01-01 15:35 - 2013-12-31 16:28 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Lumyza
    2014-01-01 15:35 - 2013-12-31 16:27 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Suvakir
    2014-01-01 15:35 - 2013-12-31 16:26 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ubifcuol
    2014-01-01 15:35 - 2013-12-31 16:25 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ynedve
    2014-01-01 15:35 - 2013-12-31 16:25 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Maryag
    2014-01-01 15:35 - 2013-12-31 16:24 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Coreebaf
    2014-01-01 15:35 - 2013-12-31 16:23 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Fuoccai
    2014-01-01 15:35 - 2013-12-31 16:22 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Pyexfudu
    2014-01-01 15:35 - 2013-12-31 16:22 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Coyhut
    2014-01-01 15:35 - 2013-12-31 16:21 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Soluhi
    2014-01-01 15:35 - 2013-12-31 16:20 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Huywypm
    2014-01-01 15:35 - 2013-12-31 16:19 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Piaryk
    2014-01-01 15:35 - 2013-12-31 16:19 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Asawpate
    2014-01-01 15:35 - 2013-12-31 16:18 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Seibup
    2014-01-01 15:35 - 2013-12-31 16:17 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ihuvor
    2014-01-01 15:35 - 2013-12-31 16:17 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Diriacq
    2014-01-01 15:35 - 2013-12-31 16:16 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Amfogaov
    2014-01-01 15:35 - 2013-12-31 16:15 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Exruhac
    2014-01-01 15:35 - 2013-12-31 16:14 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Esefibv
    2014-01-01 15:35 - 2013-12-31 16:14 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Duuvqet
    2014-01-01 15:35 - 2013-12-31 16:13 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Leiber
    2014-01-01 15:35 - 2013-12-31 16:12 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Sesalisi
    2014-01-01 15:35 - 2013-12-31 16:12 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ipiqrioc
    2014-01-01 15:35 - 2013-12-31 16:11 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Unosehul
    2014-01-01 15:35 - 2013-12-31 16:10 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Saecegyb
    2014-01-01 15:35 - 2013-12-31 16:09 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ocorypi
    2014-01-01 15:35 - 2013-12-31 16:08 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Lyukud
    2014-01-01 15:35 - 2013-12-31 16:07 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Pabiwex
    2014-01-01 15:35 - 2012-06-03 22:51 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-01-01 15:15 - 2013-04-17 10:40 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-01-01 14:54 - 2010-11-14 17:38 - 00000000 ____D C:\WINDOWS\Registration
    2014-01-01 14:26 - 2013-12-31 14:25 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
    2014-01-01 13:44 - 2013-10-14 12:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2014-01-01 13:09 - 2013-12-31 23:06 - 00003053 _____ C:\Documents and Settings\Linda\Desktop\attach.txt
    2014-01-01 00:40 - 2010-11-14 10:51 - 00000000 ____D C:\WINDOWS\Help
    2014-01-01 00:01 - 2012-08-28 14:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LogMeIn
    2013-12-31 23:23 - 2010-11-14 10:51 - 00000000 ____D C:\WINDOWS\Resources
    2013-12-31 22:42 - 2013-12-31 22:42 - 00000000 ____N C:\WINDOWS\Sti_Trace.log
    2013-12-31 22:37 - 2011-02-01 11:43 - 00000000 ____D C:\WINDOWS\Minidump
    2013-12-31 22:30 - 2010-12-08 13:38 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Autodesk
    2013-12-31 20:26 - 2012-01-24 12:19 - 00000000 ____D C:\WINDOWS\system32\LogFiles
    2013-12-31 18:46 - 2013-04-04 11:16 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Bentley
    2013-12-31 17:26 - 2013-12-31 17:26 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Malwarebytes
    2013-12-31 17:26 - 2013-12-31 17:25 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2013-12-31 17:25 - 2013-12-31 17:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    2013-12-31 17:25 - 2013-12-31 17:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2013-12-31 16:51 - 2013-12-31 16:51 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ygviiryd
    2013-12-31 15:04 - 2013-04-02 12:49 - 00000075 _____ C:\WINDOWS\iddsgtev8i.ini
    2013-12-31 14:53 - 2011-12-14 15:00 - 00002305 _____ C:\Documents and Settings\Linda\Desktop\VPN Client.lnk
    2013-12-31 14:49 - 2010-11-14 10:55 - 00000329 ___SH C:\boot.ini
    2013-12-31 14:49 - 2003-03-31 07:00 - 00000876 _____ C:\WINDOWS\win.ini
    2013-12-31 14:49 - 2003-03-31 07:00 - 00000227 _____ C:\WINDOWS\system.ini
    2013-12-31 13:49 - 2012-05-24 15:21 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
    2013-12-19 13:33 - 2013-11-18 17:04 - 00000000 ____D C:\Verizon_Android
    2013-12-19 13:33 - 2013-11-18 17:04 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Verizon_Android
    2013-12-17 11:53 - 2010-11-14 18:35 - 00027335 _____ C:\WINDOWS\system32\nvModes.dat
    2013-12-16 13:46 - 2012-08-28 14:54 - 00000719 _____ C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
    2013-12-16 13:46 - 2012-08-28 14:54 - 00000000 ____D C:\Program Files\LogMeIn
    2013-12-16 13:45 - 2012-08-28 14:54 - 00086888 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
    2013-12-16 13:45 - 2012-08-28 14:54 - 00085832 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
    2013-12-16 13:45 - 2012-08-28 14:54 - 00031560 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
    2013-12-12 04:42 - 2012-12-11 23:10 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
    2013-12-12 04:42 - 2012-12-11 23:10 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
    2013-12-12 03:24 - 2010-11-14 10:56 - 00298048 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2013-12-12 03:08 - 2012-05-24 15:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2013-12-12 03:07 - 2010-11-15 15:28 - 00000000 ____D C:\WINDOWS\ie8updates
    2013-12-12 03:06 - 2013-08-14 02:08 - 00000000 ____D C:\WINDOWS\system32\MRT
    2013-12-12 03:06 - 2010-11-15 13:19 - 00046592 _____ C:\WINDOWS\system32\TZLog.log
    2013-12-12 03:03 - 2010-11-15 13:16 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2013-12-11 22:25 - 2010-11-15 15:41 - 00000000 ____D C:\WINDOWS\pss
    2013-12-11 21:38 - 2013-12-11 21:38 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    2013-12-11 21:38 - 2013-12-11 21:38 - 00000000 ____D C:\Program Files\CCleaner
    2013-12-11 21:38 - 2013-12-11 21:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
    2013-12-11 14:35 - 2012-06-03 22:51 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2013-12-11 14:35 - 2012-06-03 22:51 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2013-12-09 15:42 - 2010-11-15 18:37 - 00000000 ____D C:\dgn
    2013-12-09 11:15 - 2013-12-09 11:15 - 00000000 ____D C:\Documents and Settings\Linda\Local Settings\Application Data\IAC
    2013-12-09 11:15 - 2013-12-09 11:15 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\FromDocToPDF_65
    2013-12-09 11:14 - 2013-12-09 11:14 - 00000000 ____D C:\Program Files\FromDocToPDF_65
    2013-12-05 04:19 - 2013-04-17 10:40 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2013-12-04 15:40 - 2011-12-14 15:10 - 00000336 _____ C:\Documents and Settings\Linda\Desktop\PA drive.bat
    2013-12-04 13:57 - 2013-12-04 13:57 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Inpgsoft
    2013-12-03 16:39 - 2013-12-03 16:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Inpgsoft

    Files to move or delete:
    ====================
    C:\Documents and Settings\Linda\gotomypc_540.exe


    Some content of TEMP:
    ====================
    C:\Documents and Settings\Linda\Local Settings\Temp\6_Offer_16.exe
    C:\Documents and Settings\Linda\Local Settings\Temp\avgnt.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== End Of Log ============================
     
  9. Linda R

    Linda R TS Rookie Topic Starter Posts: 36

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-01-2014
    Ran by Linda at 2014-01-01 16:13:50
    Running from F:\
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

    ==================== Installed Programs ======================

    32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
    7-Zip 9.20 (Version: - )
    8600_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
    8600_Readme (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Acronis True Image Home (Version: 13.0.5055 - Acronis)
    Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
    Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.05) (Version: 11.0.05 - Adobe Systems Incorporated)
    Adobe SVG Viewer 3.0 (Version: 3.0 - )
    Attachmate EXTRA! X-treme 9.1 (Version: 9.1.1071 - Attachmate)
    AuthenTec Fingerprint Sensor Minimum Install (Version: 7.9 - AuthenTec)
    Avira Free Antivirus (Version: 14.0.2.286 - Avira)
    Bentley Map V8i (SELECTseries 3) For MicroStation 08.11.09.91 (Version: 08.11.09.91 - Bentley Systems, Incorporated)
    Bentley MicroStation (V 07.01.04.07) (Version: - )
    Bentley MicroStation (V 08.05.02.45) - 1 (Version: - )
    Bentley MicroStation GeoGraphics (V 08.05.02.13) (Version: - )
    BlackBerry USB Drivers (Version: 2.00.0005 - Smith Micro Software, Inc.)
    BPD_HPSU (Version: 1.00.0000 - Hewlett-Packard) Hidden
    BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
    BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Broadcom NetXtreme Ethernet Controller (Version: 8.22.12 - Broadcom Corporation)
    Brother MFC-6490CW (Version: 1.00 - Brother)
    CCleaner (Version: 4.01 - Piriform)
    Cisco Systems VPN Client 5.0.06.0160 (Version: 5.0.6 - Cisco Systems, Inc.)
    Coupon Printer for Windows (Version: 5.0.0.0 - Coupons.com Incorporated)
    Data Access Objects (DAO) 3.5 (Version: - )
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version: - Microsoft)
    FromDocToPDF Internet Explorer Toolbar (Version: - Mindspark Interactive Network)
    Google Chrome (Version: 31.0.1650.63 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
    Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
    HDAUDIO Soft Data Fax Modem with SmartCP (Version: - )
    HP Integrated Module with Bluetooth wireless technology (Version: 4.0.1.3301 - HP)
    HP Mobile Data Protection System (Version: 1.00 A6 - )
    HP Officejet Pro K8600 Series (Version: 1.0 - HP)
    HP ProtectTools Security Manager (Version: 3.00 A10 - Hewlett-Packard)
    HP Quick Launch Buttons 6.30 J1 (Version: 6.30 J1 - Hewlett-Packard)
    HP Smart Card Security for ProtectTools 5.00 D4 (Version: 5.00 D4 - Hewlett-Packard Company)
    HP Wireless Assistant (Version: 3.00 I2 - Hewlett-Packard)
    Java 7 Update 21 (Version: 7.0.210 - Oracle)
    Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
    Juniper Networks, Inc. Setup Client (Version: 7.3.4.32787 - Juniper Networks, Inc.)
    Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Junos Pulse 3.1 (Version: 3.1.32787 - Juniper Networks, Inc.)
    Junos Pulse Core Components (Version: 3.1.32787 - Juniper Networks) Hidden
    Junos Pulse Drivers Add-On (Version: 3.1.32787 - Juniper Networks) Hidden
    Junos Pulse Tunnel Manager Add-On (Version: 3.1.32787 - Juniper Networks) Hidden
    Junos Pulse UAC/NC Components (Version: 3.1.32787 - Juniper Networks) Hidden
    K8600 (Version: 50.0.165.000 - Hewlett-Packard) Hidden
    LightScribe System Software 1.10.19.1 (Version: 1.10.19.1 - http://www.lightscribe.com)
    LogMeIn (Version: 4.1.2504 - LogMeIn, Inc.)
    Magical Jelly Bean KeyFinder (Version: 2.0.8.1 - Magical Jelly Bean)
    Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
    McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
    MetaFrame Presentation Server Client (Version: 9.230.50211 - Citrix Systems, Inc.)
    Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
    Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version: - Microsoft Corporation) Hidden
    Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
    MicroStation V8i (SELECTseries 3) 08.11.09.357 (Version: 08.11.09.357 - Bentley Systems, Incorporated)
    Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0 - Mozilla)
    Mozilla Maintenance Service (Version: 24.0 - Mozilla)
    MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0 - Microsoft Corporation)
    MWSnap 3 (Version: 3.0.0.74 - Mirek Wojtowicz)
    NetDeviceManager (Version: 90.0.205.000 - Hewlett-Packard) Hidden
    NVIDIA Drivers (Version: - )
    Oracle Data Provider for .NET Help (Version: 10.2.020 - Oracle Corporation)
    PDF-XChange 4 Pro (Version: 4.186.56.0 - Tracker Software Products Ltd)
    ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
    RedistSysFiles (Version: 8.1.0 - ) Hidden
    Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
    SES Driver (Version: 1.0.0 - Western Digital)
    Synaptics Pointing Device Driver (Version: 10.2.4.0 - Synaptics)
    Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 2.00.0001 - Texas Instruments Inc.)
    TIPCI (Version: 2.00.0001 - Texas Instruments Inc.) Hidden
    Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1 - Microsoft Corporation)
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version: - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version: - Microsoft)
    Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (Version: - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version: - Microsoft)
    Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version: - Microsoft)
    Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version: - Microsoft)
    Update for Windows Internet Explorer 8 (KB2362765) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB976662) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
    VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
    VC8 CRT (Version: 8.0.50727.762 - Juniper Networks) Hidden
    Verizon Extranet Access Client (Version: - )
    VZAccess Manager (Version: 7.2.9.1 - Smith Micro Software Inc.)
    WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
    WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
    WebSlingPlayer ActiveX (Version: 1.5.7158 - Sling Media)
    Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (Version: - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
    Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Windows Live Essentials (Version: 14.0.8117.0416 - Microsoft Corporation)
    Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
    Windows Live Sign-in Assistant (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Upload Tool (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Search 4.0 (Version: 04.00.6001.503 - Microsoft Corporation)
    Windows XP Service Pack 3 (Version: 20080414.031525 - Microsoft Corporation)
    WinImage (Version: - )
    Yahoo! Software Update (Version: - )
    Yahoo! Toolbar (Version: - Yahoo! Inc.)
    ZipDownloader (Version: - )

    ==================== Restore Points =========================

    07-12-2013 07:37:58 System Checkpoint
    08-12-2013 08:38:00 System Checkpoint
    10-12-2013 01:40:16 System Checkpoint
    11-12-2013 01:53:15 System Checkpoint
    12-12-2013 04:10:38 System Checkpoint
    12-12-2013 08:00:19 Software Distribution Service 3.0
    13-12-2013 08:01:21 Software Distribution Service 3.0
    14-12-2013 21:04:36 System Checkpoint
    15-12-2013 23:17:07 System Checkpoint
    16-12-2013 18:46:33 Printer Driver LogMeIn Printer Driver Installed
    17-12-2013 19:14:30 System Checkpoint
    18-12-2013 20:27:28 System Checkpoint
    20-12-2013 00:42:26 System Checkpoint
    21-12-2013 00:56:56 System Checkpoint
    22-12-2013 01:58:00 System Checkpoint
    23-12-2013 02:56:55 System Checkpoint
    24-12-2013 03:10:53 System Checkpoint
    25-12-2013 03:56:56 System Checkpoint
    26-12-2013 22:13:14 System Checkpoint
    27-12-2013 23:47:47 System Checkpoint
    29-12-2013 00:01:50 System Checkpoint
    30-12-2013 00:48:57 System Checkpoint
    31-12-2013 01:18:04 System Checkpoint
    01-01-2014 06:24:02 System Checkpoint

    ==================== Hosts content: ==========================

    2003-03-31 07:00 - 2013-12-04 16:13 - 00000024 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    12.151.201.180 tup-dc1

    ==================== Scheduled Tasks (whitelisted) =============

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2009-04-07 04:32 - 2009-04-07 04:32 - 00022723 _____ () C:\WINDOWS\system32\cl31cl3.dll
    2012-12-11 23:11 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2013-12-01 22:16 - 2013-12-01 22:16 - 00025600 _____ () C:\Documents and Settings\Linda\Local Settings\Application Data\Inpgsoft\normalPaddlg.dll
    2009-11-17 12:08 - 2009-11-17 12:08 - 00197424 _____ () C:\WINDOWS\system32\vpnapi.dll

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""

    ==================== Faulty Device Manager Devices =============

    Name: Intel(R) PRO/Wireless 3945ABG Network Connection
    Description: Intel(R) PRO/Wireless 3945ABG Network Connection
    Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Manufacturer: Intel Corporation
    Service: NETw4x32
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: MoGo_Mouse_BT _
    Description: MoGo_Mouse_BT _
    Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name:
    Description:
    Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: DesignJet 800PS (C7780C)
    Description: DesignJet 800PS (C7780C)
    Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Manufacturer: Hewlett-Packard
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Cisco Systems VPN Adapter
    Description: Cisco Systems VPN Adapter
    Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Manufacturer: Cisco Systems
    Service: CVirtA
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/31/2013 10:44:03 PM) (Source: Windows Search Service) (User: )
    Description: The application cannot be initialized.

    Context: Windows Application


    Details:
    The content index metadata cannot be read. (0xc0041801)

    Error: (12/31/2013 10:44:03 PM) (Source: Windows Search Service) (User: )
    Description: The gatherer object cannot be initialized.

    Context: Windows Application, SystemIndex Catalog


    Details:
    The content index metadata cannot be read. (0xc0041801)

    Error: (12/31/2013 10:44:03 PM) (Source: Windows Search Service) (User: )
    Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog


    Details:
    Element not found. (0x80070490)

    Error: (12/31/2013 10:43:58 PM) (Source: Windows Search Service) (User: )
    Description: The plug-in in <Search.JetPropStore> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog


    Details:
    The content index metadata cannot be read. (0xc0041801)

    Error: (12/31/2013 10:43:58 PM) (Source: Windows Search Service) (User: )
    Description: The Windows Search Service cannot load the property store information.

    Context: Windows Application, SystemIndex Catalog


    Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. )

    Error: (12/31/2013 10:43:56 PM) (Source: Windows Search Service) (User: )
    Description: The Windows Search Service cannot open the Jet property store.


    Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. )

    Error: (12/31/2013 09:35:22 PM) (Source: Application Error) (User: )
    Description: Faulting application updateoutobox.exe, version 1.0.5060.34698, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x00012fd3.
    Processing media-specific event for [updateoutobox.exe!ws!]

    Error: (12/31/2013 09:17:32 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007041d.

    Error: (12/31/2013 09:16:59 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007041d.

    Error: (12/31/2013 09:16:21 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007041d.


    System errors:
    =============
    Error: (01/01/2014 02:58:02 PM) (Source: 0) (User: )
    Description: \Device\Ide\IdePort0

    Error: (01/01/2014 02:55:18 PM) (Source: 0) (User: )
    Description: \Device\Ide\IdePort0

    Error: (01/01/2014 02:54:37 PM) (Source: 0) (User: )
    Description: \Device\Ide\IdePort0

    Error: (01/01/2014 02:54:25 PM) (Source: 0) (User: )
    Description: \Device\Ide\IdePort0

    Error: (01/01/2014 02:52:38 PM) (Source: 0) (User: )
    Description: \Device\Ide\IdePort0

    Error: (01/01/2014 02:44:50 PM) (Source: 0) (User: )
    Description: \Device\Ide\IdePort0

    Error: (01/01/2014 02:40:28 PM) (Source: 0) (User: )
    Description: \Device\Ide\IdePort0

    Error: (01/01/2014 02:39:46 PM) (Source: 0) (User: )
    Description: \Device\Ide\IdePort0

    Error: (01/01/2014 02:33:44 PM) (Source: 0) (User: )
    Description: \Device\Ide\IdePort0

    Error: (01/01/2014 02:32:51 PM) (Source: 0) (User: )
    Description: \Device\Ide\IdePort0


    Microsoft Office Sessions:
    =========================
    Error: (12/31/2013 10:44:03 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application


    Details:
    The content index metadata cannot be read. (0xc0041801)

    Error: (12/31/2013 10:44:03 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application, SystemIndex Catalog


    Details:
    The content index metadata cannot be read. (0xc0041801)

    Error: (12/31/2013 10:44:03 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application, SystemIndex Catalog


    Details:
    Element not found. (0x80070490)
    Search.TripoliIndexer

    Error: (12/31/2013 10:43:58 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application, SystemIndex Catalog


    Details:
    The content index metadata cannot be read. (0xc0041801)
    Search.JetPropStore

    Error: (12/31/2013 10:43:58 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application, SystemIndex Catalog


    Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. )

    Error: (12/31/2013 10:43:56 PM) (Source: Windows Search Service)(User: )
    Description:
    Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. )

    Error: (12/31/2013 09:35:22 PM) (Source: Application Error)(User: )
    Description: updateoutobox.exe1.0.5060.34698kernel32.dll5.1.2600.629300012fd3

    Error: (12/31/2013 09:17:32 PM) (Source: VSS)(User: )
    Description: CoCreateInstance0x8007041d

    Error: (12/31/2013 09:16:59 PM) (Source: VSS)(User: )
    Description: CoCreateInstance0x8007041d

    Error: (12/31/2013 09:16:21 PM) (Source: VSS)(User: )
    Description: CoCreateInstance0x8007041d


    ==================== Memory info ===========================

    Percentage of memory in use: 29%
    Total physical RAM: 3455.25 MB
    Available physical RAM: 2445.53 MB
    Total Pagefile: 5336.83 MB
    Available Pagefile: 4231.25 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1943.75 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:30 GB) (Free:3.72 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive d: (Data) (Fixed) (Total:44.52 GB) (Free:25.73 GB) NTFS
    Drive e: (Erie) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
    Drive f: () (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 8AB18AB1)
    Partition 1: (Active) - (Size=30 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=45 GB) - (Type=OF Extended)

    ========================================================
    Disk: 1 (Size: 62 MB) (Disk ID: 00000000)
    Partition 1: (Active) - (Size=62 MB) - (Type=06)

    ==================== End Of Log ============================
     
  10. Broni

    Broni Malware Annihilator Posts: 48,004   +271

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    IMPORTANT! Restart computer.

    Re-run FRST "Scan" one more time and post fresh log.
     

    Attached Files:

  11. Linda R

    Linda R TS Rookie Topic Starter Posts: 36

    The computer is starting to respond a little better, but when I rebooted before doing the scan, it still took it 15 minutes or so to boot back up. Here is the fixlog:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-01-2014
    Ran by Linda at 2014-01-01 19:06:23 Run:1
    Running from F:\
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    HKLM\...\Run: [Eqovfeaxysavi] - "C:\Documents and Settings\Linda\Application Data\Pabiwex\ykrosi.exe"
    HKLM\...\Run: [Oltanye] - "C:\Documents and Settings\Linda\Application Data\Lyukud\raikebo.exe"
    HKLM\...\Run: [Noekyp] - "C:\Documents and Settings\Linda\Application Data\Ocorypi\kooxhel.exe"
    HKLM\...\Run: [Oqyzlupeyndiq] - "C:\Documents and Settings\Linda\Application Data\Saecegyb\syniix.exe"
    HKLM\...\Run: [Urhyow] - "C:\Documents and Settings\Linda\Application Data\Unosehul\zedeamu.exe"
    HKLM\...\Run: [Ekpozuamyx] - "C:\Documents and Settings\Linda\Application Data\Sesalisi\gautedo.exe"
    HKLM\...\Run: [Vaibmiuto] - "C:\Documents and Settings\Linda\Application Data\Ipiqrioc\kyhub.exe"
    HKLM\...\Run: [Wibuu] - "C:\Documents and Settings\Linda\Application Data\Leiber\ruzeiny.exe"
    HKLM\...\Run: [Nyehfydiemsopuw] - "C:\Documents and Settings\Linda\Application Data\Esefibv\bazuesi.exe"
    HKLM\...\Run: [Diwalyevvoo] - "C:\Documents and Settings\Linda\Application Data\Duuvqet\uxsuk.exe"
    HKLM\...\Run: [Ykoqkyhezu] - "C:\Documents and Settings\Linda\Application Data\Exruhac\vyrado.exe"
    HKLM\...\Run: [Iwopukqe] - "C:\Documents and Settings\Linda\Application Data\Amfogaov\ewlipei.exe"
    HKLM\...\Run: [Isiqtefeu] - "C:\Documents and Settings\Linda\Application Data\Diriacq\vyokeg.exe"
    HKLM\...\Run: [Zowyguefobunn] - "C:\Documents and Settings\Linda\Application Data\Ihuvor\ryolu.exe"
    HKLM\...\Run: [Qyupi] - "C:\Documents and Settings\Linda\Application Data\Seibup\ucepa.exe"
    HKLM\...\Run: [Tauvu] - "C:\Documents and Settings\Linda\Application Data\Piaryk\biaqlak.exe"
    HKLM\...\Run: [Vaokgeozqoo] - "C:\Documents and Settings\Linda\Application Data\Asawpate\usyvy.exe"
    HKLM\...\Run: [Efneoqol] - "C:\Documents and Settings\Linda\Application Data\Huywypm\enegob.exe"
    HKLM\...\Run: [Bedot] - "C:\Documents and Settings\Linda\Application Data\Soluhi\fekaev.exe"
    HKLM\...\Run: [Yvsiagsiuxeccy] - "C:\Documents and Settings\Linda\Application Data\Pyexfudu\mesyuv.exe"
    HKLM\...\Run: [Beykbiagokekocb] - "C:\Documents and Settings\Linda\Application Data\Coyhut\gucisom.exe"
    HKLM\...\Run: [Vaizitysutzy] - "C:\Documents and Settings\Linda\Application Data\Fuoccai\wizinoy.exe"
    HKLM\...\Run: [Mitelugub] - "C:\Documents and Settings\Linda\Application Data\Coreebaf\geyqp.exe"
    HKLM\...\Run: [Ovokiqomaru] - "C:\Documents and Settings\Linda\Application Data\Ynedve\mefici.exe"
    HKLM\...\Run: [Owumruyp] - "C:\Documents and Settings\Linda\Application Data\Maryag\woisy.exe"
    HKLM\...\Run: [Kaagxi] - "C:\Documents and Settings\Linda\Application Data\Ubifcuol\rainin.exe"
    HKLM\...\Run: [Futikyegrai] - "C:\Documents and Settings\Linda\Application Data\Suvakir\fobeagm.exe"
    HKLM\...\Run: [Afunatpiabi] - "C:\Documents and Settings\Linda\Application Data\Usegyfw\onepz.exe"
    HKLM\...\Run: [Yqnakyewquneeps] - "C:\Documents and Settings\Linda\Application Data\Lumyza\duleqi.exe"
    HKLM\...\Run: [Azbuafq] - "C:\Documents and Settings\Linda\Application Data\Cuxyxuwu\iwhipa.exe"
    HKLM\...\Run: [Uxufiva] - "C:\Documents and Settings\Linda\Application Data\Puzaadu\opzoom.exe"
    HKLM\...\Run: [Ugocibr] - "C:\Documents and Settings\Linda\Application Data\Riigakk\ipquyg.exe"
    HKLM\...\Run: [Didaisy] - "C:\Documents and Settings\Linda\Application Data\Ohhaylk\encey.exe"
    HKLM\...\Run: [Luhooga] - "C:\Documents and Settings\Linda\Application Data\Zaxoneo\anpimui.exe"
    HKLM\...\Run: [Pigiixzu] - "C:\Documents and Settings\Linda\Application Data\Wiydhaca\eqini.exe"
    HKLM\...\Run: [Yxipud] - "C:\Documents and Settings\Linda\Application Data\Heovrex\ozmyy.exe"
    HKLM\...\Run: [Keimowvio] - "C:\Documents and Settings\Linda\Application Data\Dibuegfy\muymk.exe"
    HKLM\...\Run: [Itbyfuafaxecy] - "C:\Documents and Settings\Linda\Application Data\Ecivwity\byvigo.exe"
    HKLM\...\Run: [Ofolixylrode] - "C:\Documents and Settings\Linda\Application Data\Yqydkui\wyesoq.exe"
    HKLM\...\Run: [Voecvitocahe] - "C:\Documents and Settings\Linda\Application Data\Naheav\ilrol.exe"
    HKLM\...\Run: [Liiqniceys] - "C:\Documents and Settings\Linda\Application Data\Esbudu\muifeg.exe"
    HKLM\...\Run: [Asonukcivovi] - "C:\Documents and Settings\Linda\Application Data\Kutiqoka\vayfeve.exe"
    HKLM\...\Run: [Riixsaoku] - "C:\Documents and Settings\Linda\Application Data\Cyziudv\amame.exe"
    HKLM\...\Run: [Agedynyrohhato] - "C:\Documents and Settings\Linda\Application Data\Idxoeges\ranuapx.exe"
    HKLM\...\Run: [Esahorfiybzyc] - "C:\Documents and Settings\Linda\Application Data\Feywohaw\igxuafu.exe"
    HKLM\...\Run: [Suidmit] - "C:\Documents and Settings\Linda\Application Data\Tyyfepaq\epowu.exe"
    HKLM\...\Run: [Suetexetqoi] - "C:\Documents and Settings\Linda\Application Data\Beebyrl\igywru.exe"
    HKLM\...\Run: [Uryfcuednakea] - "C:\Documents and Settings\Linda\Application Data\Myuffiy\usyqn.exe"
    HKLM\...\Run: [Pixuumi] - "C:\Documents and Settings\Linda\Application Data\Elaphif\kenou.exe"
    HKLM\...\Run: [Ikdivesa] - "C:\Documents and Settings\Linda\Application Data\Yzynul\likavi.exe"
    HKLM\...\Run: [Ulwoweg] - "C:\Documents and Settings\Linda\Application Data\Ocubysc\naupx.exe"
    HKLM\...\Run: [Inhovuugkiib] - "C:\Documents and Settings\Linda\Application Data\Opityh\akuml.exe"
    HKLM\...\Run: [Pyfavyycakce] - "C:\Documents and Settings\Linda\Application Data\Xysayqod\oknoka.exe"
    HKLM\...\Run: [Qicegoq] - "C:\Documents and Settings\Linda\Application Data\Xisynu\okfuul.exe"
    HKLM\...\Run: [Ulawdu] - "C:\Documents and Settings\Linda\Application Data\Cuzeroro\deypek.exe"
    HKLM\...\Run: [Nutewyebav] - "C:\Documents and Settings\Linda\Application Data\Ufhada\ydydda.exe"
    HKLM\...\Run: [Xanahyeno] - "C:\Documents and Settings\Linda\Application Data\Axumyn\cotiubl.exe"
    HKLM\...\Run: [Ylnuguco] - "C:\Documents and Settings\Linda\Application Data\Omduiklo\icumduo.exe"
    HKLM\...\Run: [Wytoyp] - "C:\Documents and Settings\Linda\Application Data\Kyemyd\gyaduvi.exe"
    HKLM\...\Run: [Wiomsefarioxx] - "C:\Documents and Settings\Linda\Application Data\Ywcuum\kirite.exe"
    HKLM\...\Run: [Zoybiceqxyra] - "C:\Documents and Settings\Linda\Application Data\Cofuhyxi\olver.exe"
    HKLM\...\Run: [Zuniomxoda] - "C:\Documents and Settings\Linda\Application Data\Zyypop\adtate.exe"
    HKLM\...\Run: [Muofwavuanogyha] - "C:\Documents and Settings\Linda\Application Data\Kipoxai\osufe.exe"
    HKLM\...\Run: [Doteohobehleb] - "C:\Documents and Settings\Linda\Application Data\Evamiw\ytkudi.exe"
    HKLM\...\Run: [Umruitota] - "C:\Documents and Settings\Linda\Application Data\Cuaxro\qoseu.exe"
    HKLM\...\Run: [Pyxaledibovukup] - "C:\Documents and Settings\Linda\Application Data\Leroxo\pautod.exe"
    HKLM\...\Run: [Rypicagiakogheg] - "C:\Documents and Settings\Linda\Application Data\Hiuntot\cemybub.exe"
    HKLM\...\Run: [Uxednaofhaec] - "C:\Documents and Settings\Linda\Application Data\Myikrivu\qimyyd.exe"
    HKLM\...\Run: [Enbocoeh] - "C:\Documents and Settings\Linda\Application Data\Opiffao\zealod.exe"
    C:\Documents and Settings\Linda\Application Data\Ubifcuol
    C:\Documents and Settings\Linda\Application Data\Maryag
    C:\Documents and Settings\Linda\Application Data\Ynedve
    C:\Documents and Settings\Linda\Application Data\Coreebaf
    C:\Documents and Settings\Linda\Application Data\Fuoccai
    C:\Documents and Settings\Linda\Application Data\Coyhut
    C:\Documents and Settings\Linda\Application Data\Pyexfudu
    C:\Documents and Settings\Linda\Application Data\Soluhi
    C:\Documents and Settings\Linda\Application Data\Huywypm
    C:\Documents and Settings\Linda\Application Data\Asawpate
    C:\Documents and Settings\Linda\Application Data\Piaryk
    C:\Documents and Settings\Linda\Application Data\Seibup
    C:\Documents and Settings\Linda\Application Data\Ihuvor
    C:\Documents and Settings\Linda\Application Data\Diriacq
    C:\Documents and Settings\Linda\Application Data\Amfogaov
    C:\Documents and Settings\Linda\Application Data\Exruhac
    C:\Documents and Settings\Linda\Application Data\Duuvqet
    C:\Documents and Settings\Linda\Application Data\Esefibv
    C:\Documents and Settings\Linda\Application Data\Leiber
    C:\Documents and Settings\Linda\Application Data\Ipiqrioc
    C:\Documents and Settings\Linda\Application Data\Sesalisi
    C:\Documents and Settings\Linda\Application Data\Unosehul
    C:\Documents and Settings\Linda\Application Data\Saecegyb
    C:\Documents and Settings\Linda\Application Data\Ocorypi
    C:\Documents and Settings\Linda\Application Data\Lyukud
    C:\Documents and Settings\Linda\Application Data\Pabiwex
    C:\Documents and Settings\Linda\Application Data\Tyyfepaq
    C:\Documents and Settings\Linda\Application Data\Feywohaw
    C:\Documents and Settings\Linda\Application Data\Idxoeges
    C:\Documents and Settings\Linda\Application Data\Cyziudv
    C:\Documents and Settings\Linda\Application Data\Kutiqoka
    C:\Documents and Settings\Linda\Application Data\Esbudu
    C:\Documents and Settings\Linda\Application Data\Naheav
    C:\Documents and Settings\Linda\Application Data\Yqydkui
    C:\Documents and Settings\Linda\Application Data\Ecivwity
    C:\Documents and Settings\Linda\Application Data\Dibuegfy
    C:\Documents and Settings\Linda\Application Data\Heovrex
    C:\Documents and Settings\Linda\Application Data\Wiydhaca
    C:\Documents and Settings\Linda\Application Data\Zaxoneo
    C:\Documents and Settings\Linda\Application Data\Ohhaylk
    C:\Documents and Settings\Linda\Application Data\Riigakk
    C:\Documents and Settings\Linda\Application Data\Puzaadu
    C:\Documents and Settings\Linda\Application Data\Cuxyxuwu
    C:\Documents and Settings\Linda\Application Data\Lumyza
    C:\Documents and Settings\Linda\Application Data\Usegyfw
    C:\Documents and Settings\Linda\Application Data\Suvakir
    C:\Documents and Settings\Linda\Application Data\Opiffao
    C:\Documents and Settings\Linda\Application Data\Myikrivu
    C:\Documents and Settings\Linda\Application Data\Hiuntot
    C:\Documents and Settings\Linda\Application Data\Leroxo
    C:\Documents and Settings\Linda\Application Data\Cuaxro
    C:\Documents and Settings\Linda\Application Data\Evamiw
    C:\Documents and Settings\Linda\Application Data\Kipoxai
    C:\Documents and Settings\Linda\Application Data\Zyypop
    C:\Documents and Settings\Linda\Application Data\Cofuhyxi
    C:\Documents and Settings\Linda\Application Data\Ywcuum
    C:\Documents and Settings\Linda\Application Data\Kyemyd
    C:\Documents and Settings\Linda\Application Data\Omduiklo
    C:\Documents and Settings\Linda\Application Data\Axumyn
    C:\Documents and Settings\Linda\Application Data\Ufhada
    C:\Documents and Settings\Linda\Application Data\Cuzeroro
    C:\Documents and Settings\Linda\Application Data\Xisynu
    C:\Documents and Settings\Linda\Application Data\Xysayqod
    C:\Documents and Settings\Linda\Application Data\Opityh
    C:\Documents and Settings\Linda\Application Data\Ocubysc
    C:\Documents and Settings\Linda\Application Data\Yzynul
    C:\Documents and Settings\Linda\Application Data\Elaphif
    C:\Documents and Settings\Linda\Application Data\Myuffiy
    C:\Documents and Settings\Linda\Application Data\Beebyrl
    HKCU\...\Run: [Inpgsoft] - regsvr32.exe "C:\Documents and Settings\Linda\Local Settings\Application Data\Inpgsoft\normalPaddlg.dll" <===== ATTENTION
    HKCU\...\Run: [Eqovfeaxysavi] - "C:\Documents and Settings\Linda\Application Data\Pabiwex\ykrosi.exe"
    HKCU\...\Run: [Oqyzlupeyndiq] - "C:\Documents and Settings\Linda\Application Data\Saecegyb\syniix.exe"
    HKCU\...\Run: [Oltanye] - "C:\Documents and Settings\Linda\Application Data\Lyukud\raikebo.exe"
    HKCU\...\Run: [Ekpozuamyx] - "C:\Documents and Settings\Linda\Application Data\Sesalisi\gautedo.exe"
    MountPoints2: {04d20c00-4d7b-11e3-ac40-444553544200} - F:\VZW_Software_upgrade_assistant_installer.exe
    MountPoints2: {3eb75dba-5419-11e2-ac0c-001a6b2a37c3} - F:\TLBootstrap_WPP.exe
    MountPoints2: {41f4f08e-323e-11e2-abfe-001a6b2a37c3} - "F:\WD SmartWare.exe" autoplay=true
    C:\Documents and Settings\Linda\Application Data\Sesalisi
    C:\Documents and Settings\Linda\Application Data\Lyukud
    C:\Documents and Settings\Linda\Application Data\Saecegyb
    C:\Documents and Settings\Linda\Application Data\Pabiwex
    C:\Documents and Settings\Linda\Local Settings\Application Data\Inpgsoft
    2013-12-31 17:06 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Opityh
    2013-12-31 17:06 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Elaphif
    2013-12-31 17:04 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Emreikit
    2013-12-31 17:04 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ocubysc
    2013-12-31 17:03 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ixfiam
    2013-12-31 17:03 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ywcuum
    2013-12-31 17:02 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Kyemyd
    2013-12-31 17:01 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Zyypop
    2013-12-31 17:01 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cofuhyxi
    2013-12-31 17:00 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Abpyitut
    2013-12-31 16:59 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cuzeroro
    2013-12-31 16:58 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Yzynul
    2013-12-31 16:58 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Tyyfepaq
    2013-12-31 16:57 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ipumeddu
    2013-12-31 16:56 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Udawzow
    2013-12-31 16:56 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cuaxro
    2013-12-31 16:55 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Taytgek
    2013-12-31 16:54 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Kipoxai
    2013-12-31 16:54 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Beebyrl
    2013-12-31 16:53 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Logahi
    2013-12-31 16:52 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Waguku
    2013-12-31 16:52 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Evamiw
    2013-12-31 16:51 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ufhada
    2013-12-31 16:51 - 2013-12-31 16:51 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ygviiryd
    2013-12-31 16:50 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Maalep
    2013-12-31 16:50 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Hyziexap
    2013-12-31 16:49 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Leroxo
    2013-12-31 16:48 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Opiffao
    2013-12-31 16:47 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Yqyfpal
    2013-12-31 16:47 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Folyce
    2013-12-31 16:46 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Xisynu
    2013-12-31 16:45 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Huziov
    2013-12-31 16:45 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Hiuntot
    2013-12-31 16:44 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Myuffiy
    2013-12-31 16:43 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Unixkypu
    2013-12-31 16:43 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Axumyn
    2013-12-31 16:42 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Xysayqod
    2013-12-31 16:41 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Omduiklo
    2013-12-31 16:41 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Myikrivu
    2013-12-31 16:40 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Feywohaw
    2013-12-31 16:39 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Idxoeges
    2013-12-31 16:38 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Kutiqoka
    2013-12-31 16:38 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cyziudv
    2013-12-31 16:37 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Esbudu
    2013-12-31 16:36 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Yqydkui
    2013-12-31 16:36 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Naheav
    2013-12-31 16:35 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ecivwity
    2013-12-31 16:34 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Heovrex
    2013-12-31 16:34 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Dibuegfy
    2013-12-31 16:33 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Wiydhaca
    2013-12-31 16:32 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Zaxoneo
    2013-12-31 16:31 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Riigakk
    2013-12-31 16:31 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ohhaylk
    2013-12-31 16:30 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Puzaadu
    2013-12-31 16:29 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cuxyxuwu
    2013-12-31 16:28 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Usegyfw
    2013-12-31 16:28 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Lumyza
    2013-12-31 16:27 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Suvakir
    2013-12-31 16:26 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ubifcuol
    2013-12-31 16:25 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ynedve
    2013-12-31 16:25 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Maryag
    2013-12-31 16:24 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Coreebaf
    2013-12-31 16:23 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Fuoccai
    2013-12-31 16:22 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Pyexfudu
    2013-12-31 16:22 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Coyhut
    2013-12-31 16:21 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Soluhi
    2013-12-31 16:20 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Huywypm
    2013-12-31 16:19 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Piaryk
    2013-12-31 16:19 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Asawpate
    2013-12-31 16:18 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Seibup
    2013-12-31 16:17 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ihuvor
    2013-12-31 16:17 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Diriacq
    2013-12-31 16:16 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Amfogaov
    2013-12-31 16:15 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Exruhac
    2013-12-31 16:14 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Esefibv
    2013-12-31 16:14 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Duuvqet
    2013-12-31 16:13 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Leiber
    2013-12-31 16:12 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Sesalisi
    2013-12-31 16:12 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ipiqrioc
    2013-12-31 16:11 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Unosehul
    2013-12-31 16:10 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Saecegyb
    2013-12-31 16:09 - 2014-01-01 16:07 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Vaqiusl
    2013-12-31 16:09 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ocorypi
    2013-12-31 16:08 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Lyukud
    2013-12-31 16:07 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Pabiwex
    C:\Documents and Settings\Linda\gotomypc_540.exe
    C:\Documents and Settings\Linda\Local Settings\Temp\6_Offer_16.exe
    C:\Documents and Settings\Linda\Local Settings\Temp\avgnt.exe

    *****************

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eqovfeaxysavi => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Oltanye => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Noekyp => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Oqyzlupeyndiq => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Urhyow => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ekpozuamyx => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Vaibmiuto => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Wibuu => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Nyehfydiemsopuw => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Diwalyevvoo => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ykoqkyhezu => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Iwopukqe => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Isiqtefeu => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Zowyguefobunn => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Qyupi => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Tauvu => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Vaokgeozqoo => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Efneoqol => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Bedot => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Yvsiagsiuxeccy => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Beykbiagokekocb => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Vaizitysutzy => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Mitelugub => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ovokiqomaru => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Owumruyp => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Kaagxi => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Futikyegrai => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Afunatpiabi => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Yqnakyewquneeps => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Azbuafq => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Uxufiva => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ugocibr => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Didaisy => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Luhooga => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Pigiixzu => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Yxipud => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Keimowvio => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Itbyfuafaxecy => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ofolixylrode => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Voecvitocahe => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Liiqniceys => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Asonukcivovi => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Riixsaoku => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Agedynyrohhato => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Esahorfiybzyc => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Suidmit => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Suetexetqoi => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Uryfcuednakea => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Pixuumi => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ikdivesa => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ulwoweg => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Inhovuugkiib => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Pyfavyycakce => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Qicegoq => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ulawdu => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Nutewyebav => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Xanahyeno => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ylnuguco => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Wytoyp => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Wiomsefarioxx => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Zoybiceqxyra => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Zuniomxoda => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Muofwavuanogyha => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Doteohobehleb => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Umruitota => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Pyxaledibovukup => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Rypicagiakogheg => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Uxednaofhaec => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Enbocoeh => Value deleted successfully.
    C:\Documents and Settings\Linda\Application Data\Ubifcuol => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Maryag => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Ynedve => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Coreebaf => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Fuoccai => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Coyhut => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Pyexfudu => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Soluhi => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Huywypm => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Asawpate => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Piaryk => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Seibup => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Ihuvor => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Diriacq => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Amfogaov => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Exruhac => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Duuvqet => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Esefibv => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Leiber => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Ipiqrioc => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Sesalisi => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Unosehul => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Saecegyb => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Ocorypi => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Lyukud => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Pabiwex => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Tyyfepaq => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Feywohaw => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Idxoeges => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Cyziudv => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Kutiqoka => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Esbudu => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Naheav => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Yqydkui => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Ecivwity => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Dibuegfy => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Heovrex => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Wiydhaca => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Zaxoneo => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Ohhaylk => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Riigakk => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Puzaadu => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Cuxyxuwu => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Lumyza => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Usegyfw => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Suvakir => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Opiffao => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Myikrivu => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Hiuntot => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Leroxo => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Cuaxro => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Evamiw => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Kipoxai => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Zyypop => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Cofuhyxi => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Ywcuum => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Kyemyd => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Omduiklo => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Axumyn => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Ufhada => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Cuzeroro => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Xisynu => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Xysayqod => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Opityh => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Ocubysc => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Yzynul => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Elaphif => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Myuffiy => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Beebyrl => Moved successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Inpgsoft => Value deleted successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Eqovfeaxysavi => Value deleted successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Oqyzlupeyndiq => Value deleted successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Oltanye => Value deleted successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Ekpozuamyx => Value deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04d20c00-4d7b-11e3-ac40-444553544200} => Key deleted successfully.
    HKCR\CLSID\{04d20c00-4d7b-11e3-ac40-444553544200} => Key not found.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3eb75dba-5419-11e2-ac0c-001a6b2a37c3} => Key deleted successfully.
    HKCR\CLSID\{3eb75dba-5419-11e2-ac0c-001a6b2a37c3} => Key not found.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41f4f08e-323e-11e2-abfe-001a6b2a37c3} => Key deleted successfully.
    HKCR\CLSID\{41f4f08e-323e-11e2-abfe-001a6b2a37c3} => Key not found.
    "C:\Documents and Settings\Linda\Application Data\Sesalisi" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Lyukud" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Saecegyb" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Pabiwex" => File/Directory not found.
    C:\Documents and Settings\Linda\Local Settings\Application Data\Inpgsoft => Moved successfully.
    "C:\Documents and Settings\Linda\Application Data\Opityh" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Elaphif" => File/Directory not found.
    C:\Documents and Settings\Linda\Application Data\Emreikit => Moved successfully.
    "C:\Documents and Settings\Linda\Application Data\Ocubysc" => File/Directory not found.
    C:\Documents and Settings\Linda\Application Data\Ixfiam => Moved successfully.
    "C:\Documents and Settings\Linda\Application Data\Ywcuum" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Kyemyd" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Zyypop" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Cofuhyxi" => File/Directory not found.
    C:\Documents and Settings\Linda\Application Data\Abpyitut => Moved successfully.
    "C:\Documents and Settings\Linda\Application Data\Cuzeroro" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Yzynul" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Tyyfepaq" => File/Directory not found.
    C:\Documents and Settings\Linda\Application Data\Ipumeddu => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Udawzow => Moved successfully.
    "C:\Documents and Settings\Linda\Application Data\Cuaxro" => File/Directory not found.
    C:\Documents and Settings\Linda\Application Data\Taytgek => Moved successfully.
    "C:\Documents and Settings\Linda\Application Data\Kipoxai" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Beebyrl" => File/Directory not found.
    C:\Documents and Settings\Linda\Application Data\Logahi => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Waguku => Moved successfully.
    "C:\Documents and Settings\Linda\Application Data\Evamiw" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Ufhada" => File/Directory not found.
    C:\Documents and Settings\Linda\Application Data\Ygviiryd => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Maalep => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Hyziexap => Moved successfully.
    "C:\Documents and Settings\Linda\Application Data\Leroxo" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Opiffao" => File/Directory not found.
    C:\Documents and Settings\Linda\Application Data\Yqyfpal => Moved successfully.
    C:\Documents and Settings\Linda\Application Data\Folyce => Moved successfully.
    "C:\Documents and Settings\Linda\Application Data\Xisynu" => File/Directory not found.
    C:\Documents and Settings\Linda\Application Data\Huziov => Moved successfully.
    "C:\Documents and Settings\Linda\Application Data\Hiuntot" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Myuffiy" => File/Directory not found.
    C:\Documents and Settings\Linda\Application Data\Unixkypu => Moved successfully.
    "C:\Documents and Settings\Linda\Application Data\Axumyn" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Xysayqod" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Omduiklo" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Myikrivu" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Feywohaw" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Idxoeges" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Kutiqoka" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Cyziudv" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Esbudu" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Yqydkui" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Naheav" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Ecivwity" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Heovrex" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Dibuegfy" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Wiydhaca" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Zaxoneo" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Riigakk" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Ohhaylk" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Puzaadu" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Cuxyxuwu" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Usegyfw" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Lumyza" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Suvakir" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Ubifcuol" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Ynedve" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Maryag" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Coreebaf" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Fuoccai" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Pyexfudu" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Coyhut" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Soluhi" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Huywypm" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Piaryk" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Asawpate" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Seibup" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Ihuvor" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Diriacq" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Amfogaov" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Exruhac" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Esefibv" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Duuvqet" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Leiber" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Sesalisi" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Ipiqrioc" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Unosehul" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Saecegyb" => File/Directory not found.
    C:\Documents and Settings\Linda\Application Data\Vaqiusl => Moved successfully.
    "C:\Documents and Settings\Linda\Application Data\Ocorypi" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Lyukud" => File/Directory not found.
    "C:\Documents and Settings\Linda\Application Data\Pabiwex" => File/Directory not found.
    C:\Documents and Settings\Linda\gotomypc_540.exe => Moved successfully.
    C:\Documents and Settings\Linda\Local Settings\Temp\6_Offer_16.exe => Moved successfully.
    C:\Documents and Settings\Linda\Local Settings\Temp\avgnt.exe => Moved successfully.

    ==== End of Fixlog ====
     
     
  12. Linda R

    Linda R TS Rookie Topic Starter Posts: 36

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2014
    Ran by Linda (administrator) on WELLSCO-LAPPY on 01-01-2014 19:20:15
    Running from F:\
    Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal

    ==================== Processes (Whitelisted) ===================

    (Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
    (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    (Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    (Cisco Systems, Inc.) D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
    (Hewlett-Packard Corporation) C:\WINDOWS\system32\accelerometerST.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    (Gordoware) C:\Program Files\gordoware\connectto.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2007-11-20] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [AccelerometerSysTrayApplet] - C:\WINDOWS\system32\accelerometerST.exe [53248 2006-01-16] (Hewlett-Packard Corporation)
    HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1028096 2008-01-18] (Synaptics, Inc.)
    HKLM\...\Run: [PTHOSTTR] - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe [145184 2007-01-09] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
    Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
    HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-04-17] (Google Inc.)
    MountPoints2: {c6947131-7328-11e3-ac5b-444553544200} - "F:\WD SmartWare.exe" autoplay=true
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\checkmaps.lnk
    ShortcutTarget: checkmaps.lnk -> C:\Program Files\gordoware\checkmaps.exe ()
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\connectto.lnk
    ShortcutTarget: connectto.lnk -> C:\Program Files\gordoware\connectto.exe (Gordoware)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    URLSearchHook: HKCU - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
    SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.tb.ask.com/search/GGm...n=77fdc98f&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKCU - {07871812-1823-4118-B7A8-B2C956AC8742} URL = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir
    SearchScopes: HKCU - {8CC45221-51CE-4DD1-8F4A-822235DB4D63} URL = http://www.amazon.com/gp/search?ie=...amp=1789&creative=9325&keywords={searchTerms}
    SearchScopes: HKCU - {954B9569-E869-4AE5-B2AB-F2700519E569} URL = http://www.walmart.com/catalog/search-ng.gsp?search_constraint=0&search_query={searchTerms}
    SearchScopes: HKCU - {98383ACF-5F17-49F1-91D7-EE480B517CA8} URL = http://www.weather.com/search/enhanced?where={searchTerms}
    SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.tb.ask.com/search/GGm...n=77fdc98f&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKCU - {C2A09D41-25C9-4E60-A52B-BA6068DD941D} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
    SearchScopes: HKCU - {DDD8124F-D233-44C2-A68C-9B432298DA67} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
    BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO: PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
    BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO: Toolbar BHO - {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65bar.dll (Mindspark)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Search Assistant BHO - {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
    Toolbar: HKLM - PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
    Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    Toolbar: HKLM - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65bar.dll (Mindspark)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - FromDocToPDF - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65bar.dll (Mindspark)
    DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289781725609
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
    DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
    DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinner.com/games/v42/tilecity/tilecity.cab
    DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://fhebpsslvpn.verizon.com/dana-cached/sc/JuniperSetupClient.cab
    ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
    Hosts: 12.151.201.180 tup-dc1
    Tcpip\..\Interfaces\{AB3D519C-5373-4FCB-A433-74A7E344E4C9}: [NameServer]166.68.227.10,166.68.195.10

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default
    FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - c:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File
    FF Plugin: @FromDocToPDF_65.com/Plugin - C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (Mindspark)
    FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
    FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @Tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - c:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - c:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
    FF Extension: Status-bar Calculator - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\calculator@cmcculloh
    FF Extension: No Name - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\staged
    FF Extension: DAO.TableDef.120 - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\{36680766-DB0F-2FE2-454F-617C65152C54}
    FF Extension: Myibidder (Myibay) Bid Sniper for eBay - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\firefox1@myibay.com.xpi
    FF Extension: outobox - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\firefox@outobox.net.xpi
    FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
    FF Extension: Tab Mix Plus - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com/
    CHR RestoreOnStartup: "hxxp://www.google.com/"
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll No File
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll No File
    CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
    CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
    CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
    CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
    CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
    CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    CHR Plugin: (PDF-XChange Viewer) - c:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    CHR Extension: (Docs) - C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
    CHR Extension: (Google Drive) - C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
    CHR Extension: (YouTube) - C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
    CHR Extension: (Google Search) - C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
    CHR Extension: (Gmail) - C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
    CHR HKLM\...\Chrome\Extension: [fjpdnoojnohifgekbkmnfbiobhcbedka] - C:\Program Files\outobox\fjpdnoojnohifgekbkmnfbiobhcbedka.crx

    ========================== Services (Whitelisted) =================

    R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660520 2009-09-12] (Acronis)
    R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2326920 2010-11-15] (Acronis)
    R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)
    R2 CVPND; D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528624 2009-11-17] (Cisco Systems, Inc.)
    S3 ExtranetAccess; C:\Program Files\Nortel Networks\Extranet_serv.exe [811008 2007-04-18] (Nortel Networks NA, Inc.)
    S2 FromDocToPDF_65Service; C:\Program Files\FromDocToPDF_65\bar\1.bin\65barsvc.exe [88648 2013-12-09] (COMPANYVERS_NAME)
    R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [162136 2013-02-20] (Juniper Networks, Inc.)
    R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
    S3 OracleClientCache80; C:\orant\BIN\ONRSD80.EXE [95744 1998-06-10] ()
    R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

    ==================== Drivers (Whitelisted) ====================

    R1 ATMDLC; C:\Windows\System32\DRIVERS\atmdlc.sys [40952 2009-08-27] (Attachmate Corporation)
    R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146560 2007-08-28] (AuthenTec, Inc.)
    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-27] (Avira Operations GmbH & Co. KG)
    S3 btaudio; C:\Windows\System32\drivers\btaudio.sys [401664 2006-02-15] (Broadcom Corporation.)
    S3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [30363 2006-02-15] (Broadcom Corporation.)
    R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [1342570 2006-02-15] (Broadcom Corporation.)
    S3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [148168 2006-02-15] (Broadcom Corporation.)
    S3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [44163 2006-02-15] (Broadcom Corporation.)
    S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [57096 2006-02-15] (Broadcom Corporation.)
    S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
    R2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [308859 2009-11-17] (Cisco Systems, Inc.)
    R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
    R3 Eacfilt; C:\Windows\System32\DRIVERS\eacfilt.sys [26137 2007-04-18] (Nortel Networks)
    R3 GTIPCI21; C:\Windows\System32\DRIVERS\gtipci21.sys [88192 2006-09-14] (Texas Instruments)
    R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [211200 2007-10-16] (Conexant Systems, Inc.)
    R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [989312 2007-10-16] (Conexant Systems, Inc.)
    S3 IPSECEXT; C:\Windows\System32\DRIVERS\ipsecw2k.sys [155152 2007-04-18] (Nortel Networks NA, Inc.)
    R3 IPSECSHM; C:\Windows\System32\DRIVERS\ipsecw2k.sys [155152 2007-04-18] (Nortel Networks NA, Inc.)
    R3 JNPRNA; C:\Windows\System32\DRIVERS\jnprna5.sys [446712 2013-01-17] (Juniper Networks, Inc.)
    S4 jnprTdi_730_32781; C:\WINDOWS\system32\Drivers\jnprTdi_730_32781.sys [90456 2013-02-19] (Juniper Networks, Inc.)
    S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [25456 2013-01-17] (Juniper Networks, Inc.)
    R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [36776 2013-01-17] (Juniper Networks, Inc.)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
    S3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2236544 2007-10-31] (Intel Corporation)
    S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys [32408 2009-05-25] (Smith Micro Inc.)
    R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
    R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [902432 2010-11-15] (Acronis)
    S3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)
    S3 dsNcAdpt; system32\DRIVERS\dsNcAdpt.sys [x]
    U1 eabfiltr;
    S4 LMIRfsClientNP; No ImagePath
    U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    S3 UIUSys; System32\DRIVERS\UIUSYS.SYS [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-01-01 16:08 - 2014-01-01 16:08 - 00000000 ____D C:\FRST
    2014-01-01 16:06 - 2014-01-01 16:45 - 00017854 _____ C:\WINDOWS\setupapi.log
    2013-12-31 23:06 - 2014-01-01 13:09 - 00003053 _____ C:\Documents and Settings\Linda\Desktop\attach.txt
    2013-12-31 22:42 - 2014-01-01 19:11 - 00000159 _____ C:\WINDOWS\wiadebug.log
    2013-12-31 22:42 - 2014-01-01 19:11 - 00000048 _____ C:\WINDOWS\wiaservc.log
    2013-12-31 22:42 - 2013-12-31 22:42 - 00000000 ____N C:\WINDOWS\Sti_Trace.log
    2013-12-31 17:26 - 2013-12-31 17:26 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Malwarebytes
    2013-12-31 17:25 - 2013-12-31 17:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2013-12-31 17:25 - 2013-12-31 17:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    2013-12-31 17:25 - 2013-12-31 17:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2013-12-31 17:25 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2013-12-31 14:25 - 2014-01-01 14:26 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
    2013-12-11 21:38 - 2013-12-11 21:38 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    2013-12-11 21:38 - 2013-12-11 21:38 - 00000000 ____D C:\Program Files\CCleaner
    2013-12-11 21:38 - 2013-12-11 21:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
    2013-12-09 11:15 - 2013-12-09 11:15 - 00000000 ____D C:\Documents and Settings\Linda\Local Settings\Application Data\IAC
    2013-12-09 11:15 - 2013-12-09 11:15 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\FromDocToPDF_65
    2013-12-09 11:14 - 2013-12-09 11:14 - 00000000 ____D C:\Program Files\FromDocToPDF_65
    2013-12-04 13:57 - 2013-12-04 13:57 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Inpgsoft
    2013-12-03 16:39 - 2013-12-03 16:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Inpgsoft

    ==================== One Month Modified Files and Folders =======

    2014-01-01 19:19 - 2010-11-14 19:42 - 01892280 _____ C:\WINDOWS\WindowsUpdate.log
    2014-01-01 19:17 - 2013-04-17 10:40 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-01-01 19:16 - 2003-03-31 07:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
    2014-01-01 19:11 - 2013-12-31 22:42 - 00000159 _____ C:\WINDOWS\wiadebug.log
    2014-01-01 19:11 - 2013-12-31 22:42 - 00000048 _____ C:\WINDOWS\wiaservc.log
    2014-01-01 19:11 - 2010-11-14 18:35 - 00027335 _____ C:\WINDOWS\system32\nvModes.001
    2014-01-01 19:10 - 2013-04-17 10:40 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-01-01 19:10 - 2010-11-14 17:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2014-01-01 19:07 - 2010-11-14 17:44 - 00032650 _____ C:\WINDOWS\SchedLgU.Txt
    2014-01-01 19:06 - 2010-11-14 17:50 - 00000000 ____D C:\Documents and Settings\Linda
    2014-01-01 18:59 - 2010-11-15 16:19 - 00000000 ____D C:\WINDOWS\system32\NtmsData
    2014-01-01 18:35 - 2012-06-03 22:51 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-01-01 18:09 - 2010-11-14 17:38 - 00000000 ____D C:\WINDOWS\Registration
    2014-01-01 16:45 - 2014-01-01 16:06 - 00017854 _____ C:\WINDOWS\setupapi.log
    2014-01-01 16:08 - 2014-01-01 16:08 - 00000000 ____D C:\FRST
    2014-01-01 14:26 - 2013-12-31 14:25 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
    2014-01-01 13:44 - 2013-10-14 12:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2014-01-01 13:09 - 2013-12-31 23:06 - 00003053 _____ C:\Documents and Settings\Linda\Desktop\attach.txt
    2014-01-01 00:40 - 2010-11-14 10:51 - 00000000 ____D C:\WINDOWS\Help
    2014-01-01 00:01 - 2012-08-28 14:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LogMeIn
    2013-12-31 23:23 - 2010-11-14 10:51 - 00000000 ____D C:\WINDOWS\Resources
    2013-12-31 22:42 - 2013-12-31 22:42 - 00000000 ____N C:\WINDOWS\Sti_Trace.log
    2013-12-31 22:37 - 2011-02-01 11:43 - 00000000 ____D C:\WINDOWS\Minidump
    2013-12-31 22:30 - 2010-12-08 13:38 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Autodesk
    2013-12-31 20:26 - 2012-01-24 12:19 - 00000000 ____D C:\WINDOWS\system32\LogFiles
    2013-12-31 18:46 - 2013-04-04 11:16 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Bentley
    2013-12-31 17:26 - 2013-12-31 17:26 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Malwarebytes
    2013-12-31 17:26 - 2013-12-31 17:25 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2013-12-31 17:25 - 2013-12-31 17:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    2013-12-31 17:25 - 2013-12-31 17:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2013-12-31 15:04 - 2013-04-02 12:49 - 00000075 _____ C:\WINDOWS\iddsgtev8i.ini
    2013-12-31 14:53 - 2011-12-14 15:00 - 00002305 _____ C:\Documents and Settings\Linda\Desktop\VPN Client.lnk
    2013-12-31 14:49 - 2010-11-14 10:55 - 00000329 ___SH C:\boot.ini
    2013-12-31 14:49 - 2003-03-31 07:00 - 00000876 _____ C:\WINDOWS\win.ini
    2013-12-31 14:49 - 2003-03-31 07:00 - 00000227 _____ C:\WINDOWS\system.ini
    2013-12-31 13:49 - 2012-05-24 15:21 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
    2013-12-19 13:33 - 2013-11-18 17:04 - 00000000 ____D C:\Verizon_Android
    2013-12-19 13:33 - 2013-11-18 17:04 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Verizon_Android
    2013-12-17 11:53 - 2010-11-14 18:35 - 00027335 _____ C:\WINDOWS\system32\nvModes.dat
    2013-12-16 13:46 - 2012-08-28 14:54 - 00000719 _____ C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
    2013-12-16 13:46 - 2012-08-28 14:54 - 00000000 ____D C:\Program Files\LogMeIn
    2013-12-16 13:45 - 2012-08-28 14:54 - 00086888 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
    2013-12-16 13:45 - 2012-08-28 14:54 - 00085832 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
    2013-12-16 13:45 - 2012-08-28 14:54 - 00031560 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
    2013-12-12 04:42 - 2012-12-11 23:10 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
    2013-12-12 04:42 - 2012-12-11 23:10 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
    2013-12-12 03:24 - 2010-11-14 10:56 - 00298048 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2013-12-12 03:08 - 2012-05-24 15:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2013-12-12 03:07 - 2010-11-15 15:28 - 00000000 ____D C:\WINDOWS\ie8updates
    2013-12-12 03:06 - 2013-08-14 02:08 - 00000000 ____D C:\WINDOWS\system32\MRT
    2013-12-12 03:06 - 2010-11-15 13:19 - 00046592 _____ C:\WINDOWS\system32\TZLog.log
    2013-12-12 03:03 - 2010-11-15 13:16 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2013-12-11 22:25 - 2010-11-15 15:41 - 00000000 ____D C:\WINDOWS\pss
    2013-12-11 21:38 - 2013-12-11 21:38 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    2013-12-11 21:38 - 2013-12-11 21:38 - 00000000 ____D C:\Program Files\CCleaner
    2013-12-11 21:38 - 2013-12-11 21:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
    2013-12-11 14:35 - 2012-06-03 22:51 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2013-12-11 14:35 - 2012-06-03 22:51 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2013-12-09 15:42 - 2010-11-15 18:37 - 00000000 ____D C:\dgn
    2013-12-09 11:15 - 2013-12-09 11:15 - 00000000 ____D C:\Documents and Settings\Linda\Local Settings\Application Data\IAC
    2013-12-09 11:15 - 2013-12-09 11:15 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\FromDocToPDF_65
    2013-12-09 11:14 - 2013-12-09 11:14 - 00000000 ____D C:\Program Files\FromDocToPDF_65
    2013-12-05 04:19 - 2013-04-17 10:40 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2013-12-04 15:40 - 2011-12-14 15:10 - 00000336 _____ C:\Documents and Settings\Linda\Desktop\PA drive.bat
    2013-12-04 13:57 - 2013-12-04 13:57 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Inpgsoft
    2013-12-03 16:39 - 2013-12-03 16:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Inpgsoft

    Some content of TEMP:
    ====================
    C:\Documents and Settings\Linda\Local Settings\Temp\avgnt.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== End Of Log ============================
     
  13. Broni

    Broni Malware Annihilator Posts: 48,004   +271

    Looks better.

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  14. Linda R

    Linda R TS Rookie Topic Starter Posts: 36

    RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Linda [Admin rights]
    Mode : Remove -- Date : 01/01/2014 20:12:08
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 1 ¤¤¤
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    12.151.201.180 tup-dc1


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST980813AS +++++
    --- User ---
    [MBR] e1167d3f23b50a3041f7dc1461be60d6
    [BSP] a388a4c3d4c7761509c6c79422867ce5 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 30719 Mo
    1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 62914320 | Size: 45588 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) I0MEGA UMni64MB*IOM2C4 USB Device +++++
    --- User ---
    [MBR] 606f93cfa88c863b8b0714980449efc6
    [BSP] 7208b105e661849d4a48c279d3177d8d : Empty MBR Code
    Partition table:
    0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 61 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR! ([0x32] The request is not supported. )

    Finished : << RKreport[0]_D_01012014_201208.txt >>
    RKreport[0]_S_01012014_201017.txt
     
  15. Linda R

    Linda R TS Rookie Topic Starter Posts: 36

    The anti-rootkit found no malware, so I only ran it once. Please let me know if I should run it a second time for good measure. Here are the reports. Computer is still sluggish but I haven't rebooted yet.

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1008

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.161000 GHz
    Memory total: 3623096320, free: 2897874944

    Downloaded database version: v2014.01.01.06
    Downloaded database version: v2013.12.18.01
    Initializing...
    ======================
    ------------ Kernel report ------------
    01/01/2014 20:21:25
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntkrnlpa.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\System32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    ohci1394.sys
    \WINDOWS\System32\DRIVERS\1394BUS.SYS
    compbatt.sys
    \WINDOWS\System32\DRIVERS\BATTC.SYS
    pciide.sys
    \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    intelide.sys
    pcmcia.sys
    MountMgr.sys
    ftdisk.sys
    dmload.sys
    dmio.sys
    ACPIEC.sys
    \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    disk.sys
    \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    timntr.sys
    tdrpm251.sys
    snapman.sys
    Mup.sys
    hpdskflt.sys
    \WINDOWS\system32\ntkrnlpa.exe
    \SystemRoot\System32\DRIVERS\intelppm.sys
    \SystemRoot\System32\DRIVERS\nv4_mini.sys
    \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\System32\DRIVERS\b57xp32.sys
    \SystemRoot\System32\DRIVERS\usbuhci.sys
    \SystemRoot\System32\DRIVERS\USBPORT.SYS
    \SystemRoot\System32\DRIVERS\usbehci.sys
    \SystemRoot\System32\DRIVERS\nic1394.sys
    \SystemRoot\system32\drivers\tifm21.sys
    \SystemRoot\System32\DRIVERS\sdbus.sys
    \SystemRoot\system32\DRIVERS\gtipci21.sys
    \SystemRoot\system32\DRIVERS\SMCLIB.SYS
    \SystemRoot\System32\DRIVERS\parport.sys
    \SystemRoot\System32\DRIVERS\i8042prt.sys
    \SystemRoot\System32\DRIVERS\HpqKbFiltr.sys
    \SystemRoot\System32\DRIVERS\WDFLDR.SYS
    \SystemRoot\System32\DRIVERS\Wdf01000.sys
    \SystemRoot\System32\DRIVERS\kbdclass.sys
    \SystemRoot\System32\DRIVERS\SynTP.sys
    \SystemRoot\System32\DRIVERS\USBD.SYS
    \SystemRoot\System32\DRIVERS\mouclass.sys
    \SystemRoot\System32\DRIVERS\imapi.sys
    \SystemRoot\System32\DRIVERS\cdrom.sys
    \SystemRoot\System32\DRIVERS\redbook.sys
    \SystemRoot\System32\DRIVERS\ks.sys
    \SystemRoot\System32\DRIVERS\Accelerometer.sys
    \SystemRoot\System32\DRIVERS\cpqbttn.sys
    \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\DRIVERS\CmBatt.sys
    \SystemRoot\System32\DRIVERS\wmiacpi.sys
    \SystemRoot\System32\DRIVERS\btkrnl.sys
    \SystemRoot\system32\DRIVERS\lmimirr.sys
    \SystemRoot\system32\DRIVERS\dne2000.sys
    \SystemRoot\system32\DRIVERS\jnprna5.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\jnprvamgr.sys
    \SystemRoot\System32\DRIVERS\audstub.sys
    \SystemRoot\System32\Drivers\RootMdm.sys
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\System32\DRIVERS\rasl2tp.sys
    \SystemRoot\System32\DRIVERS\ndistapi.sys
    \SystemRoot\System32\DRIVERS\ndiswan.sys
    \SystemRoot\System32\DRIVERS\raspppoe.sys
    \SystemRoot\System32\DRIVERS\raspptp.sys
    \SystemRoot\System32\DRIVERS\psched.sys
    \SystemRoot\System32\DRIVERS\msgpc.sys
    \SystemRoot\System32\DRIVERS\ptilink.sys
    \SystemRoot\System32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\eacfilt.sys
    \SystemRoot\system32\DRIVERS\ipsecw2k.sys
    \SystemRoot\system32\DRIVERS\RimSerial.sys
    \SystemRoot\System32\DRIVERS\rdpdr.sys
    \SystemRoot\System32\DRIVERS\termdd.sys
    \SystemRoot\System32\DRIVERS\swenum.sys
    \SystemRoot\System32\DRIVERS\update.sys
    \SystemRoot\System32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\DRIVERS\kbdhid.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\ADIHdAud.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\AEAudio.sys
    \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
    \SystemRoot\system32\DRIVERS\HSF_DPV.sys
    \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    \SystemRoot\System32\DRIVERS\usbhub.sys
    \SystemRoot\System32\DRIVERS\ATSwpDrv.sys
    \SystemRoot\System32\DRIVERS\hidusb.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\DRIVERS\USBSTOR.SYS
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\DRIVERS\rasacd.sys
    \SystemRoot\System32\DRIVERS\ipsec.sys
    \SystemRoot\System32\DRIVERS\tcpip.sys
    \SystemRoot\System32\DRIVERS\ipnat.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\atmdlc.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\ssmdrv.sys
    \SystemRoot\System32\DRIVERS\wanarp.sys
    \SystemRoot\System32\DRIVERS\rdbss.sys
    \SystemRoot\System32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\DRIVERS\arp1394.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\avkmgr.sys
    \SystemRoot\system32\DRIVERS\avipbb.sys
    \SystemRoot\System32\DRIVERS\mouhid.sys
    \SystemRoot\System32\Drivers\Fastfat.SYS
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\nv4_disp.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\DRIVERS\avgntflt.sys
    \??\C:\WINDOWS\system32\drivers\mbam.sys
    \SystemRoot\System32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\System32\DRIVERS\mrxdav.sys
    \SystemRoot\System32\Drivers\ParVdm.SYS
    \SystemRoot\system32\DRIVERS\afcdp.sys
    \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
    \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\System32\Drivers\TDTCP.SYS
    \SystemRoot\System32\Drivers\RDPWD.SYS
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\ipfltdrv.sys
    \SystemRoot\System32\DRIVERS\NETw4x32.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR3
    Upper Device Object: 0xffffffff8ac47ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\000000d5\
    Lower Device Object: 0xffffffff8afc6da8
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff8afe2ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
    Lower Device Object: 0xffffffff8af1fd98
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff8afe2ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8af4cf10, DeviceName: Unknown, DriverName: \Driver\tdrpman251\
    DevicePointer: 0xffffffff8af84f10, DeviceName: Unknown, DriverName: \Driver\snapman\
    DevicePointer: 0xffffffff8afedb88, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8af4e880, DeviceName: Unknown, DriverName: \Driver\tdrpman251\
    DevicePointer: 0xffffffff8afe2ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8af74490, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
    DevicePointer: 0xffffffff8af833b8, DeviceName: \Device\000000ba\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8af1fd98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 8AB18AB1

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 62914257
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 62914320 Numsec = 93366000

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 80026361856 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffffff8ac47ab8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8a7f6020, DeviceName: Unknown, DriverName: \Driver\tdrpman251\
    DevicePointer: 0xffffffff8ac4cd70, DeviceName: Unknown, DriverName: \Driver\snapman\
    DevicePointer: 0xffffffff8adf5020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8a9ad6d8, DeviceName: Unknown, DriverName: \Driver\tdrpman251\
    DevicePointer: 0xffffffff8ac47ab8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8afc6da8, DeviceName: \Device\000000d5\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 0

    Partition information:

    Partition 0 type is Other (0x6)
    Partition is ACTIVE.
    Partition starts at LBA: 32 Numsec = 126944
    Partition file system is FAT
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 65011712 bytes
    Sector size: 512 bytes

    Done!
    <<<2>>>
    <<<3>>>
    Volume: D:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_1_0_32_i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
    Removal finished
     
  16. Linda R

    Linda R TS Rookie Topic Starter Posts: 36

    Malwarebytes Anti-Rootkit BETA 1.07.0.1008
    www.malwarebytes.org

    Database version: v2014.01.01.06

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Linda :: WELLSCO-LAPPY [administrator]

    1/1/2014 8:21:37 PM
    mbar-log-2014-01-01 (20-21-37).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 263329
    Time elapsed: 1 hour(s), 32 minute(s), 3 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
  17. Broni

    Broni Malware Annihilator Posts: 48,004   +271

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  18. Linda R

    Linda R TS Rookie Topic Starter Posts: 36

    ComboFix 14-01-01.01 - Linda 01/01/2014 23:06:58.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3455.1842 [GMT -5:00]
    Running from: d:\my documents\Downloads\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Linda\WINDOWS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-12-02 to 2014-01-02 )))))))))))))))))))))))))))))))
    .
    .
    2014-01-02 01:21 . 2014-01-02 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2014-01-02 01:21 . 2014-01-02 01:21 104664 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-01-02 01:18 . 2014-01-02 01:18 51416 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-01-01 21:08 . 2014-01-01 21:08 -------- d-----w- C:\FRST
    2013-12-31 22:26 . 2013-12-31 22:26 -------- d-----w- c:\documents and settings\Linda\Application Data\Malwarebytes
    2013-12-31 22:25 . 2013-12-31 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2013-12-31 22:25 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-12-31 22:25 . 2013-12-31 22:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-12-12 02:38 . 2013-12-12 02:38 -------- d-----w- c:\program files\CCleaner
    2013-12-09 16:15 . 2013-12-09 16:15 -------- d-----w- c:\documents and settings\Linda\Application Data\FromDocToPDF_65
    2013-12-09 16:15 . 2013-12-09 16:15 -------- d-----w- c:\documents and settings\Linda\Local Settings\Application Data\IAC
    2013-12-09 16:14 . 2013-12-09 16:14 -------- d-----w- c:\program files\FromDocToPDF_65
    2013-12-04 18:57 . 2013-12-04 18:57 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Inpgsoft
    2013-12-03 21:39 . 2013-12-03 21:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Inpgsoft
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-01-02 01:10 . 2014-01-02 01:10 8832 ----a-w- c:\windows\system32\drivers\wmiacpi.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 4352 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 32224 ----a-w- c:\windows\system32\drivers\wdfldr.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 12032 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 492000 ----a-w- c:\windows\system32\drivers\wdf01000.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 34560 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 25471 ----a-w- c:\windows\system32\drivers\watv10nt.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 22271 ----a-w- c:\windows\system32\drivers\watv06nt.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 11935 ----a-w- c:\windows\system32\drivers\wadv11nt.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 81664 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 42240 ----a-w- c:\windows\system32\drivers\viaagp.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 20992 ----a-w- c:\windows\system32\drivers\vga.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 14208 ----a-w- c:\windows\system32\drivers\wacompen.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 11871 ----a-w- c:\windows\system32\drivers\wadv09nt.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 11807 ----a-w- c:\windows\system32\drivers\wadv07nt.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 11295 ----a-w- c:\windows\system32\drivers\wadv08nt.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 58112 ----a-w- c:\windows\system32\drivers\vdmindvd.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 26368 ----a-w- c:\windows\system32\drivers\usbstor.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 14976 ----a-w- c:\windows\system32\drivers\usbscan.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 123008 ----a-w- c:\windows\system32\drivers\usbvideo.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 5376 ----a-w- c:\windows\system32\drivers\usbd.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 30336 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 144128 ----a-w- c:\windows\system32\drivers\usbport.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 66048 ----a-w- c:\windows\system32\drivers\udfs.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 44672 ----a-w- c:\windows\system32\drivers\uagp35.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 384768 ----a-w- c:\windows\system32\drivers\update.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 51712 ----a-w- c:\windows\system32\drivers\tosdvd.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 570016 ----a-w- c:\windows\system32\drivers\timntr.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 40840 ----a-w- c:\windows\system32\drivers\termdd.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 290304 ----a-w- c:\windows\system32\drivers\tifm21.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 21896 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 902432 ----a-w- c:\windows\system32\drivers\tdrpm251.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 19072 ----a-w- c:\windows\system32\drivers\tdi.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 49408 ----a-w- c:\windows\system32\drivers\stream.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 4352 ----a-w- c:\windows\system32\drivers\swenum.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 220640 ----a-w- c:\windows\system32\drivers\SynTP.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 14976 ----a-w- c:\windows\system32\drivers\tape.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 73472 ----a-w- c:\windows\system32\drivers\sr.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 6272 ----a-w- c:\windows\system32\drivers\splitter.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 357888 ----a-w- c:\windows\system32\drivers\srv.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 28520 ----a-w- c:\windows\system32\drivers\ssmdrv.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 95424 ----a-w- c:\windows\system32\drivers\slnthal.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 5888 ----a-w- c:\windows\system32\drivers\smbali.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 157248 ----a-w- c:\windows\system32\drivers\snapman.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 14592 ----a-w- c:\windows\system32\drivers\smclib.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 13240 ----a-w- c:\windows\system32\drivers\slwdmsup.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 404990 ----a-w- c:\windows\system32\drivers\slntamr.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 40960 ----a-w- c:\windows\system32\drivers\sisagp.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 129535 ----a-w- c:\windows\system32\drivers\slnt7554.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 11392 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 64512 ----a-w- c:\windows\system32\drivers\serial.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 15744 ----a-w- c:\windows\system32\drivers\serenum.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 10240 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 96384 ----a-w- c:\windows\system32\drivers\scsiport.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 5888 ----a-w- c:\windows\system32\drivers\rootmdm.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 30592 ----a-w- c:\windows\system32\drivers\rndismp.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 166912 ----a-w- c:\windows\system32\drivers\s3gnbm.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 59136 ----a-w- c:\windows\system32\drivers\rfcomm.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 22784 ----a-w- c:\windows\system32\drivers\RimUsb.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 203136 ----a-w- c:\windows\system32\drivers\rmcast.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys.bak
    2014-01-02 01:10 . 2014-01-02 01:10 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys.bak
    2014-01-02 01:09 . 2014-01-02 01:09 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys.bak
    2014-01-02 01:09 . 2014-01-02 01:09 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys.bak
    2014-01-02 01:09 . 2014-01-02 01:09 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys.bak
    2014-01-02 01:09 . 2014-01-02 01:09 13776 ----a-w- c:\windows\system32\drivers\recagent.sys.bak
    2014-01-02 01:09 . 2014-01-02 01:09 175744 ----a-w- c:\windows\system32\drivers\rdbss.sys.bak
    2014-01-02 01:09 . 2014-01-02 01:09 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys.bak
    2014-01-02 01:09 . 2014-01-02 01:09 51328 ----a-w- c:\windows\system32\drivers\rasl2tp.sys.bak
    2014-01-02 01:09 . 2014-01-02 01:09 48384 ----a-w- c:\windows\system32\drivers\raspptp.sys.bak
    2014-01-02 01:09 . 2014-01-02 01:09 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys.bak
    2014-01-02 01:09 . 2014-01-02 01:09 34432 ----a-w- c:\windows\system32\drivers\rawwan.sys.bak
    2014-01-02 01:09 . 2014-01-02 01:09 16512 ----a-w- c:\windows\system32\drivers\raspti.sys.bak
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\yt.dll" [2013-08-07 1561880]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-04-17 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-08-23 8478720]
    "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-08-23 81920]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
    "AccelerometerSysTrayApplet"="c:\windows\System32\AccelerometerSt.exe" [2006-01-17 53248]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
    "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-12-12 684600]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    checkmaps.lnk - c:\program files\Gordoware\CheckMaps.exe [2011-4-22 765952]
    connectto.lnk - c:\program files\Gordoware\connectto.exe [2011-4-22 1175552]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2013-12-16 18:45 85832 ----a-w- c:\windows\system32\LMIinit.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    backup=c:\windows\pss\Bluetooth.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk
    backup=c:\windows\pss\Program Neighborhood Agent.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
    backup=c:\windows\pss\VPN Client.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
    2009-09-12 21:31 357384 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2013-09-05 14:03 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FromDocToPDF Search Scope Monitor]
    2013-12-09 16:14 55368 ----a-w- c:\progra~1\FROMDO~2\bar\1.bin\65SrchMn.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FromDocToPDF_65 Browser Plugin Loader]
    2013-12-09 16:14 61512 ----a-w- c:\program files\FromDocToPDF_65\bar\1.bin\65brmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JunosPulse]
    2013-02-20 09:01 2104152 ----a-w- c:\program files\Common Files\Juniper Networks\JamUI\Pulse.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    2007-10-18 20:27 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
    2012-06-08 16:06 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2007-08-23 16:15 1626112 ----a-w- c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
    2007-10-19 18:05 177456 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2007-01-06 03:36 872448 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2013-04-17 15:41 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
    2009-09-12 21:30 5048488 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Bentley\\Program\\MicroStation\\ustation.exe"=
    "c:\\Program Files\\Bentley\\Program\\MicroStation\\V8ustation.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\\Program Files\\BentleyV8i\\MicroStation\\ustation.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [11/15/2010 4:24 PM 902432]
    R1 ATMDLC;Attachmate DLC Protocol;c:\windows\system32\drivers\atmdlc.sys [8/27/2009 4:34 PM 40952]
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [12/11/2012 11:10 PM 37352]
    R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [11/15/2010 4:24 PM 2326920]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/11/2012 11:10 PM 440376]
    R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2/20/2013 2:01 AM 162136]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [7/5/2012 5:09 PM 375120]
    R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [11/15/2010 4:24 PM 159168]
    R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [11/15/2010 6:53 PM 26137]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [11/15/2010 3:06 PM 88192]
    R3 JNPRNA;Juniper Network Agent Miniport;c:\windows\system32\drivers\jnprna5.sys [5/14/2013 4:00 PM 446712]
    R3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;c:\windows\system32\drivers\jnprvamgr.sys [5/14/2013 4:01 PM 36776]
    S2 FromDocToPDF_65Service;FromDocToPDFService;c:\progra~1\FROMDO~2\bar\1.bin\65barsvc.exe [12/9/2013 11:14 AM 88648]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [6/8/2012 11:06 AM 13624]
    S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/31/2013 5:25 PM 418376]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/31/2013 5:25 PM 701512]
    S3 ExtranetAccess;Contivity VPN Service;c:\program files\Nortel Networks\Extranet_serv.exe [11/15/2010 6:53 PM 811008]
    S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [11/15/2010 6:53 PM 155152]
    S3 jnprva;Juniper Networks Virtual Adapter Service;c:\windows\system32\drivers\jnprva.sys [5/14/2013 4:01 PM 25456]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/31/2013 5:25 PM 22856]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [9/6/2013 12:29 PM 235216]
    S3 OracleClientCache80;OracleClientCache80;c:\orant\BIN\ONRSD80.EXE [11/14/2010 11:33 AM 95744]
    S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 2:43 PM 32408]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/19/2012 6:43 AM 11520]
    S4 jnprTdi_730_32781;Juniper Networks TDI Filter Driver (jnprTdi_730_32781);c:\windows\system32\drivers\jnprTdi_730_32781.sys [5/14/2013 4:01 PM 90456]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-10-18 20:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-12-05 09:16 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 19:35]
    .
    2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-04-17 15:40]
    .
    2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-04-17 15:40]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    TCP: DhcpNameServer = 192.168.254.254
    TCP: Interfaces\{AB3D519C-5373-4FCB-A433-74A7E344E4C9}: NameServer = 166.68.227.10,166.68.195.10
    FF - ProfilePath - c:\documents and settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\
    FF - ExtSQL: !HIDDEN! 2013-04-05 03:11; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-GameServer50D - c:\documents and settings\Linda\Application Data\Autodesk\WIN7B.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-01-01 23:17
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrueSight]
    "ImagePath"="\??\"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5f,6b,5f,3f,e8,76,28,41,b5,c7,03,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5f,6b,5f,3f,e8,76,28,41,b5,c7,03,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(548)
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\LMIRfsClientNP.dll
    .
    - - - - - - - > 'explorer.exe'(892)
    c:\windows\system32\WININET.dll
    c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
    c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\LMIRfsClientNP.dll
    .
    - - - - - - - > 'explorer.exe'(2712)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\mshtml.dll
    c:\windows\system32\msls31.dll
    .
    Completion time: 2014-01-01 23:28:26
    ComboFix-quarantined-files.txt 2014-01-02 04:28
    .
    Pre-Run: 3,739,369,472 bytes free
    Post-Run: 4,673,986,560 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Safe Mode" /fastdetect /NoExecute=OptIn /safeboot:minimal /sos /bootlog
    .
    - - End Of File - - E43D7CC0F0119347EE1AD2AE71EA16EA
    8F558EB6672622401DA993E1E865C861
     
  19. Linda R

    Linda R TS Rookie Topic Starter Posts: 36

    Another bit of information, MBAM keeps popping up this window.... Successfully blocked access to a potentially malicious website: 8.26.70.22 Type: Outgoing. Sometimes the IP is 66.45.56.109 instead.
     
  20. Broni

    Broni Malware Annihilator Posts: 48,004   +271

    How is the situation with iexplorer.exe?

    Please move Combofix file to proper location - Desktop.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  21. Linda R

    Linda R TS Rookie Topic Starter Posts: 36

    Iexplore is not running in the processes, but I still have 3 or more explorer processes running. I'll move combofix and then download and run the last 3 you gave me.
     
  22. Linda R

    Linda R TS Rookie Topic Starter Posts: 36

    # AdwCleaner v3.016 - Report created 02/01/2014 at 00:42:34
    # Updated 23/12/2013 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Linda - WELLSCO-LAPPY
    # Running from : C:\Documents and Settings\Linda\Desktop\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : FromDocToPDF_65Service

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files\FromDocToPDF_65
    Folder Deleted : C:\Documents and Settings\Linda\Local Settings\Application Data\iac
    Folder Deleted : C:\Documents and Settings\Linda\Application Data\FromDocToPDF_65

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fjpdnoojnohifgekbkmnfbiobhcbedka
    Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager
    Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu
    Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1
    Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel
    Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1
    Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton
    Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.1
    Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin
    Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1
    Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio
    Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1
    Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings
    Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.1
    Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton
    Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.1
    Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin
    Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1
    Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller
    Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1
    Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector
    Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.1
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{017D68F2-19B3-41AE-9D8A-8B09DBD25479}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2BD4465D-669A-42E6-B449-636B0B10EBB8}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3700B685-D795-4E17-9B78-73BCEE5D4086}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E6260AC-BC6F-44B4-942B-1568C367543A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{504B4AA9-9952-4490-B0E1-80A5321C35F7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{72D05120-DF65-4C27-921E-899B5267FEF2}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AFA196F4-80E5-47AD-B7BC-C671487D36FB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B7FD68F7-D28B-431E-9EE8-E45D915B7F17}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD1D181E-C654-4CA5-9D09-B3648537FD7D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2C9D27D8-C81E-4968-8026-E725E01650C1}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2BD4465D-669A-42E6-B449-636B0B10EBB8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701F5C41-BB30-46DA-A56B-68784B0B762B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3B975A0-F679-444E-9D94-6D292FA53140}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\FromDocToPDF_65
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKLM\Software\FromDocToPDF_65
    Key Deleted : HKLM\Software\Magical Jelly Bean\OpenCandy
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Internet Explorer
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v24.0 (en-US)

    [ File : C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\prefs.js ]


    -\\ Google Chrome v31.0.1650.63

    [ File : C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [8709 octets] - [02/01/2014 00:39:31]
    AdwCleaner[S0].txt - [8826 octets] - [02/01/2014 00:42:34]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8886 octets] ##########
     
  23. Linda R

    Linda R TS Rookie Topic Starter Posts: 36

    Couldn't get JRT to run, tried rebooting and running it, but still wouldn't start. The dos window would flash up momentarily and then nothing. Moved on to OTL, here are the reports.

    OTL logfile created on: 1/2/2014 1:37:59 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = D:\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
    3.37 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 61.57% Memory free
    5.21 Gb Paging File | 3.82 Gb Available in Paging File | 73.31% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 30.00 Gb Total Space | 3.96 Gb Free Space | 13.20% Space Free | Partition Type: NTFS
    Drive D: | 44.52 Gb Total Space | 25.71 Gb Free Space | 57.75% Space Free | Partition Type: NTFS
    Drive E: | 27.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 61.73 Mb Total Space | 58.56 Mb Free Space | 94.87% Space Free | Partition Type: FAT
    Computer Name: WELLSCO-LAPPY | User Name: Linda | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
    ========== Processes (SafeList) ==========
    PRC - [2014/01/02 00:18:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL.exe
    PRC - [2013/12/16 13:45:47 | 000,202,576 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
    PRC - [2013/12/16 13:45:24 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    PRC - [2013/12/12 04:42:18 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2013/12/12 04:41:19 | 000,431,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2013/12/12 04:41:11 | 000,684,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2013/11/27 12:35:08 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2013/05/14 15:42:06 | 000,181,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2013/02/20 02:01:36 | 000,162,136 | ---- | M] (Juniper Networks, Inc.) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    PRC - [2012/06/08 11:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
    PRC - [2012/06/08 11:06:24 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    PRC - [2011/04/05 13:58:17 | 001,175,552 | ---- | M] (Gordoware) -- C:\Program Files\gordoware\connectto.exe
    PRC - [2010/11/15 16:24:15 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    PRC - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    PRC - [2009/09/12 16:31:30 | 000,660,520 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/01/09 15:52:32 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
    PRC - [2006/01/16 22:01:46 | 000,053,248 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
    ========== Modules (No Company Name) ==========
    MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2012/09/19 18:17:40 | 000,397,088 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
    MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2009/11/17 12:08:34 | 000,197,424 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
    MOD - [2009/04/07 04:32:10 | 000,022,723 | ---- | M] () -- C:\WINDOWS\system32\cl31cl3.dll
    ========== Services (SafeList) ==========
    SRV - [2013/12/16 13:45:47 | 000,202,576 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
    SRV - [2013/12/16 13:45:24 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2013/12/12 04:42:18 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2013/12/11 14:35:42 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/11/27 12:35:08 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2013/10/14 12:00:14 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/09/06 12:29:38 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
    SRV - [2013/05/14 15:42:06 | 000,181,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2013/03/08 23:10:32 | 030,798,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2013/02/20 02:01:36 | 000,162,136 | ---- | M] (Juniper Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)
    SRV - [2012/06/08 11:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2010/11/15 16:24:15 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
    SRV - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
    SRV - [2009/09/12 16:31:30 | 000,660,520 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2007/04/18 12:50:08 | 000,811,008 | ---- | M] (Nortel Networks NA, Inc.) [On_Demand | Stopped] -- C:\Program Files\Nortel Networks\Extranet_serv.exe -- (ExtranetAccess)
    SRV - [1998/06/10 12:43:40 | 000,095,744 | ---- | M] () [On_Demand | Stopped] -- C:\orant\BIN\ONRSD80.EXE -- (OracleClientCache80)
    ========== Driver Services (SafeList) ==========
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (TrueSight)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\dsNcAdpt.sys -- (dsNcAdpt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Linda\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2013/12/16 13:45:29 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2013/12/12 04:42:30 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2013/12/12 04:42:30 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2013/11/27 12:35:48 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
    DRV - [2013/05/28 14:17:46 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2013/02/19 22:06:00 | 000,090,456 | ---- | M] (Juniper Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\jnprTdi_730_32781.sys -- (jnprTdi_730_32781)
    DRV - [2013/01/17 00:20:26 | 000,036,776 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jnprvamgr.sys -- (JnprVaMgr)
    DRV - [2013/01/17 00:20:26 | 000,025,456 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jnprva.sys -- (jnprva)
    DRV - [2013/01/17 00:20:24 | 000,446,712 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jnprna5.sys -- (JNPRNA)
    DRV - [2012/08/27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2012/06/08 11:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2010/11/15 16:24:17 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
    DRV - [2010/11/15 16:24:12 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpm251.sys -- (tdrpman251)
    DRV - [2010/11/15 16:24:11 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
    DRV - [2010/11/15 16:24:04 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
    DRV - [2009/11/17 12:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV - [2009/08/27 16:34:14 | 000,040,952 | ---- | M] (Attachmate Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atmdlc.sys -- (ATMDLC)
    DRV - [2009/05/25 14:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
    DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
    DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
    DRV - [2007/10/31 10:23:20 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
    DRV - [2007/10/16 07:29:00 | 000,989,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2007/10/16 07:28:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2007/10/16 07:28:16 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2007/08/28 15:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV)
    DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2007/04/18 12:55:48 | 000,026,137 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)
    DRV - [2007/04/18 12:55:30 | 000,155,152 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
    DRV - [2007/04/18 12:55:30 | 000,155,152 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)
    DRV - [2007/01/24 14:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
    DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
    DRV - [2006/09/14 16:55:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
    DRV - [2006/06/28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
    DRV - [2006/02/15 15:59:52 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
    DRV - [2006/02/15 15:56:58 | 001,342,570 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2006/02/15 15:54:46 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
    DRV - [2006/02/15 15:54:10 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2006/02/15 15:51:22 | 000,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
    DRV - [2006/02/15 15:50:14 | 000,044,163 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
    DRV - [2006/01/10 01:00:04 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
    DRV - [2006/01/10 01:00:04 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
    DRV - [2005/10/26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    ========== Standard Registry (SafeList) ==========
    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{89BB0835-FE42-492F-9365-50DD021B2B9E}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1757981266-920026266-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-1757981266-920026266-725345543-1003\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-1757981266-920026266-725345543-1003\..\SearchScopes,DefaultScope = {89BB0835-FE42-492F-9365-50DD021B2B9E}
    IE - HKU\S-1-5-21-1757981266-920026266-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-1757981266-920026266-725345543-1003\..\SearchScopes\{07871812-1823-4118-B7A8-B2C956AC8742}: "URL" = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir
    IE - HKU\S-1-5-21-1757981266-920026266-725345543-1003\..\SearchScopes\{89BB0835-FE42-492F-9365-50DD021B2B9E}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7MXGB_enUS532
    IE - HKU\S-1-5-21-1757981266-920026266-725345543-1003\..\SearchScopes\{8CC45221-51CE-4DD1-8F4A-822235DB4D63}: "URL" = http://www.amazon.com/gp/search?ie=...amp=1789&creative=9325&keywords={searchTerms}
    IE - HKU\S-1-5-21-1757981266-920026266-725345543-1003\..\SearchScopes\{954B9569-E869-4AE5-B2AB-F2700519E569}: "URL" = http://www.walmart.com/catalog/search-ng.gsp?search_constraint=0&search_query={searchTerms}
    IE - HKU\S-1-5-21-1757981266-920026266-725345543-1003\..\SearchScopes\{98383ACF-5F17-49F1-91D7-EE480B517CA8}: "URL" = http://www.weather.com/search/enhanced?where={searchTerms}
    IE - HKU\S-1-5-21-1757981266-920026266-725345543-1003\..\SearchScopes\{C2A09D41-25C9-4E60-A52B-BA6068DD941D}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
    IE - HKU\S-1-5-21-1757981266-920026266-725345543-1003\..\SearchScopes\{CBCE1836-7CD7-4104-9E83-C9C1AD0EE6EB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
    IE - HKU\S-1-5-21-1757981266-920026266-725345543-1003\..\SearchScopes\{DDD8124F-D233-44C2-A68C-9B432298DA67}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
    IE - HKU\S-1-5-21-1757981266-920026266-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    ========== FireFox ==========
    FF - prefs.js..browser.search.openintab: true
    FF - prefs.js..extensions.enabledAddons: %7B36680766-DB0F-2FE2-454F-617C65152C54%7D:5.0.1
    FF - prefs.js..extensions.enabledAddons: firefox1%40myibay.com:1.3.7
    FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.2.02
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: firefox1@myibay.com:1.3.5
    FF - prefs.js..extensions.enabledItems: calculator@cmcculloh:2.1
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: c:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: c:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: c:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/14 12:00:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/14 12:00:05 | 000,000,000 | ---D | M]
    [2010/11/17 10:55:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Extensions
    [2014/01/01 19:27:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\extensions
    [2013/12/01 22:16:16 | 000,000,000 | ---D | M] (DAO.TableDef.120) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\extensions\{36680766-DB0F-2FE2-454F-617C65152C54}
    [2012/12/12 16:41:28 | 000,000,000 | ---D | M] (Status-bar Calculator) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\extensions\calculator@cmcculloh
    [2013/12/11 21:22:02 | 000,020,693 | ---- | M] () (No name found) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\extensions\firefox1@myibay.com.xpi
    [2013/04/17 10:37:29 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
    [2013/12/11 21:22:02 | 000,778,022 | ---- | M] () (No name found) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
    [2008/07/14 07:16:56 | 000,000,053 | ---- | M] () (No name found) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\extensions\calculator@cmcculloh\.svn\prop-base\statusbarcalculator-2.1.xpi.svn-base
    [2008/07/14 07:11:14 | 000,029,140 | ---- | M] () (No name found) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\extensions\calculator@cmcculloh\.svn\text-base\statusbarcalculator-2.1.xpi.svn-base
    [2013/10/14 12:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/10/14 12:00:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    [1999/12/31 17:00:00 | 000,166,680 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
    ========== Chrome ==========
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
    CHR - Extension: Docs = C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
    CHR - Extension: Google Drive = C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: YouTube = C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
    O1 HOSTS File: ([2013/12/04 16:13:13 | 000,000,024 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 12.151.201.180 tup-dc1
    O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
    O2 - BHO: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - c:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - c:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
    O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\checkmaps.lnk = C:\Program Files\gordoware\checkmaps.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\connectto.lnk = C:\Program Files\gordoware\connectto.exe (Gordoware)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1757981266-920026266-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1757981266-920026266-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1757981266-920026266-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1757981266-920026266-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab (Blockwerx Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289781725609 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1346184481203 (MUWebControl Class)
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
    O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab (BejeweledTwist Control)
    O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinner.com/games/v42/tilecity/tilecity.cab (Tilecity Control)
    O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://fhebpsslvpn.verizon.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06FE93A5-53B1-4088-8B09-464214178277}: DhcpNameServer = 192.168.254.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB3D519C-5373-4FCB-A433-74A7E344E4C9}: Domain = verizon.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB3D519C-5373-4FCB-A433-74A7E344E4C9}: NameServer = 166.68.227.10,166.68.195.10
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/12/08 13:36:34 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O32 - AutoRun File - [2010/11/14 17:41:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    ========== Files/Folders - Created Within 30 Days ==========
    [2014/01/02 01:12:42 | 001,036,305 | ---- | C] (Thisisu) -- C:\Documents and Settings\Linda\Desktop\JRT.exe
    [2014/01/02 00:37:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/01/01 23:03:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2014/01/01 23:00:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2014/01/01 23:00:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2014/01/01 23:00:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2014/01/01 23:00:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2014/01/01 23:00:04 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/01/01 22:58:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2014/01/01 20:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    [2014/01/01 20:18:06 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2014/01/01 20:17:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\Desktop\mbar
    [2014/01/01 20:10:15 | 000,011,520 | ---- | C] (Western Digital Technologies) -- C:\WINDOWS\System32\drivers\wdcsam.sys.bak
    [2014/01/01 20:10:09 | 000,290,304 | ---- | C] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys.bak
    [2014/01/01 20:10:05 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys.bak
    [2014/01/01 20:09:34 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys.bak
    [2014/01/01 20:09:34 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
    [2014/01/01 20:09:32 | 000,090,456 | ---- | C] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\drivers\jnprTdi_730_32781.sys.bak
    [2014/01/01 20:09:32 | 000,036,776 | ---- | C] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\drivers\jnprvamgr.sys.bak
    [2014/01/01 20:09:32 | 000,025,456 | ---- | C] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\drivers\jnprva.sys.bak
    [2014/01/01 20:09:31 | 000,446,712 | ---- | C] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\drivers\jnprna5.sys.bak
    [2014/01/01 20:09:31 | 000,155,152 | ---- | C] (Nortel Networks NA, Inc.) -- C:\WINDOWS\System32\drivers\ipsecw2k.sys.bak
    [2014/01/01 20:09:22 | 000,088,192 | ---- | C] (Texas Instruments) -- C:\WINDOWS\System32\drivers\gtipci21.sys.bak
    [2014/01/01 20:09:20 | 000,026,137 | ---- | C] (Nortel Networks) -- C:\WINDOWS\System32\drivers\eacfilt.sys.bak
    [2014/01/01 20:09:19 | 000,131,984 | ---- | C] (Deterministic Networks, Inc.) -- C:\WINDOWS\System32\drivers\dne2000.sys.bak
    [2014/01/01 20:09:10 | 000,146,560 | ---- | C] (AuthenTec, Inc.) -- C:\WINDOWS\System32\drivers\atswpdrv.sys.bak
    [2014/01/01 20:09:09 | 000,040,952 | ---- | C] (Attachmate Corporation) -- C:\WINDOWS\System32\drivers\atmdlc.sys.bak
    [2014/01/01 20:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\Desktop\RK_Quarantine
    [2014/01/01 16:08:59 | 000,000,000 | ---D | C] -- C:\FRST
    [2013/12/31 23:05:19 | 000,000,000 | R--D | C] -- D:\My Documents\My Videos
    [2013/12/31 23:05:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Linda\Start Menu\Programs\Administrative Tools
    [2013/12/31 17:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\Application Data\Malwarebytes
    [2013/12/31 17:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/12/31 17:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2013/12/31 17:25:33 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2013/12/31 17:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/12/11 21:38:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
    [2013/12/11 21:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2013/12/04 13:57:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Inpgsoft
    [2013/12/03 16:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Inpgsoft
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    ========== Files - Modified Within 30 Days ==========
    [2014/01/02 01:35:17 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2014/01/02 01:26:09 | 000,027,335 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
    [2014/01/02 01:24:55 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2014/01/02 01:18:48 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2014/01/02 01:18:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2014/01/02 01:15:54 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2014/01/02 00:17:45 | 001,036,305 | ---- | M] (Thisisu) -- C:\Documents and Settings\Linda\Desktop\JRT.exe
    [2014/01/01 23:04:01 | 000,000,445 | RHS- | M] () -- C:\boot.ini
    [2014/01/01 20:18:06 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2014/01/01 20:10:15 | 000,011,520 | ---- | M] (Western Digital Technologies) -- C:\WINDOWS\System32\drivers\wdcsam.sys.bak
    [2014/01/01 20:10:09 | 000,290,304 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys.bak
    [2014/01/01 20:10:05 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys.bak
    [2014/01/01 20:09:34 | 000,047,640 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys.bak
    [2014/01/01 20:09:34 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
    [2014/01/01 20:09:32 | 000,446,712 | ---- | M] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\drivers\jnprna5.sys.bak
    [2014/01/01 20:09:32 | 000,090,456 | ---- | M] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\drivers\jnprTdi_730_32781.sys.bak
    [2014/01/01 20:09:32 | 000,036,776 | ---- | M] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\drivers\jnprvamgr.sys.bak
    [2014/01/01 20:09:32 | 000,025,456 | ---- | M] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\drivers\jnprva.sys.bak
    [2014/01/01 20:09:31 | 000,155,152 | ---- | M] (Nortel Networks NA, Inc.) -- C:\WINDOWS\System32\drivers\ipsecw2k.sys.bak
    [2014/01/01 20:09:22 | 000,088,192 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\gtipci21.sys.bak
    [2014/01/01 20:09:20 | 000,026,137 | ---- | M] (Nortel Networks) -- C:\WINDOWS\System32\drivers\eacfilt.sys.bak
    [2014/01/01 20:09:19 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\System32\drivers\dne2000.sys.bak
    [2014/01/01 20:09:11 | 000,146,560 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\System32\drivers\atswpdrv.sys.bak
    [2014/01/01 20:09:09 | 000,040,952 | ---- | M] (Attachmate Corporation) -- C:\WINDOWS\System32\drivers\atmdlc.sys.bak
    [2014/01/01 14:26:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2013/12/31 15:04:53 | 000,000,075 | ---- | M] () -- C:\WINDOWS\iddsgtev8i.ini
    [2013/12/31 14:53:10 | 000,002,305 | ---- | M] () -- C:\Documents and Settings\Linda\Desktop\VPN Client.lnk
    [2013/12/31 14:49:05 | 000,000,329 | ---- | M] () -- C:\Boot.bak
    [2013/12/17 11:53:03 | 000,027,335 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
    [2013/12/16 13:45:29 | 000,086,888 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
    [2013/12/16 13:45:25 | 000,085,832 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
    [2013/12/16 13:45:25 | 000,031,560 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
    [2013/12/12 04:42:30 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2013/12/12 04:42:30 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2013/12/12 03:24:53 | 000,298,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/12/11 22:21:56 | 000,486,552 | ---- | M] () -- D:\My Documents\cc_20131211_222146.reg
    [2013/12/11 21:38:32 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2013/12/05 04:19:18 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2013/12/04 15:40:22 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\Linda\Desktop\PA drive.bat
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    ========== Files Created - No Company Name ==========
    [2014/01/01 23:04:01 | 000,000,329 | ---- | C] () -- C:\Boot.bak
    [2014/01/01 23:03:54 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2014/01/01 23:00:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2014/01/01 23:00:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2014/01/01 23:00:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2014/01/01 23:00:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2014/01/01 23:00:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2013/12/31 14:25:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2013/12/11 22:21:49 | 000,486,552 | ---- | C] () -- D:\My Documents\cc_20131211_222146.reg
    [2013/12/11 21:38:32 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2013/04/02 12:49:20 | 000,000,075 | ---- | C] () -- C:\WINDOWS\iddsgtev8i.ini
    [2012/03/18 16:42:42 | 000,000,426 | ---- | C] () -- C:\Documents and Settings\Linda\CheckPref.properties
    [2012/02/16 14:47:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/01/19 11:32:08 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
    [2011/01/03 16:39:09 | 000,000,000 | ---- | C] () -- C:\Program Files\error.dat
    ========== ZeroAccess Check ==========
    [2013/04/03 11:20:23 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2010/09/09 09:16:30 | 001,510,400 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
    ========== LOP Check ==========
    [2010/11/15 16:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
    [2010/11/15 20:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Attachmate
    [2010/12/08 13:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
    [2013/04/04 11:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bentley
    [2011/09/29 15:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
    [2014/01/02 00:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
    [2011/06/03 15:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
    [2010/11/15 16:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\Acronis
    [2013/12/31 22:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\Autodesk
    [2013/12/31 18:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\Bentley
    [2012/07/30 12:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\ICAClient
    [2013/09/05 14:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\Juniper Networks
    [2012/11/22 08:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\Sling Media
    [2011/12/14 14:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\TeamViewer
    [2011/02/18 11:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\Tracker Software
    [2013/08/27 12:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\Windows Desktop Search
    ========== Purity Check ==========
    ========== Files - Unicode (All) ==========

    [2013/11/13 09:07:29 | 104,010,312 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\폔譡ƌ
    [2013/11/12 15:08:33 | 104,010,312 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\폔譡ƌ
    [2013/10/31 10:49:46 | 104,348,737 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\̓쯢ƌ
    [2013/10/31 02:41:18 | 104,348,737 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\̓쯢ƌ
    [2013/10/28 08:41:34 | 103,734,365 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\ꚶ⨮ƌ
    [2013/10/22 02:40:48 | 103,734,365 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\ꚶ⨮ƌ
    [2013/09/30 18:04:50 | 098,602,865 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\呴㦚ƌ
    [2013/09/24 18:04:23 | 098,602,865 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\呴㦚ƌ

    < End of report >
     
  24. Linda R

    Linda R TS Rookie Topic Starter Posts: 36

    OTL Extras logfile created on: 1/2/2014 1:37:59 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = D:\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
    3.37 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 61.57% Memory free
    5.21 Gb Paging File | 3.82 Gb Available in Paging File | 73.31% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 30.00 Gb Total Space | 3.96 Gb Free Space | 13.20% Space Free | Partition Type: NTFS
    Drive D: | 44.52 Gb Total Space | 25.71 Gb Free Space | 57.75% Space Free | Partition Type: NTFS
    Drive E: | 27.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 61.73 Mb Total Space | 58.56 Mb Free Space | 94.87% Space Free | Partition Type: FAT
    Computer Name: WELLSCO-LAPPY | User Name: Linda | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
    ========== Extra Registry (SafeList) ==========
    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
    [HKEY_USERS\S-1-5-21-1757981266-920026266-725345543-1003\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found
    ========== Shell Spawning ==========
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    ========== Security Center Settings ==========
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
    ========== System Restore Settings ==========
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2
    ========== Firewall Settings ==========
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    ========== Authorized Applications List ==========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Bentley\Program\MicroStation\ustation.exe" = C:\Bentley\Program\MicroStation\ustation.exe:*:Enabled:MicroStation for Windows x86 -- (Bentley Systems, Inc.)
    "C:\Program Files\Bentley\Program\MicroStation\V8ustation.exe" = C:\Program Files\Bentley\Program\MicroStation\V8ustation.exe:*:Enabled:MicroStation for Windows x86 -- (Bentley Systems, Inc.)
    "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Program Files\BentleyV8i\MicroStation\ustation.exe" = C:\Program Files\BentleyV8i\MicroStation\ustation.exe:*:Enabled:MicroStation V8i (SELECTseries 3) -- (Bentley Systems, Incorporated)
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0515803B-5068-4599-8666-963E143C7381}" = HP Smart Card Security for ProtectTools 5.00 D4
    "{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
    "{08F9C040-FBE5-4633-93F8-0EA03A9CDCE2}" = Bentley MicroStation GeoGraphics (V 08.05.02.13)
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0CA49C4E-7B1C-460c-9DB8-4A7160CDF8D1}" = ProductContext
    "{0DF34F71-6182-474F-B6FE-0B2AF069E6FD}" = VBA (2627.01)
    "{13A316C1-0434-4F9F-941F-4B50C81E74A2}" = Junos Pulse Core Components
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1DEF8B27-D75B-4f2a-B723-C506047D1438}" = K8600
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
    "{22461A1C-BD68-4D90-9897-1DB146D55ECB}" = LogMeIn
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
    "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
    "{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 J1
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3A98125E-B0AC-47E4-80D7-75DF75B13AA1}" = BPDSoftware_Ini
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
    "{3FA5E4CC-58ED-4ED0-AC9E-ED0759E9166E}" = RedistSysFiles
    "{44B44E0E-B7F8-45D2-9B1F-B073D337A097}" = BPD_HPSU
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B8AB184-EE5E-4277-BB68-C352BE13DD7B}" = 8600_Help
    "{59046D29-2E6B-4224-BF0D-64F3E7A93F7B}" = LightScribe System Software 1.10.19.1
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{69B078F7-E057-4488-AE6B-CB7BBEEE8DA6}" = HP Officejet Pro K8600 Series
    "{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{75ECB75A-522C-4312-8DE7-597CDA9D96A3}" = HP Mobile Data Protection System
    "{7A1FB67F-A340-472A-97C3-A6AFFE078AAE}" = MetaFrame Presentation Server Client
    "{7BC99097-6FD2-4D29-863A-0E558312E934}" = VC8 CRT
    "{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
    "{85E61D97-895C-4C04-8C7A-3CA0A5914BB9}" = MicroStation V8i (SELECTseries 3) 08.11.09.357
    "{8D10D317-F8E0-4493-99AE-F6ADBB223553}" = BPDSoftware
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{915B1639-00F3-41D0-93C5-C657E0B712BA}" = Junos Pulse UAC/NC Components
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{959BB2CC-101A-4032-9E65-671F1F2AB80A}" = Junos Pulse Drivers Add-On
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
    "{A7CA6CC5-465B-41F8-96B5-F66BDF4482C7}" = VZAccess Manager
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
    "{B053C0F6-883A-4D60-A7E4-D469726222C3}_0" = Bentley MicroStation (V 08.05.02.45) - 1
    "{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom NetXtreme Ethernet Controller
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home
    "{CBF53BC3-87C6-4C89-BC2B-E4D0AD776A43}" = Bentley Map V8i (SELECTseries 3) For MicroStation 08.11.09.91
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CFB61C36-61C9-46E9-8AA3-6E5A896AC989}" = 8600_Readme
    "{D91CBC0D-D45B-4FE7-AF44-E2BDD302CD9F}" = WebSlingPlayer ActiveX
    "{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
    "{DE2CE339-19BA-4703-ACFD-46FE05CEE928}" = Brother MFC-6490CW
    "{E37E645E-4A0C-4D9E-B30A-7B19E797E743}" = BlackBerry USB Drivers
    "{E38531EE-318C-4EFB-A36B-1A57BFBDAB3C}_is1" = PDF-XChange 4 Pro
    "{E69D311B-66D1-4246-8F09-947906F5219E}" = Junos Pulse Tunnel Manager Add-On
    "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
    "{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Verizon Extranet Access Client
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
    "{F826729C-239A-4870-A8AF-043D81535D5F}" = Attachmate EXTRA! X-treme 9.1
    "7-Zip" = 7-Zip 9.20
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe SVG Viewer" = Adobe SVG Viewer 3.0
    "Avira AntiVir Desktop" = Avira Free Antivirus
    "Bentley MicroStation (V 07.01.04.07)" = Bentley MicroStation (V 07.01.04.07)
    "CCleaner" = CCleaner
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA_hpq0033m" = HDAUDIO Soft Data Fax Modem with SmartCP
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
    "Google Chrome" = Google Chrome
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "Junos Pulse 3.1" = Junos Pulse 3.1
    "KeyFinder_is1" = Magical Jelly Bean KeyFinder
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MWSnap 3" = MWSnap 3
    "NVIDIA Drivers" = NVIDIA Drivers
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Software Update" = Yahoo! Software Update
    "ZipDownloader" = ZipDownloader
    ========== HKEY_USERS Uninstall List ==========
    [HKEY_USERS\S-1-5-21-1757981266-920026266-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
    "WinImage" = WinImage
    ========== Last 20 Event Log Errors ==========
    [ Application Events ]
    Error - 12/31/2013 10:16:21 PM | Computer Name = WELLSCO-LAPPY | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    CoCreateInstance. hr = 0x8007041d.
    Error - 12/31/2013 10:16:59 PM | Computer Name = WELLSCO-LAPPY | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    CoCreateInstance. hr = 0x8007041d.
    Error - 12/31/2013 10:17:32 PM | Computer Name = WELLSCO-LAPPY | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    CoCreateInstance. hr = 0x8007041d.
    Error - 12/31/2013 10:35:22 PM | Computer Name = WELLSCO-LAPPY | Source = Application Error | ID = 1000
    Description = Faulting application updateoutobox.exe, version 1.0.5060.34698, faulting
    module kernel32.dll, version 5.1.2600.6293, fault address 0x00012fd3.
    Error - 12/31/2013 11:43:56 PM | Computer Name = WELLSCO-LAPPY | Source = Windows Search Service | ID = 9000
    Description = The Windows Search Service cannot open the Jet property store. Details:
    0x%08x
    (0x8004117f - The content index server cannot update or access information because
    of a database error. Stop and restart the search service. If the problem persists,
    reset and recrawl the content index. In some cases it may be necessary to delete
    and recreate the content index. )
    Error - 12/31/2013 11:43:58 PM | Computer Name = WELLSCO-LAPPY | Source = Windows Search Service | ID = 9002
    Description = The Windows Search Service cannot load the property store information.

    Context:
    Windows Application, SystemIndex Catalog Details: 0x%08x (0x8004117f - The content
    index server cannot update or access information because of a database error.
    Stop and restart the search service. If the problem persists, reset and recrawl
    the content index. In some cases it may be necessary to delete and recreate the
    content index. )
    Error - 12/31/2013 11:43:58 PM | Computer Name = WELLSCO-LAPPY | Source = Windows Search Service | ID = 3029
    Description = The plug-in in <Search.JetPropStore> cannot be initialized. Context:
    Windows Application, SystemIndex Catalog Details: The content index metadata cannot
    be read. (0xc0041801)
    Error - 12/31/2013 11:44:03 PM | Computer Name = WELLSCO-LAPPY | Source = Windows Search Service | ID = 3029
    Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
    Windows Application, SystemIndex Catalog Details: Element not found. (0x80070490)

    Error - 12/31/2013 11:44:03 PM | Computer Name = WELLSCO-LAPPY | Source = Windows Search Service | ID = 3028
    Description = The gatherer object cannot be initialized. Context: Windows Application,
    SystemIndex Catalog Details: The content index metadata cannot be read. (0xc0041801)

    Error - 12/31/2013 11:44:03 PM | Computer Name = WELLSCO-LAPPY | Source = Windows Search Service | ID = 3058
    Description = The application cannot be initialized. Context: Windows Application

    Details:
    The
    content index metadata cannot be read. (0xc0041801)
    [ System Events ]
    Error - 1/2/2014 2:22:50 AM | Computer Name = WELLSCO-LAPPY | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Windows Search service
    to connect.
    Error - 1/2/2014 2:22:50 AM | Computer Name = WELLSCO-LAPPY | Source = Service Control Manager | ID = 7000
    Description = The Windows Search service failed to start due to the following error:
    %%1053
    Error - 1/2/2014 2:22:50 AM | Computer Name = WELLSCO-LAPPY | Source = Service Control Manager | ID = 7022
    Description = The Windows Firewall/Internet Connection Sharing (ICS) service hung
    on starting.
    Error - 1/2/2014 2:22:50 AM | Computer Name = WELLSCO-LAPPY | Source = Service Control Manager | ID = 7022
    Description = The Security Center service hung on starting.
    Error - 1/2/2014 2:22:50 AM | Computer Name = WELLSCO-LAPPY | Source = Service Control Manager | ID = 7022
    Description = The Automatic Updates service hung on starting.
    Error - 1/2/2014 2:22:53 AM | Computer Name = WELLSCO-LAPPY | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.
    Error - 1/2/2014 2:25:38 AM | Computer Name = WELLSCO-LAPPY | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
    Service service to connect.
    Error - 1/2/2014 2:25:38 AM | Computer Name = WELLSCO-LAPPY | Source = Service Control Manager | ID = 7000
    Description = The Application Layer Gateway Service service failed to start due
    to the following error: %%1053
    Error - 1/2/2014 2:33:44 AM | Computer Name = WELLSCO-LAPPY | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.
    Error - 1/2/2014 2:44:26 AM | Computer Name = WELLSCO-LAPPY | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.
    < End of report >
     
  25. Linda R

    Linda R TS Rookie Topic Starter Posts: 36

    Still no instances of iexplorer.exe running, but still have at least 4 instances of explorer.exe processes running. Computer still very sluggish and slow to boot. Earlier I was not able to boot into safe mode, I will try safe mode again and see if I can get JRT to run that way, unless you have other instructions for me. Thanks!
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.