Inactive-A Event type mptlemetry, p1 80024402c p2 endsearch p3 search p4 1.1.1593.0 p5 mpsidwn.dll p6 1.1.1593.

Joanne montanez

Posts: 33   +0
Hi
my computer is slow and I can not connect to the internet, I'm writing from my son's computer
the title above is error my event viewer gives now and there are a few
EVENT
DATE:6/8/2013 SOURCE: MPSAMPLESUBMISSION
TIME:8:51:46AM CATEGORY NONE
TYPE:ERROR EVENT ID: 5000
USER:N/A
COMPUTER: HOME-52DC6E4B98
DESCRIPTION
:event type mptlemetry, p1 80024402c p2 endsearch p3 search p4 1.1.1593.0 p5 mpsidwn.dll p6 1.1.1593.0 p7 windows defender p8 nil p9 nil p10 nil
0000: 0070006D 00650074 0065006C 0065006D
0010: 00720074 002C0079 00380020 00320030
0020: 00340034 00320030 002C0063 00650020
0030: 0064006E 00650073 00720061 00680063
0040: 0020002C 00650073 00720061 00680063
0050: 0020002C 002E0031 002E0031 00350031
0060: 00330039 0030002E 0020002C 0070006D
0070: 00690073 00640067 006E0077 0064002E
0080: 006C006C 0020002C 002E0031 002E0031
0090: 00350031 00330039 0030002E 0020002C
00A0: 00690077 0064006E 0077006F 00200073
00B0: 00650064 00650066 0064006E 00720065
00C0: 0020002C 0049004E 002C004C 004E0020
00D0:004C0049 004E0020 004C0049 000A000D
I run malaware nothing
my antivirus titanium nothing
so I'm pretty desperate at this moment
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

Please download Farbar Service Scanner Download Link and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
 
Sorry for the delay everything on my computer takes forever to run and I was finishing windows defender that it took 12 hours to finish and now to make things worst I can not longer have internet connection on my computer it says limited or no connectivity
I run FSS twice these are the logs
Farbar Service Scanner Version: 31-05-2013 01

Ran by home (administrator) on 08-06-2013 at 22:16:39

Running from "G:\"

Microsoft Windows XP Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************



Internet Services:

============



Connection Status:

==============

Localhost is accessible.

There is no connection to network.

Attempt to access Google IP returned error. Google IP is unreachable

Attempt to access Google.com returned error: Other errors

Attempt to access Yahoo IP returned error. Yahoo IP is unreachable

Attempt to access Yahoo.com returned error: Other errors





Windows Firewall:

=============



Firewall Disabled Policy:

==================





System Restore:

============



System Restore Disabled Policy:

========================





Security Center:

============





Windows Update:

============



Windows Autoupdate Disabled Policy:

============================





File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll => MD5 is legit

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit



Extra List:

=======

Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(9) NwlnkNb(10) PSched(7) Tcpip(4) tcpipBM(11)

0x0B00000005000000010000000200000003000000040000000B0000000C0000000600000007000000090000000A000000

IpSec Tag value is correct.



**** End of log ****

Farbar Service Scanner Version: 31-05-2013 01

Ran by home (administrator) on 08-06-2013 at 22:20:54

Running from "G:\"

Microsoft Windows XP Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************



Internet Services:

============



Connection Status:

==============

Localhost is accessible.

There is no connection to network.

Attempt to access Google IP returned error. Google IP is unreachable

Attempt to access Google.com returned error: Other errors

Attempt to access Yahoo IP returned error. Yahoo IP is unreachable

Attempt to access Yahoo.com returned error: Other errors





Windows Firewall:

=============



Firewall Disabled Policy:

==================





System Restore:

============



System Restore Disabled Policy:

========================





Security Center:

============





Windows Update:

============



Windows Autoupdate Disabled Policy:

============================





File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll => MD5 is legit

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit



Extra List:

=======

Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(9) NwlnkNb(10) PSched(7) Tcpip(4) tcpipBM(11)

0x0B00000005000000010000000200000003000000040000000B0000000C0000000600000007000000090000000A000000

IpSec Tag value is correct.



**** End of log ****
 
The above looks normal. Except for no internet connection.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 
I made a mistake disabiling my usb port and do not know how to enable again to run Fabar, wwould you please let know how to?
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2013

Ran by home (administrator) on 08-06-2013 23:14:51

Running from G:\

Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal



==================== Processes (Whitelisted) ===================



(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(PCtel, Inc.) C:\WINDOWS\system32\pctspk.exe

(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

() C:\Program Files\SoftwareUpdater\UpdaterService.exe

() C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe

(Seagate Technology LLC) C:\Program Files\Seagate Replica\bin\ReplicaSysMon.exe

(Seagate Technology LLC) C:\Program Files\Seagate Replica\bin\Seagate-Replica-Svc.exe

(Seagate Technology LLC) C:\Program Files\Seagate Replica\bin\Seagate-Replica-Autoplay.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe

(Seagate Technology LLC) C:\Program Files\Seagate Replica\bin\Seagate-Replica-Tray.exe

(Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe

() C:\Program Files\SoftwareUpdater\AppsUpdater.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe



==================== Registry (Whitelisted) ==================



HKLM\...\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)

HKLM\...\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)

HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)

HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)

HKLM\...\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL "" [1304296 2012-12-18] (Trend Micro Inc.)

HKLM\...\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a [883272 2010-07-15] (ATT)

HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [133424 2012-02-27] (Trend Micro Inc.)

MountPoints2: D - D:\WIN\setup.exe

MountPoints2: {86259900-cfd9-11e2-ae3b-0040f4b1ff29} - D:\WIN\setup.exe

MountPoints2: {d90283c2-c804-11e2-ae28-ddbddd7d607a} - D:\autorun.exe

HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2006-10-09] (Nero AG)

HKU\Default User\...\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2006-10-09] (Nero AG)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

Startup: C:\Documents and Settings\home\Start Menu\Programs\Startup\Seagate Product Registration.lnk

ShortcutTarget: Seagate Product Registration.lnk -> C:\Documents and Settings\home\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe (Leader Technologies/Seagate)

Startup: C:\Documents and Settings\home\Start Menu\Programs\Startup\tcbhn.lnk

ShortcutTarget: tcbhn.lnk -> C:\Documents and Settings\home\Application Data\BrowserCompanion\tcbhn.exe (No File)

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)



==================== Internet (Whitelisted) ====================



ProxyServer: 169.254.103.158:80

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://search.certified-toolbar.com?si=41460&bs=true&tid=592&q={searchTerms}

SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=41460&bs=true&tid=592&q={searchTerms}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =

BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)

BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: AlterGeoBHO Class - {9BFBA68E-E21B-458E-AE12-FE85E903D2C1} - C:\Program Files\AlterGeo\AlterGeo Magic Scanner\3.2.1.742\AlterGeo.BrowserPlugin.dll (Wi2Geo)

BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: AlxHelper Class - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)

Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

Toolbar: HKLM - Amazon Browser Bar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)

Toolbar: HKCU -No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

Toolbar: HKCU -No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Toolbar: HKCU -No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} - No File

Toolbar: HKCU -No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)

ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\PROGRA~1\WIFD1F~1\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)

ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Winsock: Catalog5 05 %SystemRoot%\System32\nwprovau.dll [142336] (Microsoft Corporation)

Winsock: Catalog9 01 bmnet.dll [142336] (Microsoft Corporation)

Winsock: Catalog9 02 bmnet.dll [142336] (Microsoft Corporation)

Winsock: Catalog9 03 bmnet.dll [142336] (Microsoft Corporation)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt



FireFox:

========

FF ProfilePath: C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default

FF SearchEngine: Bing

FF Homepage: hxxp://www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin: google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Extension: Babylon - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\[email protected]

FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF Extension: ??????? @Mail.Ru - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}

FF Extension: Yahoo! Toolbar - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF Extension: Playdom Community Toolbar - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}

FF Extension: Zynga Community Toolbar - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

FF Extension: personas - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\[email protected]

FF Extension: No Name - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi

FF Extension: No Name - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi



========================== Services (Whitelisted) =================



R2 Akamai; c:\program files\common files\akamai/netsession_win_ca0e279.dll [4561152 2013-03-27] (Akamai Technologies, Inc.)

S3 ATTRcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [121416 2010-07-15] (SmithMicro Inc.)

R2 NwSapAgent; C:\Windows\System32\ipxsap.dll [66560 2004-08-04] (Microsoft Corporation)

R2 Pctspk; C:\Windows\system32\pctspk.exe [86016 2001-08-17] (PCtel, Inc.)

R2 ReplicaSysMon; C:\Program Files\Seagate Replica\bin\ReplicaSysMon.exe [416208 2010-06-08] (Seagate Technology LLC)

R2 Seagate-Replica-Svc; C:\Program Files\Seagate Replica\bin\Seagate-Replica-Svc.exe [1947600 2010-06-08] (Seagate Technology LLC)

R2 SrvUpdater; C:\Program Files\SoftwareUpdater\UpdaterService.exe [31744 2013-02-18] ()

R2 Updater Service for AMZN; C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2012-05-22] ()

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)

R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x]

S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]

S2 BrowserProtect; C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]

R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]



==================== Drivers (Whitelisted) ====================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2013

Ran by home (administrator) on 08-06-2013 23:14:51

Running from G:\

Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal



==================== Processes (Whitelisted) ===================



(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(PCtel, Inc.) C:\WINDOWS\system32\pctspk.exe

(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

() C:\Program Files\SoftwareUpdater\UpdaterService.exe

() C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe

(Seagate Technology LLC) C:\Program Files\Seagate Replica\bin\ReplicaSysMon.exe

(Seagate Technology LLC) C:\Program Files\Seagate Replica\bin\Seagate-Replica-Svc.exe

(Seagate Technology LLC) C:\Program Files\Seagate Replica\bin\Seagate-Replica-Autoplay.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe

(Seagate Technology LLC) C:\Program Files\Seagate Replica\bin\Seagate-Replica-Tray.exe

(Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe

() C:\Program Files\SoftwareUpdater\AppsUpdater.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe



==================== Registry (Whitelisted) ==================



HKLM\...\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)

HKLM\...\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)

HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)

HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)

HKLM\...\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL "" [1304296 2012-12-18] (Trend Micro Inc.)

HKLM\...\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a [883272 2010-07-15] (ATT)

HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [133424 2012-02-27] (Trend Micro Inc.)

MountPoints2: D - D:\WIN\setup.exe

MountPoints2: {86259900-cfd9-11e2-ae3b-0040f4b1ff29} - D:\WIN\setup.exe

MountPoints2: {d90283c2-c804-11e2-ae28-ddbddd7d607a} - D:\autorun.exe

HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2006-10-09] (Nero AG)

HKU\Default User\...\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2006-10-09] (Nero AG)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

Startup: C:\Documents and Settings\home\Start Menu\Programs\Startup\Seagate Product Registration.lnk

ShortcutTarget: Seagate Product Registration.lnk -> C:\Documents and Settings\home\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe (Leader Technologies/Seagate)

Startup: C:\Documents and Settings\home\Start Menu\Programs\Startup\tcbhn.lnk

ShortcutTarget: tcbhn.lnk -> C:\Documents and Settings\home\Application Data\BrowserCompanion\tcbhn.exe (No File)

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)



==================== Internet (Whitelisted) ====================



ProxyServer: 169.254.103.158:80

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://search.certified-toolbar.com?si=41460&bs=true&tid=592&q={searchTerms}

SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=41460&bs=true&tid=592&q={searchTerms}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =

BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)

BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: AlterGeoBHO Class - {9BFBA68E-E21B-458E-AE12-FE85E903D2C1} - C:\Program Files\AlterGeo\AlterGeo Magic Scanner\3.2.1.742\AlterGeo.BrowserPlugin.dll (Wi2Geo)

BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: AlxHelper Class - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)

Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

Toolbar: HKLM - Amazon Browser Bar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)

Toolbar: HKCU -No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

Toolbar: HKCU -No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Toolbar: HKCU -No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} - No File

Toolbar: HKCU -No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)

ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\PROGRA~1\WIFD1F~1\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)

ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Winsock: Catalog5 05 %SystemRoot%\System32\nwprovau.dll [142336] (Microsoft Corporation)

Winsock: Catalog9 01 bmnet.dll [142336] (Microsoft Corporation)

Winsock: Catalog9 02 bmnet.dll [142336] (Microsoft Corporation)

Winsock: Catalog9 03 bmnet.dll [142336] (Microsoft Corporation)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
 
FireFox:

========

FF ProfilePath: C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default

FF SearchEngine: Bing

FF Homepage: hxxp://www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin: google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Extension: Babylon - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\[email protected]

FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF Extension: ??????? @Mail.Ru - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}

FF Extension: Yahoo! Toolbar - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF Extension: Playdom Community Toolbar - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}

FF Extension: Zynga Community Toolbar - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

FF Extension: personas - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\[email protected]

FF Extension: No Name - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi

FF Extension: No Name - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi



========================== Services (Whitelisted) =================



R2 Akamai; c:\program files\common files\akamai/netsession_win_ca0e279.dll [4561152 2013-03-27] (Akamai Technologies, Inc.)

S3 ATTRcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [121416 2010-07-15] (SmithMicro Inc.)

R2 NwSapAgent; C:\Windows\System32\ipxsap.dll [66560 2004-08-04] (Microsoft Corporation)

R2 Pctspk; C:\Windows\system32\pctspk.exe [86016 2001-08-17] (PCtel, Inc.)

R2 ReplicaSysMon; C:\Program Files\Seagate Replica\bin\ReplicaSysMon.exe [416208 2010-06-08] (Seagate Technology LLC)

R2 Seagate-Replica-Svc; C:\Program Files\Seagate Replica\bin\Seagate-Replica-Svc.exe [1947600 2010-06-08] (Seagate Technology LLC)

R2 SrvUpdater; C:\Program Files\SoftwareUpdater\UpdaterService.exe [31744 2013-02-18] ()

R2 Updater Service for AMZN; C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2012-05-22] ()

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)

R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x]

S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]

S2 BrowserProtect; C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]

R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]



==================== Drivers (Whitelisted) ====================



R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21576 2013-03-06] (AVAST Software)

S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)

R1 cdrbsvsd; C:\Windows\System32\Drivers\cdrbsvsd.sys [13566 2003-12-03] (B.H.A Corporation)

S3 cmipci; C:\Windows\System32\drivers\cmipci.sys [37888 2007-11-21] (Dogbert)

R3 cmpci; C:\Windows\System32\drivers\cmaudio.sys [377358 2002-11-18] (C-Media Inc)

R3 FET5X86V; C:\Windows\System32\DRIVERS\fetnd5bv.sys [48128 2011-04-01] (VIA Technologies, Inc. )

R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)

S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1302332 2005-09-20] (Intel Corporation)

S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)

S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)

R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)

R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)

R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)

R3 PCTINDIS5; C:\WINDOWS\system32\PCTINDIS5.SYS [32408 2010-07-15] (Smith Micro Inc.)

S3 Ptserlp; C:\Windows\System32\DRIVERS\ptserlp.sys [112574 2001-08-17] (PCTEL, INC.)

R1 sf; C:\Windows\System32\drivers\sf.sys [33183 2006-04-01] (Sonic Focus, Inc)

S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)

S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [639224 2010-01-18] ()

S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)

S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [40408 2010-04-26] ()

S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [197504 2009-08-12] (Sierra Wireless Inc.)

S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [148992 2009-07-22] (Sierra Wireless Inc.)

S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-07-01] (The OpenVPN Project)

S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-10-15] (AnchorFree Inc)

R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [95224 2012-09-24] (Trend Micro Inc.)

R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [257952 2012-09-24] (Trend Micro Inc.)

R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [76648 2012-09-24] (Trend Micro Inc.)

R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92432 2011-08-02] (Trend Micro Inc.)

R0 Vmodem; C:\Windows\System32\DRIVERS\vmodem.sys [604253 2001-08-17] (PCTEL, INC.)

R0 Vpctcom; C:\Windows\System32\DRIVERS\vpctcom.sys [397502 2001-08-17] (PCtel, Inc.)

R3 vvftav303; C:\Windows\System32\drivers\vvftav303.sys [480128 2007-06-23] (Vimicro Corporation)

R0 Vvoice; C:\Windows\System32\DRIVERS\vvoice.sys [64605 2001-08-17] (PCtel, Inc.)

S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [27496 2013-01-25] (Wondershare)

S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [27496 2013-01-25] (Wondershare)

S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [27496 2013-01-25] (Wondershare)

S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [27496 2013-01-25] (Wondershare)

S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [27496 2013-01-25] (Wondershare)

S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)

R3 ZSMC0303; C:\Windows\System32\Drivers\usbVM303.sys [1472768 2007-05-14] (Vimicro Corporation)

S4 Abiosdsk; No ImagePath

S4 abp480n5; No ImagePath

S4 adpu160m; No ImagePath

S4 Aha154x; No ImagePath

S4 aic78u2; No ImagePath

S4 aic78xx; No ImagePath

S4 AliIde; No ImagePath

S4 amsint; No ImagePath

S4 asc; No ImagePath

S4 asc3350p; No ImagePath

S4 asc3550; No ImagePath

S4 Atdisk; No ImagePath

S4 cd20xrnt; No ImagePath

S1 Changer; No ImagePath

S4 CmdIde; No ImagePath

S4 Cpqarray; No ImagePath

U4 dac2w2k; No ImagePath

S4 dac960nt; No ImagePath

S4 dpti2o; No ImagePath

S4 hpn; No ImagePath

S1 i2omgmt; No ImagePath

S4 i2omp; No ImagePath

S4 ini910u; No ImagePath

S0 jdro; System32\drivers\yyjglij.sys [x]

S1 lbrtfdc; No ImagePath

S4 mraid35x; No ImagePath

S1 PCIDump; No ImagePath

S3 PDCOMP; No ImagePath

S3 PDFRAME; No ImagePath

S3 PDRELI; No ImagePath

S3 PDRFRAME; No ImagePath

S4 perc2; No ImagePath

S4 perc2hib; No ImagePath

S4 ql1080; No ImagePath

S4 Ql10wnt; No ImagePath

S4 ql12160; No ImagePath

S4 ql1240; No ImagePath

S4 ql1280; No ImagePath

S4 Simbad; No ImagePath

S4 Sparrow; No ImagePath

S4 symc810; No ImagePath

S4 symc8xx; No ImagePath

S4 sym_hi; No ImagePath

S4 sym_u3; No ImagePath

U2 TMAgent;

S4 TosIde; No ImagePath

S4 ultra; No ImagePath

S4 ViaIde; No ImagePath

S0 waytnjrc; System32\drivers\gdti.sys [x]

S3 WDICA; No ImagePath



==================== NetSvcs (Whitelisted) ===================
 
==================== One Month Created Files and Folders ========



2013-06-08 23:14 - 2013-06-08 23:14 - 00000000 ____D C:\FRST

2013-06-08 23:05 - 2013-06-08 23:09 - 00013580 ____A C:\Windows\FaxSetup.log

2013-06-08 23:05 - 2013-06-08 23:09 - 00007848 ____A C:\Windows\tsoc.log

2013-06-08 23:05 - 2013-06-08 23:09 - 00004614 ____A C:\Windows\comsetup.log

2013-06-08 23:05 - 2013-06-08 23:09 - 00003200 ____A C:\Windows\ntdtcsetup.log

2013-06-08 23:05 - 2013-06-08 23:09 - 00001920 ____A C:\Windows\iis6.log

2013-06-08 23:05 - 2013-06-08 23:09 - 00001891 ____A C:\Windows\imsins.log

2013-06-08 23:05 - 2013-06-08 23:09 - 00000860 ____A C:\Windows\msgsocm.log

2013-06-08 23:05 - 2013-06-08 23:09 - 00000850 ____A C:\Windows\ocmsn.log

2013-06-08 23:05 - 2013-06-08 23:05 - 00001891 ____A C:\Windows\imsins.BAK

2013-06-08 23:05 - 2013-06-08 23:05 - 00000000 ____A C:\Windows\setuperr.log

2013-06-08 23:05 - 2013-06-08 23:05 - 00000000 ____A C:\Windows\setupact.log

2013-06-08 23:04 - 2013-06-08 23:09 - 00011138 ____A C:\Windows\ocgen.log

2013-06-08 22:18 - 2013-06-08 23:10 - 00003671 ____A C:\Windows\setupapi.log

2013-06-08 08:33 - 2013-06-08 21:00 - 00000330 ___AH C:\Windows\Tasks\MP Scheduled Scan.job

2013-06-08 08:23 - 2013-06-08 08:23 - 00049944 ____A C:\Documents and Settings\home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2013-06-08 08:04 - 2013-06-08 08:04 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Bytemobile

2013-06-08 08:00 - 2013-06-08 08:06 - 00000092 ____A C:\Windows\smartkeydiagnostics.txt

2013-06-07 21:36 - 2013-06-07 21:36 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Bytemobile

2013-06-07 21:34 - 2013-06-07 21:34 - 00000000 ____D C:\Documents and Settings\home\Application Data\AT&T

2013-06-07 21:32 - 2010-04-26 18:04 - 00040408 ____A C:\Windows\System32\Drivers\swmsflt.sys

2013-06-07 21:29 - 2013-06-07 21:29 - 00001851 ____A C:\Documents and Settings\All Users\Desktop\at&t Communication Manager.lnk

2013-06-07 21:29 - 2013-06-07 21:29 - 00000000 ____D C:\Program Files\Common Files\Motorola Shared

2013-06-07 21:27 - 2013-06-07 21:27 - 00000000 ____D C:\Program Files\Common Files\Research In Motion

2013-06-07 21:27 - 2013-06-07 21:27 - 00000000 ____D C:\Program Files\AT&T

2013-06-07 21:27 - 2013-06-07 21:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LG

2013-06-07 21:27 - 2013-06-07 21:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AT&T

2013-06-07 21:21 - 2013-06-07 21:22 - 00000000 ____D C:\Program Files\Sierra Wireless Inc

2013-06-07 21:21 - 2013-06-07 21:21 - 00000000 ____D C:\Documents and Settings\home\Application Data\Sierra Wireless

2013-06-06 21:14 - 2013-06-06 21:14 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\Trend Micro

2013-06-06 21:13 - 2013-06-06 21:13 - 00000932 ____A C:\Documents and Settings\home\Desktop\Trend Micro Titanium 2012.lnk

2013-06-06 21:12 - 2013-06-06 21:12 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Trend Micro

2013-06-06 21:12 - 2012-09-24 22:01 - 00095224 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmactmon.sys

2013-06-06 21:12 - 2012-09-24 22:00 - 00257952 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys

2013-06-06 21:12 - 2012-09-24 22:00 - 00076648 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmevtmgr.sys

2013-06-06 21:12 - 2011-08-02 16:33 - 00092432 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmtdi.sys

2013-06-06 21:08 - 2013-06-06 21:08 - 00000056 ____A C:\Windows\System32\SupportTool.exe.bat

2013-06-06 21:05 - 2013-06-07 21:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Trend Micro

2013-06-06 21:05 - 2013-06-06 21:07 - 00000000 ____D C:\Program Files\Trend Micro

2013-06-03 22:42 - 2013-06-03 23:15 - 00000000 ____D C:\Program Files\yolobartb

2013-06-03 22:13 - 2013-06-03 22:13 - 00000000 ____D C:\Documents and Settings\home\Application Data\SpeedyPC Software

2013-06-03 22:13 - 2013-06-03 22:13 - 00000000 ____D C:\Documents and Settings\home\Application Data\DriverCure

2013-06-03 22:12 - 2013-06-03 23:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SpeedyPC Software

2013-06-03 22:09 - 2013-06-04 06:31 - 00065536 ____A C:\Windows\System32\config\WindowsPowerShell.evt

2013-06-03 22:09 - 2013-06-03 22:09 - 00000000 ____D C:\Windows\System32\windowspowershell

2013-06-03 22:08 - 2013-06-03 22:09 - 00000000 __HDC C:\Windows\$NtUninstallKB926139-v2$

2013-06-02 12:08 - 2013-06-02 12:08 - 00524080 ____A C:\Documents and Settings\home\My Documents\system erroes.evt

2013-06-02 12:06 - 2013-06-02 12:06 - 00238000 ____A C:\Documents and Settings\home\My Documents\errores.evt

2013-06-02 09:46 - 2013-06-02 09:46 - 00000000 ___AH C:\Windows\System32\config\system.sav.LOG

2013-06-02 09:46 - 2013-06-02 09:46 - 00000000 ___AH C:\Windows\System32\config\software.sav.LOG

2013-06-02 09:44 - 2013-06-02 09:44 - 00000000 ___AH C:\Windows\System32\config\SECURITY.sav.LOG

2013-06-02 09:44 - 2013-06-02 09:44 - 00000000 ___AH C:\Windows\System32\config\SAM.sav.LOG

2013-06-02 09:40 - 2013-06-02 09:47 - 00002396 ____A C:\Windows\System32\ASOROSet.bin

2013-06-02 09:39 - 2013-06-02 09:40 - 00000000 ____D C:\Windows\System32\config\RCCBakup

2013-06-02 09:20 - 2013-06-02 09:20 - 00000724 ____A C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

2013-06-02 09:20 - 2013-06-02 09:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-06-02 09:20 - 2013-06-02 09:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla

2013-06-01 16:07 - 2013-06-01 16:07 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\Amazon Browser Bar

2013-06-01 16:06 - 2013-06-01 16:07 - 00000000 ____D C:\Program Files\Amazon Browser Bar

2013-06-01 16:06 - 2013-06-01 16:06 - 00000000 ____D C:\Program Files\Amazon

2013-06-01 16:05 - 2013-06-08 15:02 - 00000262 ____A C:\Windows\Tasks\RegClean Pro_DEFAULT.job

2013-06-01 16:05 - 2013-06-01 16:05 - 00000270 ____A C:\Windows\Tasks\RegClean Pro_UPDATES.job

2013-06-01 16:03 - 2013-06-01 16:03 - 00000725 ____A C:\Documents and Settings\All Users\Desktop\RegClean Pro.lnk

2013-06-01 16:03 - 2013-06-01 16:03 - 00000000 ____D C:\Program Files\RegClean Pro

2013-05-19 09:50 - 2013-05-19 09:51 - 00076974 ____A C:\Documents and Settings\home\My Documents\[Hamilton_Laurell_K]_A_Clean_Sweep(Bookos.org).epub

2013-05-19 09:18 - 2013-05-19 09:29 - 00248856 ____A C:\Documents and Settings\home\My Documents\[Hamilton_Laurell_K]_Hamilton,_Laurell_-_Ravenloft(Bookos.org).lit

2013-05-19 09:17 - 2013-05-19 09:28 - 00173187 ____A C:\Documents and Settings\home\My Documents\[Hamilton_Laurell_K]_Nightshade(Bookos.org).lit

2013-05-19 09:14 - 2013-05-19 09:24 - 00392647 ____A C:\Documents and Settings\home\My Documents\[Hamilton_Laurell_K]_Never_After(Bookos.org).epub

2013-05-19 09:09 - 2013-05-19 09:20 - 00372858 ____A C:\Documents and Settings\home\My Documents\[Laurell_K-1._Hamilton]_Bullet(Bookos.org).epub

2013-05-19 08:59 - 2013-05-19 08:59 - 00056469 ____A C:\Documents and Settings\home\My Documents\[Hamilton_Laurell_K]_Bite_The_Girl_Who_Was_Infatu(Bookos.org).epub

2013-05-19 08:58 - 2013-05-19 08:58 - 00279287 ____A C:\Documents and Settings\home\My Documents\[Laurell_K._Hamilton]_Hit_List(Bookos.org).epub

2013-05-19 08:57 - 2013-05-19 08:58 - 00465739 ____A C:\Documents and Settings\home\My Documents\[Laurell_K._Hamilton]_Swallowing_Darkness(Bookos.org).epub

2013-05-19 08:57 - 2013-05-19 08:57 - 00372858 ____A C:\Documents and Settings\home\My Documents\[Laurell_K._Hamilton]_Bullet(Bookos.org).epub

2013-05-19 08:46 - 2013-05-19 08:56 - 00257246 ____A C:\Documents and Settings\home\My Documents\[Laurell_K._Hamilton]_Divine_Misdemeanors(Bookos.org).epub

2013-05-19 08:45 - 2013-05-19 08:55 - 00836621 ____A C:\Documents and Settings\home\My Documents\[Laurell_K._Hamilton]_Flirt(Bookos.org).epub

2013-05-19 00:17 - 2013-05-19 00:17 - 00217359 ____A C:\Documents and Settings\home\My Documents\[Anjou_Angelique]_Ja-Rael's_Lioness(Bookos.org).epub

2013-05-19 00:17 - 2013-05-19 00:17 - 00176594 ____A C:\Documents and Settings\home\My Documents\[Fox_Jaide,_Lyons_Brenna,_Nash_Joy]_Dream_Warriors(Bookos.org).epub

2013-05-19 00:14 - 2013-05-19 00:14 - 00195267 ____A C:\Documents and Settings\home\My Documents\[Anjou_Angelique]_Chameleon(Bookos.org).epub

2013-05-18 22:18 - 2013-05-18 22:18 - 00000718 ____A C:\Documents and Settings\All Users\Desktop\Seagate Replica.lnk

2013-05-18 22:14 - 2013-05-27 22:39 - 00000000 ____D C:\Program Files\Seagate Replica

2013-05-18 22:07 - 2013-05-18 22:07 - 00000000 ____D C:\Documents and Settings\home\Application Data\Leadertech

2013-05-17 23:48 - 2013-05-17 23:48 - 00150083 ____A C:\Documents and Settings\home\My Documents\reunion-vampires-realm-romance-series.epub

2013-05-17 23:24 - 2013-05-17 23:24 - 00251157 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Enslave(Bookos.org).mobi

2013-05-17 23:18 - 2013-05-17 23:18 - 00192571 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Seduce(Bookos.org).epub

2013-05-17 23:18 - 2013-05-17 23:18 - 00140778 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Covet(Bookos.org).epub

2013-05-17 23:17 - 2013-05-17 23:17 - 00404764 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Forbidden_Blood(Bookos.org).epub

2013-05-17 23:17 - 2013-05-17 23:17 - 00308531 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Ascension(Bookos.org).epub

2013-05-17 23:17 - 2013-05-17 23:17 - 00176032 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Crave(Bookos.org).epub

2013-05-17 23:16 - 2013-05-17 23:16 - 00147876 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_The_Night(Bookos.org).epub

2013-05-16 22:42 - 2013-05-16 22:42 - 00152793 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Vampire_for_Christmas(Bookos.org).epub

2013-05-16 22:36 - 2013-05-16 22:36 - 00082678 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Moonlight(Bookos.org).epub

2013-05-16 22:35 - 2013-05-16 22:35 - 00100723 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Embracing_the_Wolf(Bookos.org).epub

2013-05-16 22:34 - 2013-05-16 22:34 - 00203334 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Cabin_Fever(Bookos.org).lit

2013-05-16 22:34 - 2013-05-16 22:34 - 00096108 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_A_Promise_of_Passion(Bookos.org).lit

2013-05-16 22:33 - 2013-05-16 22:33 - 00205232 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Mating_Call(Bookos.org).lit

2013-05-15 10:17 - 2013-05-15 10:17 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$

2013-05-15 10:12 - 2013-05-15 10:12 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$

2013-05-14 19:27 - 2013-05-14 19:27 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application DataGoogle



==================== One Month Modified Files and Folders ========



2013-06-08 23:14 - 2013-06-08 23:14 - 00000000 ____D C:\FRST

2013-06-08 23:10 - 2013-06-08 22:18 - 00003671 ____A C:\Windows\setupapi.log

2013-06-08 23:09 - 2013-06-08 23:05 - 00013580 ____A C:\Windows\FaxSetup.log

2013-06-08 23:09 - 2013-06-08 23:05 - 00007848 ____A C:\Windows\tsoc.log

2013-06-08 23:09 - 2013-06-08 23:05 - 00004614 ____A C:\Windows\comsetup.log

2013-06-08 23:09 - 2013-06-08 23:05 - 00003200 ____A C:\Windows\ntdtcsetup.log

2013-06-08 23:09 - 2013-06-08 23:05 - 00001920 ____A C:\Windows\iis6.log

2013-06-08 23:09 - 2013-06-08 23:05 - 00001891 ____A C:\Windows\imsins.log

2013-06-08 23:09 - 2013-06-08 23:05 - 00000860 ____A C:\Windows\msgsocm.log

2013-06-08 23:09 - 2013-06-08 23:05 - 00000850 ____A C:\Windows\ocmsn.log

2013-06-08 23:09 - 2013-06-08 23:04 - 00011138 ____A C:\Windows\ocgen.log

2013-06-08 23:09 - 2009-07-30 20:28 - 01371647 ____A C:\Windows\WindowsUpdate.log

2013-06-08 23:05 - 2013-06-08 23:05 - 00001891 ____A C:\Windows\imsins.BAK

2013-06-08 23:05 - 2013-06-08 23:05 - 00000000 ____A C:\Windows\setuperr.log

2013-06-08 23:05 - 2013-06-08 23:05 - 00000000 ____A C:\Windows\setupact.log

2013-06-08 21:00 - 2013-06-08 08:33 - 00000330 ___AH C:\Windows\Tasks\MP Scheduled Scan.job

2013-06-08 15:02 - 2013-06-01 16:05 - 00000262 ____A C:\Windows\Tasks\RegClean Pro_DEFAULT.job

2013-06-08 08:34 - 2009-08-09 21:31 - 00000420 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{81D1BFA4-F9E3-4D11-B28B-A2B67743A978}.job

2013-06-08 08:27 - 2009-08-19 19:20 - 00000000 ____D C:\Documents and Settings\home\My Documents\antivirus

2013-06-08 08:23 - 2013-06-08 08:23 - 00049944 ____A C:\Documents and Settings\home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2013-06-08 08:06 - 2013-06-08 08:00 - 00000092 ____A C:\Windows\smartkeydiagnostics.txt

2013-06-08 08:05 - 2008-08-30 16:20 - 00000157 ____N C:\Windows\wiadebug.log

2013-06-08 08:05 - 2008-08-30 16:20 - 00000048 ____N C:\Windows\wiaservc.log

2013-06-08 08:04 - 2013-06-08 08:04 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Bytemobile

2013-06-08 08:04 - 2012-10-21 22:21 - 00000328 ____A C:\Windows\Tasks\Protected Search.job

2013-06-08 08:04 - 2010-07-18 13:42 - 00000000 ____D C:\Program Files\Common Files\Akamai

2013-06-08 08:04 - 2010-06-09 11:20 - 00000358 ____A C:\Windows\Tasks\WinMaximizer-home-Startup.job

2013-06-08 08:04 - 2009-07-30 20:33 - 00000062 __ASH C:\Documents and Settings\home\Local Settings\desktop.ini

2013-06-08 08:04 - 2009-07-30 20:31 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini

2013-06-08 08:04 - 2009-07-30 20:31 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini

2013-06-08 08:04 - 2009-07-30 20:31 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-08 08:04 - 2004-08-04 08:00 - 00013646 ____A C:\Windows\System32\wpa.dbl

2013-06-08 08:00 - 2009-07-30 20:33 - 00000278 ___SH C:\Documents and Settings\home\ntuser.ini

2013-06-08 08:00 - 2009-07-30 20:31 - 00032570 ____N C:\Windows\SchedLgU.Txt

2013-06-08 02:00 - 2010-08-02 21:12 - 00000340 ____A C:\Windows\Tasks\AdobeAAMUpdater-1.0-HOME-52DC6E4B98-home.job

2013-06-07 23:22 - 2012-08-05 23:22 - 00000000 ____D C:\Documents and Settings\home\My Documents\Calibre Library

2013-06-07 21:51 - 2013-06-06 21:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Trend Micro

2013-06-07 21:36 - 2013-06-07 21:36 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Bytemobile

2013-06-07 21:34 - 2013-06-07 21:34 - 00000000 ____D C:\Documents and Settings\home\Application Data\AT&T

2013-06-07 21:30 - 2009-08-09 20:05 - 00000000 ____D C:\Windows\System32\ReinstallBackups

2013-06-07 21:29 - 2013-06-07 21:29 - 00001851 ____A C:\Documents and Settings\All Users\Desktop\at&t Communication Manager.lnk

2013-06-07 21:29 - 2013-06-07 21:29 - 00000000 ____D C:\Program Files\Common Files\Motorola Shared

2013-06-07 21:27 - 2013-06-07 21:27 - 00000000 ____D C:\Program Files\Common Files\Research In Motion

2013-06-07 21:27 - 2013-06-07 21:27 - 00000000 ____D C:\Program Files\AT&T

2013-06-07 21:27 - 2013-06-07 21:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LG

2013-06-07 21:27 - 2013-06-07 21:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AT&T

2013-06-07 21:27 - 2008-08-30 16:18 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-06-07 21:22 - 2013-06-07 21:21 - 00000000 ____D C:\Program Files\Sierra Wireless Inc

2013-06-07 21:21 - 2013-06-07 21:21 - 00000000 ____D C:\Documents and Settings\home\Application Data\Sierra Wireless

2013-06-07 21:02 - 2013-04-05 20:11 - 00000000 ____D C:\Documents and Settings\home\Desktop\Unused Desktop Shortcuts

2013-06-07 21:02 - 2012-03-31 11:23 - 00000000 ____D C:\Documents and Settings\home\Desktop\New Folder

2013-06-06 21:37 - 2009-08-09 19:33 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

2013-06-06 21:36 - 2010-07-18 13:15 - 00000000 ____D C:\Program Files\Sony Corporation

2013-06-06 21:34 - 2002-01-01 02:10 - 00000000 ____D C:\Program Files\Opera

2013-06-06 21:14 - 2013-06-06 21:14 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\Trend Micro

2013-06-06 21:13 - 2013-06-06 21:13 - 00000932 ____A C:\Documents and Settings\home\Desktop\Trend Micro Titanium 2012.lnk

2013-06-06 21:12 - 2013-06-06 21:12 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Trend Micro

2013-06-06 21:12 - 2008-08-30 16:18 - 00607434 ____A C:\Windows\System32\PerfStringBackup.INI

2013-06-06 21:08 - 2013-06-06 21:08 - 00000056 ____A C:\Windows\System32\SupportTool.exe.bat

2013-06-06 21:07 - 2013-06-06 21:05 - 00000000 ____D C:\Program Files\Trend Micro

2013-06-06 20:37 - 2010-07-05 11:15 - 00000000 ____D C:\Documents and Settings\home\Application Data\uTorrent

2013-06-04 21:43 - 2012-03-31 05:53 - 00000664 ____A C:\Windows\System32\d3d9caps.dat

2013-06-04 06:31 - 2013-06-03 22:09 - 00065536 ____A C:\Windows\System32\config\WindowsPowerShell.evt

2013-06-03 23:34 - 2009-11-04 23:11 - 00000000 ____D C:\Windows\Microsoft.NET

2013-06-03 23:16 - 2013-06-03 22:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SpeedyPC Software

2013-06-03 23:15 - 2013-06-03 22:42 - 00000000 ____D C:\Program Files\yolobartb

2013-06-03 22:43 - 2009-09-22 21:21 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-06-03 22:43 - 2009-09-22 21:21 - 00000000 ____D C:\Documents and Settings\home\Application Data\Mozilla

2013-06-03 22:16 - 2009-08-09 20:29 - 00000000 ____D C:\Program Files\Google

2013-06-03 22:13 - 2013-06-03 22:13 - 00000000 ____D C:\Documents and Settings\home\Application Data\SpeedyPC Software

2013-06-03 22:13 - 2013-06-03 22:13 - 00000000 ____D C:\Documents and Settings\home\Application Data\DriverCure

2013-06-03 22:09 - 2013-06-03 22:09 - 00000000 ____D C:\Windows\System32\windowspowershell

2013-06-03 22:09 - 2013-06-03 22:08 - 00000000 __HDC C:\Windows\$NtUninstallKB926139-v2$

2013-06-03 15:06 - 2009-08-09 20:30 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\Google

2013-06-03 14:57 - 2010-08-01 21:02 - 00000000 ____D C:\Windows\Minidump

2013-06-03 14:46 - 2008-08-30 16:16 - 00000211 ___SH C:\boot.ini

2013-06-03 14:46 - 2004-08-04 08:00 - 00000877 ____A C:\Windows\win.ini

2013-06-03 14:46 - 2004-08-04 08:00 - 00000227 ____N C:\Windows\system.ini

2013-06-02 14:56 - 2013-01-01 11:18 - 00000000 ____D C:\Documents and Settings\home\Application Data\SanDisk

2013-06-02 12:08 - 2013-06-02 12:08 - 00524080 ____A C:\Documents and Settings\home\My Documents\system erroes.evt

2013-06-02 12:06 - 2013-06-02 12:06 - 00238000 ____A C:\Documents and Settings\home\My Documents\errores.evt

2013-06-02 10:49 - 2009-07-30 20:26 - 00000000 ____D C:\Windows\Registration

2013-06-02 10:49 - 2008-08-30 16:11 - 00000000 ____D C:\Windows\repair

2013-06-02 09:47 - 2013-06-02 09:40 - 00002396 ____A C:\Windows\System32\ASOROSet.bin

2013-06-02 09:47 - 2008-08-30 16:17 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak

2013-06-02 09:47 - 2008-08-30 16:16 - 38273024 ____A C:\Windows\System32\config\software.bak

2013-06-02 09:47 - 2008-08-30 16:16 - 08912896 ____A C:\Windows\System32\config\system.bak

2013-06-02 09:46 - 2013-06-02 09:46 - 00000000 ___AH C:\Windows\System32\config\system.sav.LOG

2013-06-02 09:46 - 2013-06-02 09:46 - 00000000 ___AH C:\Windows\System32\config\software.sav.LOG

2013-06-02 09:44 - 2013-06-02 09:44 - 00000000 ___AH C:\Windows\System32\config\SECURITY.sav.LOG

2013-06-02 09:44 - 2013-06-02 09:44 - 00000000 ___AH C:\Windows\System32\config\SAM.sav.LOG

2013-06-02 09:42 - 2008-08-30 16:17 - 00262144 ____A C:\Windows\System32\config\SAM.bak

2013-06-02 09:40 - 2013-06-02 09:39 - 00000000 ____D C:\Windows\System32\config\RCCBakup

2013-06-02 09:20 - 2013-06-02 09:20 - 00000724 ____A C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

2013-06-02 09:20 - 2013-06-02 09:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-06-02 09:20 - 2013-06-02 09:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla

2013-06-02 09:17 - 2010-08-01 14:51 - 00000000 ____D C:\Program Files\Safari

2013-06-01 16:58 - 2009-08-10 07:15 - 00000000 ____D C:\Documents and Settings\home\Tracing

2013-06-01 16:54 - 2013-03-06 21:54 - 00000000 ____D C:\Documents and Settings\home\Application Data\systweak

2013-06-01 16:24 - 2012-08-05 23:22 - 00000719 ____A C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk

2013-06-01 16:24 - 2012-08-05 23:21 - 00000000 ____D C:\Program Files\Calibre2

2013-06-01 16:07 - 2013-06-01 16:07 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\Amazon Browser Bar

2013-06-01 16:07 - 2013-06-01 16:06 - 00000000 ____D C:\Program Files\Amazon Browser Bar

2013-06-01 16:06 - 2013-06-01 16:06 - 00000000 ____D C:\Program Files\Amazon

2013-06-01 16:05 - 2013-06-01 16:05 - 00000270 ____A C:\Windows\Tasks\RegClean Pro_UPDATES.job

2013-06-01 16:03 - 2013-06-01 16:03 - 00000725 ____A C:\Documents and Settings\All Users\Desktop\RegClean Pro.lnk

2013-06-01 16:03 - 2013-06-01 16:03 - 00000000 ____D C:\Program Files\RegClean Pro

2013-06-01 16:03 - 2012-12-22 07:42 - 00000682 ____A C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

2013-06-01 16:02 - 2009-08-19 19:15 - 00000000 ____D C:\Program Files\CCleaner

2013-05-28 22:19 - 2009-07-30 20:26 - 00000000 ____D C:\Program Files\Online Services

2013-05-27 22:39 - 2013-05-18 22:14 - 00000000 ____D C:\Program Files\Seagate Replica

2013-05-21 21:35 - 2013-02-06 09:27 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\CRE

2013-05-21 21:27 - 2012-09-07 21:45 - 00000000 ____D C:\Program Files\SecurityKISS Tunnel

2013-05-21 21:24 - 2008-08-30 16:11 - 00000000 ____D C:\Windows\twain_32

2013-05-21 21:07 - 2009-08-09 19:34 - 00000022 ____A C:\Windows\FLASHKSK.INI

2013-05-19 09:51 - 2013-05-19 09:50 - 00076974 ____A C:\Documents and Settings\home\My Documents\[Hamilton_Laurell_K]_A_Clean_Sweep(Bookos.org).epub

2013-05-19 09:29 - 2013-05-19 09:18 - 00248856 ____A C:\Documents and Settings\home\My Documents\[Hamilton_Laurell_K]_Hamilton,_Laurell_-_Ravenloft(Bookos.org).lit

2013-05-19 09:28 - 2013-05-19 09:17 - 00173187 ____A C:\Documents and Settings\home\My Documents\[Hamilton_Laurell_K]_Nightshade(Bookos.org).lit

2013-05-19 09:24 - 2013-05-19 09:14 - 00392647 ____A C:\Documents and Settings\home\My Documents\[Hamilton_Laurell_K]_Never_After(Bookos.org).epub

2013-05-19 09:20 - 2013-05-19 09:09 - 00372858 ____A C:\Documents and Settings\home\My Documents\[Laurell_K-1._Hamilton]_Bullet(Bookos.org).epub

2013-05-19 08:59 - 2013-05-19 08:59 - 00056469 ____A C:\Documents and Settings\home\My Documents\[Hamilton_Laurell_K]_Bite_The_Girl_Who_Was_Infatu(Bookos.org).epub

2013-05-19 08:58 - 2013-05-19 08:58 - 00279287 ____A C:\Documents and Settings\home\My Documents\[Laurell_K._Hamilton]_Hit_List(Bookos.org).epub

2013-05-19 08:58 - 2013-05-19 08:57 - 00465739 ____A C:\Documents and Settings\home\My Documents\[Laurell_K._Hamilton]_Swallowing_Darkness(Bookos.org).epub

2013-05-19 08:57 - 2013-05-19 08:57 - 00372858 ____A C:\Documents and Settings\home\My Documents\[Laurell_K._Hamilton]_Bullet(Bookos.org).epub

2013-05-19 08:56 - 2013-05-19 08:46 - 00257246 ____A C:\Documents and Settings\home\My Documents\[Laurell_K._Hamilton]_Divine_Misdemeanors(Bookos.org).epub

2013-05-19 08:55 - 2013-05-19 08:45 - 00836621 ____A C:\Documents and Settings\home\My Documents\[Laurell_K._Hamilton]_Flirt(Bookos.org).epub

2013-05-19 00:17 - 2013-05-19 00:17 - 00217359 ____A C:\Documents and Settings\home\My Documents\[Anjou_Angelique]_Ja-Rael's_Lioness(Bookos.org).epub

2013-05-19 00:17 - 2013-05-19 00:17 - 00176594 ____A C:\Documents and Settings\home\My Documents\[Fox_Jaide,_Lyons_Brenna,_Nash_Joy]_Dream_Warriors(Bookos.org).epub

2013-05-19 00:14 - 2013-05-19 00:14 - 00195267 ____A C:\Documents and Settings\home\My Documents\[Anjou_Angelique]_Chameleon(Bookos.org).epub

2013-05-18 22:18 - 2013-05-18 22:18 - 00000718 ____A C:\Documents and Settings\All Users\Desktop\Seagate Replica.lnk

2013-05-18 22:07 - 2013-05-18 22:07 - 00000000 ____D C:\Documents and Settings\home\Application Data\Leadertech

2013-05-17 23:48 - 2013-05-17 23:48 - 00150083 ____A C:\Documents and Settings\home\My Documents\reunion-vampires-realm-romance-series.epub

2013-05-17 23:24 - 2013-05-17 23:24 - 00251157 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Enslave(Bookos.org).mobi

2013-05-17 23:18 - 2013-05-17 23:18 - 00192571 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Seduce(Bookos.org).epub

2013-05-17 23:18 - 2013-05-17 23:18 - 00140778 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Covet(Bookos.org).epub

2013-05-17 23:17 - 2013-05-17 23:17 - 00404764 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Forbidden_Blood(Bookos.org).epub

2013-05-17 23:17 - 2013-05-17 23:17 - 00308531 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Ascension(Bookos.org).epub

2013-05-17 23:17 - 2013-05-17 23:17 - 00176032 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Crave(Bookos.org).epub

2013-05-17 23:16 - 2013-05-17 23:16 - 00147876 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_The_Night(Bookos.org).epub

2013-05-16 22:42 - 2013-05-16 22:42 - 00152793 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Vampire_for_Christmas(Bookos.org).epub

2013-05-16 22:36 - 2013-05-16 22:36 - 00082678 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Moonlight(Bookos.org).epub

2013-05-16 22:35 - 2013-05-16 22:35 - 00100723 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Embracing_the_Wolf(Bookos.org).epub

2013-05-16 22:34 - 2013-05-16 22:34 - 00203334 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Cabin_Fever(Bookos.org).lit

2013-05-16 22:34 - 2013-05-16 22:34 - 00096108 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_A_Promise_of_Passion(Bookos.org).lit

2013-05-16 22:33 - 2013-05-16 22:33 - 00205232 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Mating_Call(Bookos.org).lit

2013-05-15 10:39 - 2009-08-09 21:03 - 00000000 ____D C:\Windows\ie8updates

2013-05-15 10:17 - 2013-05-15 10:17 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$

2013-05-15 10:17 - 2009-07-30 21:12 - 00000000 ___HD C:\Windows\$hf_mig$

2013-05-15 10:13 - 2009-08-09 19:16 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-05-15 10:12 - 2013-05-15 10:12 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$

2013-05-14 19:27 - 2013-05-14 19:27 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application DataGoogle

2013-05-13 21:05 - 2009-07-30 20:29 - 00002577 ____A C:\Windows\System32\CONFIG.NT

2013-05-09 04:58 - 2012-08-05 20:15 - 00229648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe



==================== Bamital & volsnap Check =================



C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-06-2013

Ran by home at 2013-06-08 23:18:15 Run:

Running from G:\

Boot Mode: Normal

==========================================================





==================== Installed Programs =======================



7-Zip 9.20

7-Zip 9.20 (Version: 9.20.00.0)

Acrobat.com (Version: 1.7.186)

Adobe Media Player (Version: 1.8)

Akamai NetSession Interface Service

AlterGeo Magic Scanner (Version: 3.2.1.742)

Amazon Browser Bar (Version: 3.0)

Apple Application Support (Version: 2.3.3)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (Version: 2.1.3.127)

AT&T Communication Manager (Version: 7.02.0316.0)

Bonjour (Version: 3.0.0.10)

BrowserProtect

calibre (Version: 0.9.33)

CCleaner (Version: 4.02)

Defraggler (remove only)

Free AVI Video Converter version 5.0.21.1212 (Version: 5.0.21.1212)

InstallerApp (Version: 1.0.0.0)

Intel(R) Extreme Graphics 2 Driver (Version: 6.14.10.4396)

iTunes (Version: 11.0.2.26)

Java 7 Update 21 (Version: 7.0.210)

Java Auto Updater (Version: 2.1.9.5)

Junk Mail filter update (Version: 14.0.8089.726)

Microsoft .NET Framework 1.1 (Version: 1.1.4322)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2742597)

Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)

Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Age of Empires II

Microsoft Age of Empires II: The Conquerors Expansion

Microsoft Application Error Reporting (Version: 12.0.6012.5000)

Microsoft Choice Guard (Version: 2.0.48.0)

Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)

Microsoft Search Enhancement Pack (Version: 1.3.59.0)

Microsoft Silverlight (Version: 5.1.20125.0)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)

Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)

Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)

Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)

Microsoft_VC90_ATL_x86 (Version: 1.00.0000)

Microsoft_VC90_CRT_x86 (Version: 1.00.0000)

Microsoft_VC90_MFC_x86 (Version: 1.00.0000)

MobileMe Control Panel (Version: 3.1.1.0)

Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)

Mozilla Maintenance Service (Version: 21.0)

MSN

MSVCRT (Version: 14.0.1468.721)

Nero 7 Ultra Edition (Version: 7.02.0936)

Paquete de compatibilidad para 2007 Office system (Version: 12.0.6612.1000)

PCI Audio Driver

PDF-Viewer (Version: 2.5.210.0)

Picasa 3 (Version: 3.9)

Punto Switcher (Version: 3.1.1.72)

QuickTime (Version: 7.73.80.64)

RarZilla Free Unrar (Version: 4.80)

RegClean Pro (Version: 6.21)

SanDiskSecureAccess_Manager.exe (Version: 1.1.19755)

Seagate Replica v3.0.1801.8554

Segoe UI (Version: 14.0.4327.805)

Sony USB Driver

Torrey & the Vampire 1.7 (Version: 1.7)

Trend Micro Titanium (Version: 5.00)

Trend Micro Titanium 2012 (Version: 5.4)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)

Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)

Update for Windows Internet Explorer 8 (KB972636) (Version: 1)

Update for Windows Internet Explorer 8 (KB976662) (Version: 1)

Update for Windows Internet Explorer 8 (KB976749) (Version: 1)

Update for Windows Internet Explorer 8 (KB980182) (Version: 1)

VIA Rhine-Family Fast-Ethernet Adapter

VLC media player 1.0.1 (Version: 1.0.1)

WebFldrs XP (Version: 9.50.7523)

Windows Defender (Version: 1.1.1593.21)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component (Version: 3.0.0.0)

Windows Internet Explorer 8 (Version: 20090308.140743)

Windows Live Call (Version: 14.0.8064.0206)

Windows Live Communications Platform (Version: 14.0.8064.206)

Windows Live Essentials (Version: 14.0.8089.0726)

Windows Live Essentials (Version: 14.0.8089.726)

Windows Live Mail (Version: 14.0.8089.0726)

Windows Live Messenger (Version: 14.0.8089.0726)

Windows Live OneCare safety scanner

Windows Live Sign-in Assistant (Version: 5.000.818.5)

Windows Live Upload Tool (Version: 14.0.8014.1029)

Windows Media Format 11 runtime

Windows Media Player 11

Windows PowerShell(TM) 1.0 (Version: 2)

Windows Search 4.0 (Version: 04.00.6001.503)

Windows XP Service Pack 3 (Version: 20080414.031525)

XML Paper Specification Shared Components Pack 1.0



==================== Restore Points =========================



12-03-2013 01:37:35 System Checkpoint

12-03-2013 12:52:54 Printer Driver Lexmark 3100 Series Installed

12-03-2013 15:12:38 Removed Foxit Reader

13-03-2013 12:18:49 Software Distribution Service 3.0

14-03-2013 04:16:20 Software Distribution Service 3.0

14-03-2013 13:43:23 Software Distribution Service 3.0

15-03-2013 22:07:33 Software Distribution Service 3.0

16-03-2013 22:59:56 System Checkpoint

18-03-2013 13:09:01 System Checkpoint

18-03-2013 14:23:17 Software Distribution Service 3.0

19-03-2013 22:58:23 System Checkpoint

20-03-2013 01:26:40 Software Distribution Service 3.0

21-03-2013 19:17:09 System Checkpoint

22-03-2013 13:15:17 Software Distribution Service 3.0

22-03-2013 21:36:43 Installed calibre

22-03-2013 21:41:29 Removed calibre

23-03-2013 03:43:29 Windows Defender Checkpoint

28-03-2013 03:09:20 Software Distribution Service 3.0

29-03-2013 21:36:54 Software Distribution Service 3.0

30-03-2013 22:46:56 System Checkpoint

31-03-2013 18:47:00 Installed calibre

31-03-2013 18:55:52 Installed calibre

31-03-2013 18:57:53 Removed calibre

31-03-2013 19:01:31 Removed Adobe Reader XI (11.0.02).

31-03-2013 19:19:10 Removed Adobe Community Help

02-04-2013 13:44:25 Software Distribution Service 3.0

04-04-2013 17:11:42 System Checkpoint

06-04-2013 00:22:32 Software Distribution Service 3.0

06-04-2013 02:17:36 Installed calibre

06-04-2013 02:19:25 Removed calibre

12-04-2013 00:14:24 Software Distribution Service 3.0

12-04-2013 00:29:45 Software Distribution Service 3.0

14-04-2013 03:37:14 Software Distribution Service 3.0

14-04-2013 03:43:43 Removed calibre

19-04-2013 02:56:56 Software Distribution Service 3.0

21-04-2013 21:53:29 Software Distribution Service 3.0

24-04-2013 00:20:50 Software Distribution Service 3.0

24-04-2013 00:29:42 Installed Java 7 Update 21

25-04-2013 01:36:42 System Checkpoint

28-04-2013 19:07:42 System Checkpoint

28-04-2013 21:45:24 Software Distribution Service 3.0

30-04-2013 21:57:42 Software Distribution Service 3.0

30-04-2013 22:14:26 Installed calibre

30-04-2013 22:16:12 Removed calibre

05-05-2013 02:21:10 Software Distribution Service 3.0

05-05-2013 02:56:22 Installed calibre

05-05-2013 02:58:02 Removed calibre

08-05-2013 00:34:25 Software Distribution Service 3.0

11-05-2013 01:31:47 Software Distribution Service 3.0

11-05-2013 02:30:53 Installed calibre

11-05-2013 02:32:29 Removed calibre

14-05-2013 00:33:41 System Checkpoint

15-05-2013 13:45:08 Software Distribution Service 3.0

15-05-2013 14:10:16 Software Distribution Service 3.0

16-05-2013 22:52:56 Software Distribution Service 3.0

18-05-2013 03:16:17 Software Distribution Service 3.0

18-05-2013 04:02:59 Installed calibre

18-05-2013 04:04:42 Removed calibre

19-05-2013 04:39:28 System Checkpoint

22-05-2013 01:17:45 Software Distribution Service 3.0

22-05-2013 01:25:42 Removed ePhoneTools

27-05-2013 15:24:54 Software Distribution Service 3.0

27-05-2013 18:39:20 Installed calibre

27-05-2013 18:41:25 Removed calibre

30-05-2013 23:04:25 System Checkpoint

01-06-2013 20:22:03 Installed calibre

01-06-2013 20:24:51 Removed calibre

01-06-2013 20:26:54 Software Distribution Service 3.0

02-06-2013 13:16:16 Removed Safari

02-06-2013 13:23:43 Removed Google Drive

02-06-2013 13:25:20 Removed Google Earth.

03-06-2013 11:22:35 RegClean Pro Mon, Jun 03, 13 07:20

03-06-2013 19:02:36 Restore Operation

04-06-2013 02:09:26 Installed %1 %2.

07-06-2013 00:39:13 avast! Free Antivirus Setup

07-06-2013 01:36:15 Removed Picture Package

07-06-2013 20:27:27 Software Distribution Service 3.0

08-06-2013 01:02:14 RegClean Pro Fri, Jun 07, 13 21:02

08-06-2013 01:27:27 Installed AT&T Communication Manager.

08-06-2013 01:32:56 Install LG USB NDIS Driver



==================== Hosts content: ==========================





127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com



There are 1000 more lines starting with "127.0.0.1"
 
==================== Faulty Device Manager Devices =============



Name: Video Controller (VGA Compatible)

Description: Video Controller (VGA Compatible)

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.





==================== Event log errors: =========================



Application errors:

==================

Error: (06/08/2013 09:00:29 PM) (Source: MPSampleSubmission) (User: )

Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.



Error: (06/08/2013 08:51:46 AM) (Source: MPSampleSubmission) (User: )

Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.



Error: (06/07/2013 04:27:27 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )

Description: EventType clr20r3, P1 updaterservice.exe, P2 1.0.0.0, P3 511e08ea, P4 updaterservice, P5 1.0.0.0, P6 511e08ea, P7 25, P8 0, P9 clr20r30, P10 clr20r31.



Error: (06/07/2013 04:24:27 PM) (Source: crypt32) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:27 PM) (Source: crypt32) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:26 PM) (Source: crypt32) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:20 PM) (Source: crypt32) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:17 PM) (Source: crypt32) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:17 PM) (Source: crypt32) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:13:45 PM) (Source: Application Hang) (User: )

Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.





System errors:

=============

Error: (06/08/2013 11:08:20 PM) (Source: W32Time) (User: )

Description: The time provider NtpClient is configured to acquire time from one or more

time sources, however none of the sources are currently accessible.

No attempt to contact a source will be made for 60 minutes.

NtpClient has no source of accurate time.



Error: (06/08/2013 11:08:20 PM) (Source: W32Time) (User: )

Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually

configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60

minutes.

The error was: A socket operation was attempted to an unreachable host. (0x80072751)



Error: (06/08/2013 10:38:20 PM) (Source: W32Time) (User: )

Description: The time provider NtpClient is configured to acquire time from one or more

time sources, however none of the sources are currently accessible.

No attempt to contact a source will be made for 30 minutes.

NtpClient has no source of accurate time.



Error: (06/08/2013 10:38:20 PM) (Source: W32Time) (User: )

Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually

configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30

minutes.

The error was: A socket operation was attempted to an unreachable host. (0x80072751)



Error: (06/08/2013 10:23:20 PM) (Source: W32Time) (User: )

Description: The time provider NtpClient is configured to acquire time from one or more

time sources, however none of the sources are currently accessible.

No attempt to contact a source will be made for 14 minutes.

NtpClient has no source of accurate time.



Error: (06/08/2013 10:23:20 PM) (Source: W32Time) (User: )

Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually

configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15

minutes.

The error was: A socket operation was attempted to an unreachable host. (0x80072751)



Error: (06/08/2013 08:05:35 AM) (Source: Service Control Manager) (User: )

Description: The BrowserProtect service failed to start due to the following error:

%%2



Error: (06/07/2013 08:33:29 PM) (Source: Service Control Manager) (User: )

Description: The BrowserProtect service failed to start due to the following error:

%%2



Error: (06/07/2013 04:28:17 PM) (Source: Service Control Manager) (User: )

Description: The Software Updater service terminated unexpectedly. It has done this 1 time(s).



Error: (06/07/2013 04:22:30 PM) (Source: Service Control Manager) (User: )

Description: The BrowserProtect service failed to start due to the following error:

%%2





Microsoft Office Sessions:

=========================

Error: (06/08/2013 09:00:29 PM) (Source: MPSampleSubmission)(User: )

Description: mptelemetry8024402cendsearchsearch1.1.1593.0mpsigdwn.dll1.1.1593.0windows defenderNILNILNIL



Error: (06/08/2013 08:51:46 AM) (Source: MPSampleSubmission)(User: )

Description: mptelemetry8024402cendsearchsearch1.1.1593.0mpsigdwn.dll1.1.1593.0windows defenderNILNILNIL



Error: (06/07/2013 04:27:27 PM) (Source: .NET Runtime 2.0 Error Reporting)(User: )

Description: clr20r3updaterservice.exe1.0.0.0511e08eaupdaterservice1.0.0.0511e08ea250system.overflowexceptionNIL



Error: (06/07/2013 04:24:27 PM) (Source: crypt32)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:27 PM) (Source: crypt32)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:26 PM) (Source: crypt32)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:20 PM) (Source: crypt32)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:17 PM) (Source: crypt32)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:17 PM) (Source: crypt32)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:13:45 PM) (Source: Application Hang)(User: )

Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000





==================== Memory info ===========================



Percentage of memory in use: 84%

Total physical RAM: 1022.73 MB

Available physical RAM: 160.52 MB

Total Pagefile: 2970.62 MB

Available Pagefile: 2011.46 MB

Total Virtual: 2047.88 MB

Available Virtual: 1946.87 MB



==================== Drives ================================



Drive c: () (Fixed) (Total:465.76 GB) (Free:113.51 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive g: () (Removable) (Total:14.9 GB) (Free:14.56 GB) FAT32



==================== MBR & Partition Table ==================



========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 23658E6F)

Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)



========================================================

Disk: 1 (Size: 15 GB) (Disk ID: 00000000)

Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)


==================== End Of Log
 
sorry!
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2013

Ran by home (administrator) on 09-06-2013 00:23:46

Running from C:\Documents and Settings\home\Desktop

Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal



==================== Processes (Whitelisted) ===================



(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(PCtel, Inc.) C:\WINDOWS\system32\pctspk.exe

(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

() C:\Program Files\SoftwareUpdater\UpdaterService.exe

() C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe

(Seagate Technology LLC) C:\Program Files\Seagate Replica\bin\ReplicaSysMon.exe

(Seagate Technology LLC) C:\Program Files\Seagate Replica\bin\Seagate-Replica-Svc.exe

(Seagate Technology LLC) C:\Program Files\Seagate Replica\bin\Seagate-Replica-Autoplay.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe

(Seagate Technology LLC) C:\Program Files\Seagate Replica\bin\Seagate-Replica-Tray.exe

(Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe

() C:\Program Files\SoftwareUpdater\AppsUpdater.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE



==================== Registry (Whitelisted) ==================



HKLM\...\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)

HKLM\...\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)

HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)

HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)

HKLM\...\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL "" [1304296 2012-12-18] (Trend Micro Inc.)

HKLM\...\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a [883272 2010-07-15] (ATT)

HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [133424 2012-02-27] (Trend Micro Inc.)

MountPoints2: D - D:\WIN\setup.exe

MountPoints2: {86259900-cfd9-11e2-ae3b-0040f4b1ff29} - D:\WIN\setup.exe

MountPoints2: {d90283c2-c804-11e2-ae28-ddbddd7d607a} - D:\autorun.exe

HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2006-10-09] (Nero AG)

HKU\Default User\...\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2006-10-09] (Nero AG)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

Startup: C:\Documents and Settings\home\Start Menu\Programs\Startup\Seagate Product Registration.lnk

ShortcutTarget: Seagate Product Registration.lnk -> C:\Documents and Settings\home\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe (Leader Technologies/Seagate)

Startup: C:\Documents and Settings\home\Start Menu\Programs\Startup\tcbhn.lnk

ShortcutTarget: tcbhn.lnk -> C:\Documents and Settings\home\Application Data\BrowserCompanion\tcbhn.exe (No File)

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)



==================== Internet (Whitelisted) ====================



ProxyServer: 169.254.103.158:80

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://search.certified-toolbar.com?si=41460&bs=true&tid=592&q={searchTerms}

SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certified-toolbar.com?si=41460&bs=true&tid=592&q={searchTerms}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =

BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)

BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: AlterGeoBHO Class - {9BFBA68E-E21B-458E-AE12-FE85E903D2C1} - C:\Program Files\AlterGeo\AlterGeo Magic Scanner\3.2.1.742\AlterGeo.BrowserPlugin.dll (Wi2Geo)

BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: AlxHelper Class - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)

Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

Toolbar: HKLM - Amazon Browser Bar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)

Toolbar: HKCU -No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

Toolbar: HKCU -No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Toolbar: HKCU -No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} - No File

Toolbar: HKCU -No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)

ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\PROGRA~1\WIFD1F~1\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)

ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Winsock: Catalog5 05 %SystemRoot%\System32\nwprovau.dll [142336] (Microsoft Corporation)

Winsock: Catalog9 01 bmnet.dll [142336] (Microsoft Corporation)

Winsock: Catalog9 02 bmnet.dll [142336] (Microsoft Corporation)

Winsock: Catalog9 03 bmnet.dll [142336] (Microsoft Corporation)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

 
FireFox:

========

FF ProfilePath: C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default

FF SearchEngine: Bing

FF Homepage: hxxp://www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin: google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Extension: Babylon - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\[email protected]

FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF Extension: ??????? @Mail.Ru - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}

FF Extension: Yahoo! Toolbar - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF Extension: Playdom Community Toolbar - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}

FF Extension: Zynga Community Toolbar - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

FF Extension: personas - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\[email protected]

FF Extension: No Name - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi

FF Extension: No Name - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\us77mxn2.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi



========================== Services (Whitelisted) =================



R2 Akamai; c:\program files\common files\akamai/netsession_win_ca0e279.dll [4561152 2013-03-27] (Akamai Technologies, Inc.)

S3 ATTRcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [121416 2010-07-15] (SmithMicro Inc.)

R2 NwSapAgent; C:\Windows\System32\ipxsap.dll [66560 2004-08-04] (Microsoft Corporation)

R2 Pctspk; C:\Windows\system32\pctspk.exe [86016 2001-08-17] (PCtel, Inc.)

R2 ReplicaSysMon; C:\Program Files\Seagate Replica\bin\ReplicaSysMon.exe [416208 2010-06-08] (Seagate Technology LLC)

R2 Seagate-Replica-Svc; C:\Program Files\Seagate Replica\bin\Seagate-Replica-Svc.exe [1947600 2010-06-08] (Seagate Technology LLC)

R2 SrvUpdater; C:\Program Files\SoftwareUpdater\UpdaterService.exe [31744 2013-02-18] ()

R2 Updater Service for AMZN; C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2012-05-22] ()

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)

R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x]

S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]

S2 BrowserProtect; C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]

R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]



==================== Drivers (Whitelisted) ====================



R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21576 2013-03-06] (AVAST Software)

S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)

R1 cdrbsvsd; C:\Windows\System32\Drivers\cdrbsvsd.sys [13566 2003-12-03] (B.H.A Corporation)

S3 cmipci; C:\Windows\System32\drivers\cmipci.sys [37888 2007-11-21] (Dogbert)

R3 cmpci; C:\Windows\System32\drivers\cmaudio.sys [377358 2002-11-18] (C-Media Inc)

R3 FET5X86V; C:\Windows\System32\DRIVERS\fetnd5bv.sys [48128 2011-04-01] (VIA Technologies, Inc. )

R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)

S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1302332 2005-09-20] (Intel Corporation)

S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)

S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)

R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)

R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)

R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)

R3 PCTINDIS5; C:\WINDOWS\system32\PCTINDIS5.SYS [32408 2010-07-15] (Smith Micro Inc.)

S3 Ptserlp; C:\Windows\System32\DRIVERS\ptserlp.sys [112574 2001-08-17] (PCTEL, INC.)

R1 sf; C:\Windows\System32\drivers\sf.sys [33183 2006-04-01] (Sonic Focus, Inc)

S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)

S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [639224 2010-01-18] ()

S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)

S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [40408 2010-04-26] ()

S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [197504 2009-08-12] (Sierra Wireless Inc.)

S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [148992 2009-07-22] (Sierra Wireless Inc.)

S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-07-01] (The OpenVPN Project)

S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-10-15] (AnchorFree Inc)

R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [95224 2012-09-24] (Trend Micro Inc.)

R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [257952 2012-09-24] (Trend Micro Inc.)

R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [76648 2012-09-24] (Trend Micro Inc.)

R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92432 2011-08-02] (Trend Micro Inc.)

R0 Vmodem; C:\Windows\System32\DRIVERS\vmodem.sys [604253 2001-08-17] (PCTEL, INC.)

R0 Vpctcom; C:\Windows\System32\DRIVERS\vpctcom.sys [397502 2001-08-17] (PCtel, Inc.)

R3 vvftav303; C:\Windows\System32\drivers\vvftav303.sys [480128 2007-06-23] (Vimicro Corporation)

R0 Vvoice; C:\Windows\System32\DRIVERS\vvoice.sys [64605 2001-08-17] (PCtel, Inc.)

S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [27496 2013-01-25] (Wondershare)

S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [27496 2013-01-25] (Wondershare)

S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [27496 2013-01-25] (Wondershare)

S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [27496 2013-01-25] (Wondershare)

S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [27496 2013-01-25] (Wondershare)

S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)

R3 ZSMC0303; C:\Windows\System32\Drivers\usbVM303.sys [1472768 2007-05-14] (Vimicro Corporation)

S4 Abiosdsk; No ImagePath

S4 abp480n5; No ImagePath

S4 adpu160m; No ImagePath

S4 Aha154x; No ImagePath

S4 aic78u2; No ImagePath

S4 aic78xx; No ImagePath

S4 AliIde; No ImagePath

S4 amsint; No ImagePath

S4 asc; No ImagePath

S4 asc3350p; No ImagePath

S4 asc3550; No ImagePath

S4 Atdisk; No ImagePath

S4 cd20xrnt; No ImagePath

S1 Changer; No ImagePath

S4 CmdIde; No ImagePath

S4 Cpqarray; No ImagePath

U4 dac2w2k; No ImagePath

S4 dac960nt; No ImagePath

S4 dpti2o; No ImagePath

S4 hpn; No ImagePath

S1 i2omgmt; No ImagePath

S4 i2omp; No ImagePath

S4 ini910u; No ImagePath

S0 jdro; System32\drivers\yyjglij.sys [x]

S1 lbrtfdc; No ImagePath

S4 mraid35x; No ImagePath

S1 PCIDump; No ImagePath

S3 PDCOMP; No ImagePath

S3 PDFRAME; No ImagePath

S3 PDRELI; No ImagePath

S3 PDRFRAME; No ImagePath

S4 perc2; No ImagePath

S4 perc2hib; No ImagePath

S4 ql1080; No ImagePath

S4 Ql10wnt; No ImagePath

S4 ql12160; No ImagePath

S4 ql1240; No ImagePath

S4 ql1280; No ImagePath

S4 Simbad; No ImagePath

S4 Sparrow; No ImagePath

S4 symc810; No ImagePath

S4 symc8xx; No ImagePath

S4 sym_hi; No ImagePath

S4 sym_u3; No ImagePath

U2 TMAgent;

S4 TosIde; No ImagePath

S4 ultra; No ImagePath

S4 ViaIde; No ImagePath

S0 waytnjrc; System32\drivers\gdti.sys [x]

S3 WDICA; No ImagePath



==================== NetSvcs (Whitelisted) ===================





==================== One Month Created Files and Folders ========



2013-06-09 00:16 - 2013-06-08 22:23 - 01358673 ____A (Farbar) C:\Documents and Settings\home\Desktop\FRST.exe

2013-06-08 23:14 - 2013-06-08 23:14 - 00000000 ____D C:\FRST

2013-06-08 23:05 - 2013-06-08 23:09 - 00013580 ____A C:\Windows\FaxSetup.log

2013-06-08 23:05 - 2013-06-08 23:09 - 00007848 ____A C:\Windows\tsoc.log

2013-06-08 23:05 - 2013-06-08 23:09 - 00004614 ____A C:\Windows\comsetup.log

2013-06-08 23:05 - 2013-06-08 23:09 - 00003200 ____A C:\Windows\ntdtcsetup.log

2013-06-08 23:05 - 2013-06-08 23:09 - 00001920 ____A C:\Windows\iis6.log

2013-06-08 23:05 - 2013-06-08 23:09 - 00001891 ____A C:\Windows\imsins.log

2013-06-08 23:05 - 2013-06-08 23:09 - 00000860 ____A C:\Windows\msgsocm.log

2013-06-08 23:05 - 2013-06-08 23:09 - 00000850 ____A C:\Windows\ocmsn.log

2013-06-08 23:05 - 2013-06-08 23:05 - 00001891 ____A C:\Windows\imsins.BAK

2013-06-08 23:05 - 2013-06-08 23:05 - 00000000 ____A C:\Windows\setuperr.log

2013-06-08 23:05 - 2013-06-08 23:05 - 00000000 ____A C:\Windows\setupact.log

2013-06-08 23:04 - 2013-06-08 23:09 - 00011138 ____A C:\Windows\ocgen.log

2013-06-08 22:18 - 2013-06-08 23:10 - 00003671 ____A C:\Windows\setupapi.log

2013-06-08 08:33 - 2013-06-08 21:00 - 00000330 ___AH C:\Windows\Tasks\MP Scheduled Scan.job

2013-06-08 08:23 - 2013-06-08 08:23 - 00049944 ____A C:\Documents and Settings\home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2013-06-08 08:04 - 2013-06-08 08:04 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Bytemobile

2013-06-08 08:00 - 2013-06-08 08:06 - 00000092 ____A C:\Windows\smartkeydiagnostics.txt

2013-06-07 21:36 - 2013-06-07 21:36 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Bytemobile

2013-06-07 21:34 - 2013-06-07 21:34 - 00000000 ____D C:\Documents and Settings\home\Application Data\AT&T

2013-06-07 21:32 - 2010-04-26 18:04 - 00040408 ____A C:\Windows\System32\Drivers\swmsflt.sys

2013-06-07 21:29 - 2013-06-07 21:29 - 00001851 ____A C:\Documents and Settings\All Users\Desktop\at&t Communication Manager.lnk

2013-06-07 21:29 - 2013-06-07 21:29 - 00000000 ____D C:\Program Files\Common Files\Motorola Shared

2013-06-07 21:27 - 2013-06-07 21:27 - 00000000 ____D C:\Program Files\Common Files\Research In Motion

2013-06-07 21:27 - 2013-06-07 21:27 - 00000000 ____D C:\Program Files\AT&T

2013-06-07 21:27 - 2013-06-07 21:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LG

2013-06-07 21:27 - 2013-06-07 21:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AT&T

2013-06-07 21:21 - 2013-06-07 21:22 - 00000000 ____D C:\Program Files\Sierra Wireless Inc

2013-06-07 21:21 - 2013-06-07 21:21 - 00000000 ____D C:\Documents and Settings\home\Application Data\Sierra Wireless

2013-06-06 21:14 - 2013-06-06 21:14 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\Trend Micro

2013-06-06 21:13 - 2013-06-06 21:13 - 00000932 ____A C:\Documents and Settings\home\Desktop\Trend Micro Titanium 2012.lnk

2013-06-06 21:12 - 2013-06-06 21:12 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Trend Micro

2013-06-06 21:12 - 2012-09-24 22:01 - 00095224 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmactmon.sys

2013-06-06 21:12 - 2012-09-24 22:00 - 00257952 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys

2013-06-06 21:12 - 2012-09-24 22:00 - 00076648 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmevtmgr.sys

2013-06-06 21:12 - 2011-08-02 16:33 - 00092432 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmtdi.sys

2013-06-06 21:08 - 2013-06-06 21:08 - 00000056 ____A C:\Windows\System32\SupportTool.exe.bat

2013-06-06 21:05 - 2013-06-07 21:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Trend Micro

2013-06-06 21:05 - 2013-06-06 21:07 - 00000000 ____D C:\Program Files\Trend Micro

2013-06-03 22:42 - 2013-06-03 23:15 - 00000000 ____D C:\Program Files\yolobartb

2013-06-03 22:13 - 2013-06-03 22:13 - 00000000 ____D C:\Documents and Settings\home\Application Data\SpeedyPC Software

2013-06-03 22:13 - 2013-06-03 22:13 - 00000000 ____D C:\Documents and Settings\home\Application Data\DriverCure

2013-06-03 22:12 - 2013-06-03 23:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SpeedyPC Software

2013-06-03 22:09 - 2013-06-04 06:31 - 00065536 ____A C:\Windows\System32\config\WindowsPowerShell.evt

2013-06-03 22:09 - 2013-06-03 22:09 - 00000000 ____D C:\Windows\System32\windowspowershell

2013-06-03 22:08 - 2013-06-03 22:09 - 00000000 __HDC C:\Windows\$NtUninstallKB926139-v2$

2013-06-02 12:08 - 2013-06-02 12:08 - 00524080 ____A C:\Documents and Settings\home\My Documents\system erroes.evt

2013-06-02 12:06 - 2013-06-02 12:06 - 00238000 ____A C:\Documents and Settings\home\My Documents\errores.evt

2013-06-02 09:46 - 2013-06-02 09:46 - 00000000 ___AH C:\Windows\System32\config\system.sav.LOG

2013-06-02 09:46 - 2013-06-02 09:46 - 00000000 ___AH C:\Windows\System32\config\software.sav.LOG

2013-06-02 09:44 - 2013-06-02 09:44 - 00000000 ___AH C:\Windows\System32\config\SECURITY.sav.LOG

2013-06-02 09:44 - 2013-06-02 09:44 - 00000000 ___AH C:\Windows\System32\config\SAM.sav.LOG

2013-06-02 09:40 - 2013-06-02 09:47 - 00002396 ____A C:\Windows\System32\ASOROSet.bin

2013-06-02 09:39 - 2013-06-02 09:40 - 00000000 ____D C:\Windows\System32\config\RCCBakup

2013-06-02 09:20 - 2013-06-02 09:20 - 00000724 ____A C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

2013-06-02 09:20 - 2013-06-02 09:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-06-02 09:20 - 2013-06-02 09:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla

2013-06-01 16:07 - 2013-06-01 16:07 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\Amazon Browser Bar

2013-06-01 16:06 - 2013-06-01 16:07 - 00000000 ____D C:\Program Files\Amazon Browser Bar

2013-06-01 16:06 - 2013-06-01 16:06 - 00000000 ____D C:\Program Files\Amazon

2013-06-01 16:05 - 2013-06-08 15:02 - 00000262 ____A C:\Windows\Tasks\RegClean Pro_DEFAULT.job

2013-06-01 16:05 - 2013-06-01 16:05 - 00000270 ____A C:\Windows\Tasks\RegClean Pro_UPDATES.job

2013-06-01 16:03 - 2013-06-01 16:03 - 00000725 ____A C:\Documents and Settings\All Users\Desktop\RegClean Pro.lnk

2013-06-01 16:03 - 2013-06-01 16:03 - 00000000 ____D C:\Program Files\RegClean Pro

2013-05-19 09:50 - 2013-05-19 09:51 - 00076974 ____A C:\Documents and Settings\home\My Documents\[Hamilton_Laurell_K]_A_Clean_Sweep(Bookos.org).epub

2013-05-19 09:18 - 2013-05-19 09:29 - 00248856 ____A C:\Documents and Settings\home\My Documents\[Hamilton_Laurell_K]_Hamilton,_Laurell_-_Ravenloft(Bookos.org).lit

2013-05-19 09:17 - 2013-05-19 09:28 - 00173187 ____A C:\Documents and Settings\home\My Documents\[Hamilton_Laurell_K]_Nightshade(Bookos.org).lit

2013-05-19 09:14 - 2013-05-19 09:24 - 00392647 ____A C:\Documents and Settings\home\My Documents\[Hamilton_Laurell_K]_Never_After(Bookos.org).epub

2013-05-19 09:09 - 2013-05-19 09:20 - 00372858 ____A C:\Documents and Settings\home\My Documents\[Laurell_K-1._Hamilton]_Bullet(Bookos.org).epub

2013-05-19 08:59 - 2013-05-19 08:59 - 00056469 ____A C:\Documents and Settings\home\My Documents\[Hamilton_Laurell_K]_Bite_The_Girl_Who_Was_Infatu(Bookos.org).epub

2013-05-19 08:58 - 2013-05-19 08:58 - 00279287 ____A C:\Documents and Settings\home\My Documents\[Laurell_K._Hamilton]_Hit_List(Bookos.org).epub

2013-05-19 08:57 - 2013-05-19 08:58 - 00465739 ____A C:\Documents and Settings\home\My Documents\[Laurell_K._Hamilton]_Swallowing_Darkness(Bookos.org).epub

2013-05-19 08:57 - 2013-05-19 08:57 - 00372858 ____A C:\Documents and Settings\home\My Documents\[Laurell_K._Hamilton]_Bullet(Bookos.org).epub

2013-05-19 08:46 - 2013-05-19 08:56 - 00257246 ____A C:\Documents and Settings\home\My Documents\[Laurell_K._Hamilton]_Divine_Misdemeanors(Bookos.org).epub

2013-05-19 08:45 - 2013-05-19 08:55 - 00836621 ____A C:\Documents and Settings\home\My Documents\[Laurell_K._Hamilton]_Flirt(Bookos.org).epub

2013-05-19 00:17 - 2013-05-19 00:17 - 00217359 ____A C:\Documents and Settings\home\My Documents\[Anjou_Angelique]_Ja-Rael's_Lioness(Bookos.org).epub

2013-05-19 00:17 - 2013-05-19 00:17 - 00176594 ____A C:\Documents and Settings\home\My Documents\[Fox_Jaide,_Lyons_Brenna,_Nash_Joy]_Dream_Warriors(Bookos.org).epub

2013-05-19 00:14 - 2013-05-19 00:14 - 00195267 ____A C:\Documents and Settings\home\My Documents\[Anjou_Angelique]_Chameleon(Bookos.org).epub

2013-05-18 22:18 - 2013-05-18 22:18 - 00000718 ____A C:\Documents and Settings\All Users\Desktop\Seagate Replica.lnk

2013-05-18 22:14 - 2013-05-27 22:39 - 00000000 ____D C:\Program Files\Seagate Replica

2013-05-18 22:07 - 2013-05-18 22:07 - 00000000 ____D C:\Documents and Settings\home\Application Data\Leadertech

2013-05-17 23:48 - 2013-05-17 23:48 - 00150083 ____A C:\Documents and Settings\home\My Documents\reunion-vampires-realm-romance-series.epub

2013-05-17 23:24 - 2013-05-17 23:24 - 00251157 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Enslave(Bookos.org).mobi

2013-05-17 23:18 - 2013-05-17 23:18 - 00192571 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Seduce(Bookos.org).epub

2013-05-17 23:18 - 2013-05-17 23:18 - 00140778 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Covet(Bookos.org).epub

2013-05-17 23:17 - 2013-05-17 23:17 - 00404764 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Forbidden_Blood(Bookos.org).epub

2013-05-17 23:17 - 2013-05-17 23:17 - 00308531 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Ascension(Bookos.org).epub

2013-05-17 23:17 - 2013-05-17 23:17 - 00176032 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Crave(Bookos.org).epub

2013-05-17 23:16 - 2013-05-17 23:16 - 00147876 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_The_Night(Bookos.org).epub

2013-05-16 22:42 - 2013-05-16 22:42 - 00152793 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Vampire_for_Christmas(Bookos.org).epub

2013-05-16 22:36 - 2013-05-16 22:36 - 00082678 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Moonlight(Bookos.org).epub

2013-05-16 22:35 - 2013-05-16 22:35 - 00100723 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Embracing_the_Wolf(Bookos.org).epub

2013-05-16 22:34 - 2013-05-16 22:34 - 00203334 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Cabin_Fever(Bookos.org).lit

2013-05-16 22:34 - 2013-05-16 22:34 - 00096108 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_A_Promise_of_Passion(Bookos.org).lit

2013-05-16 22:33 - 2013-05-16 22:33 - 00205232 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Mating_Call(Bookos.org).lit

2013-05-15 10:17 - 2013-05-15 10:17 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$

2013-05-15 10:12 - 2013-05-15 10:12 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$

2013-05-14 19:27 - 2013-05-14 19:27 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application DataGoogle

 
==================== One Month Modified Files and Folders ========



2013-06-08 23:14 - 2013-06-08 23:14 - 00000000 ____D C:\FRST

2013-06-08 23:10 - 2013-06-08 22:18 - 00003671 ____A C:\Windows\setupapi.log

2013-06-08 23:09 - 2013-06-08 23:05 - 00013580 ____A C:\Windows\FaxSetup.log

2013-06-08 23:09 - 2013-06-08 23:05 - 00007848 ____A C:\Windows\tsoc.log

2013-06-08 23:09 - 2013-06-08 23:05 - 00004614 ____A C:\Windows\comsetup.log

2013-06-08 23:09 - 2013-06-08 23:05 - 00003200 ____A C:\Windows\ntdtcsetup.log

2013-06-08 23:09 - 2013-06-08 23:05 - 00001920 ____A C:\Windows\iis6.log

2013-06-08 23:09 - 2013-06-08 23:05 - 00001891 ____A C:\Windows\imsins.log

2013-06-08 23:09 - 2013-06-08 23:05 - 00000860 ____A C:\Windows\msgsocm.log

2013-06-08 23:09 - 2013-06-08 23:05 - 00000850 ____A C:\Windows\ocmsn.log

2013-06-08 23:09 - 2013-06-08 23:04 - 00011138 ____A C:\Windows\ocgen.log

2013-06-08 23:09 - 2009-07-30 20:28 - 01371647 ____A C:\Windows\WindowsUpdate.log

2013-06-08 23:05 - 2013-06-08 23:05 - 00001891 ____A C:\Windows\imsins.BAK

2013-06-08 23:05 - 2013-06-08 23:05 - 00000000 ____A C:\Windows\setuperr.log

2013-06-08 23:05 - 2013-06-08 23:05 - 00000000 ____A C:\Windows\setupact.log

2013-06-08 22:23 - 2013-06-09 00:16 - 01358673 ____A (Farbar) C:\Documents and Settings\home\Desktop\FRST.exe

2013-06-08 21:00 - 2013-06-08 08:33 - 00000330 ___AH C:\Windows\Tasks\MP Scheduled Scan.job

2013-06-08 15:02 - 2013-06-01 16:05 - 00000262 ____A C:\Windows\Tasks\RegClean Pro_DEFAULT.job

2013-06-08 08:34 - 2009-08-09 21:31 - 00000420 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{81D1BFA4-F9E3-4D11-B28B-A2B67743A978}.job

2013-06-08 08:27 - 2009-08-19 19:20 - 00000000 ____D C:\Documents and Settings\home\My Documents\antivirus

2013-06-08 08:23 - 2013-06-08 08:23 - 00049944 ____A C:\Documents and Settings\home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2013-06-08 08:06 - 2013-06-08 08:00 - 00000092 ____A C:\Windows\smartkeydiagnostics.txt

2013-06-08 08:05 - 2008-08-30 16:20 - 00000157 ____N C:\Windows\wiadebug.log

2013-06-08 08:05 - 2008-08-30 16:20 - 00000048 ____N C:\Windows\wiaservc.log

2013-06-08 08:04 - 2013-06-08 08:04 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Bytemobile

2013-06-08 08:04 - 2012-10-21 22:21 - 00000328 ____A C:\Windows\Tasks\Protected Search.job

2013-06-08 08:04 - 2010-07-18 13:42 - 00000000 ____D C:\Program Files\Common Files\Akamai

2013-06-08 08:04 - 2010-06-09 11:20 - 00000358 ____A C:\Windows\Tasks\WinMaximizer-home-Startup.job

2013-06-08 08:04 - 2009-07-30 20:33 - 00000062 __ASH C:\Documents and Settings\home\Local Settings\desktop.ini

2013-06-08 08:04 - 2009-07-30 20:31 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini

2013-06-08 08:04 - 2009-07-30 20:31 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini

2013-06-08 08:04 - 2009-07-30 20:31 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-08 08:04 - 2004-08-04 08:00 - 00013646 ____A C:\Windows\System32\wpa.dbl

2013-06-08 08:00 - 2009-07-30 20:33 - 00000278 ___SH C:\Documents and Settings\home\ntuser.ini

2013-06-08 08:00 - 2009-07-30 20:31 - 00032570 ____N C:\Windows\SchedLgU.Txt

2013-06-08 02:00 - 2010-08-02 21:12 - 00000340 ____A C:\Windows\Tasks\AdobeAAMUpdater-1.0-HOME-52DC6E4B98-home.job

2013-06-07 23:22 - 2012-08-05 23:22 - 00000000 ____D C:\Documents and Settings\home\My Documents\Calibre Library

2013-06-07 21:51 - 2013-06-06 21:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Trend Micro

2013-06-07 21:36 - 2013-06-07 21:36 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Bytemobile

2013-06-07 21:34 - 2013-06-07 21:34 - 00000000 ____D C:\Documents and Settings\home\Application Data\AT&T

2013-06-07 21:30 - 2009-08-09 20:05 - 00000000 ____D C:\Windows\System32\ReinstallBackups

2013-06-07 21:29 - 2013-06-07 21:29 - 00001851 ____A C:\Documents and Settings\All Users\Desktop\at&t Communication Manager.lnk

2013-06-07 21:29 - 2013-06-07 21:29 - 00000000 ____D C:\Program Files\Common Files\Motorola Shared

2013-06-07 21:27 - 2013-06-07 21:27 - 00000000 ____D C:\Program Files\Common Files\Research In Motion

2013-06-07 21:27 - 2013-06-07 21:27 - 00000000 ____D C:\Program Files\AT&T

2013-06-07 21:27 - 2013-06-07 21:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LG

2013-06-07 21:27 - 2013-06-07 21:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AT&T

2013-06-07 21:27 - 2008-08-30 16:18 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-06-07 21:22 - 2013-06-07 21:21 - 00000000 ____D C:\Program Files\Sierra Wireless Inc

2013-06-07 21:21 - 2013-06-07 21:21 - 00000000 ____D C:\Documents and Settings\home\Application Data\Sierra Wireless

2013-06-07 21:02 - 2013-04-05 20:11 - 00000000 ____D C:\Documents and Settings\home\Desktop\Unused Desktop Shortcuts

2013-06-07 21:02 - 2012-03-31 11:23 - 00000000 ____D C:\Documents and Settings\home\Desktop\New Folder

2013-06-06 21:37 - 2009-08-09 19:33 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

2013-06-06 21:36 - 2010-07-18 13:15 - 00000000 ____D C:\Program Files\Sony Corporation

2013-06-06 21:34 - 2002-01-01 02:10 - 00000000 ____D C:\Program Files\Opera

2013-06-06 21:14 - 2013-06-06 21:14 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\Trend Micro

2013-06-06 21:13 - 2013-06-06 21:13 - 00000932 ____A C:\Documents and Settings\home\Desktop\Trend Micro Titanium 2012.lnk

2013-06-06 21:12 - 2013-06-06 21:12 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Trend Micro

2013-06-06 21:12 - 2008-08-30 16:18 - 00607434 ____A C:\Windows\System32\PerfStringBackup.INI

2013-06-06 21:08 - 2013-06-06 21:08 - 00000056 ____A C:\Windows\System32\SupportTool.exe.bat

2013-06-06 21:07 - 2013-06-06 21:05 - 00000000 ____D C:\Program Files\Trend Micro

2013-06-06 20:37 - 2010-07-05 11:15 - 00000000 ____D C:\Documents and Settings\home\Application Data\uTorrent

2013-06-04 21:43 - 2012-03-31 05:53 - 00000664 ____A C:\Windows\System32\d3d9caps.dat

2013-06-04 06:31 - 2013-06-03 22:09 - 00065536 ____A C:\Windows\System32\config\WindowsPowerShell.evt

2013-06-03 23:34 - 2009-11-04 23:11 - 00000000 ____D C:\Windows\Microsoft.NET

2013-06-03 23:16 - 2013-06-03 22:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SpeedyPC Software

2013-06-03 23:15 - 2013-06-03 22:42 - 00000000 ____D C:\Program Files\yolobartb

2013-06-03 22:43 - 2009-09-22 21:21 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-06-03 22:43 - 2009-09-22 21:21 - 00000000 ____D C:\Documents and Settings\home\Application Data\Mozilla

2013-06-03 22:16 - 2009-08-09 20:29 - 00000000 ____D C:\Program Files\Google

2013-06-03 22:13 - 2013-06-03 22:13 - 00000000 ____D C:\Documents and Settings\home\Application Data\SpeedyPC Software

2013-06-03 22:13 - 2013-06-03 22:13 - 00000000 ____D C:\Documents and Settings\home\Application Data\DriverCure

2013-06-03 22:09 - 2013-06-03 22:09 - 00000000 ____D C:\Windows\System32\windowspowershell

2013-06-03 22:09 - 2013-06-03 22:08 - 00000000 __HDC C:\Windows\$NtUninstallKB926139-v2$

2013-06-03 15:06 - 2009-08-09 20:30 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\Google

2013-06-03 14:57 - 2010-08-01 21:02 - 00000000 ____D C:\Windows\Minidump

2013-06-03 14:46 - 2008-08-30 16:16 - 00000211 ___SH C:\boot.ini

2013-06-03 14:46 - 2004-08-04 08:00 - 00000877 ____A C:\Windows\win.ini

2013-06-03 14:46 - 2004-08-04 08:00 - 00000227 ____N C:\Windows\system.ini

2013-06-02 14:56 - 2013-01-01 11:18 - 00000000 ____D C:\Documents and Settings\home\Application Data\SanDisk

2013-06-02 12:08 - 2013-06-02 12:08 - 00524080 ____A C:\Documents and Settings\home\My Documents\system erroes.evt

2013-06-02 12:06 - 2013-06-02 12:06 - 00238000 ____A C:\Documents and Settings\home\My Documents\errores.evt

2013-06-02 10:49 - 2009-07-30 20:26 - 00000000 ____D C:\Windows\Registration

2013-06-02 10:49 - 2008-08-30 16:11 - 00000000 ____D C:\Windows\repair

2013-06-02 09:47 - 2013-06-02 09:40 - 00002396 ____A C:\Windows\System32\ASOROSet.bin

2013-06-02 09:47 - 2008-08-30 16:17 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak

2013-06-02 09:47 - 2008-08-30 16:16 - 38273024 ____A C:\Windows\System32\config\software.bak

2013-06-02 09:47 - 2008-08-30 16:16 - 08912896 ____A C:\Windows\System32\config\system.bak

2013-06-02 09:46 - 2013-06-02 09:46 - 00000000 ___AH C:\Windows\System32\config\system.sav.LOG

2013-06-02 09:46 - 2013-06-02 09:46 - 00000000 ___AH C:\Windows\System32\config\software.sav.LOG

2013-06-02 09:44 - 2013-06-02 09:44 - 00000000 ___AH C:\Windows\System32\config\SECURITY.sav.LOG

2013-06-02 09:44 - 2013-06-02 09:44 - 00000000 ___AH C:\Windows\System32\config\SAM.sav.LOG

2013-06-02 09:42 - 2008-08-30 16:17 - 00262144 ____A C:\Windows\System32\config\SAM.bak

2013-06-02 09:40 - 2013-06-02 09:39 - 00000000 ____D C:\Windows\System32\config\RCCBakup

2013-06-02 09:20 - 2013-06-02 09:20 - 00000724 ____A C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

2013-06-02 09:20 - 2013-06-02 09:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-06-02 09:20 - 2013-06-02 09:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla

2013-06-02 09:17 - 2010-08-01 14:51 - 00000000 ____D C:\Program Files\Safari

2013-06-01 16:58 - 2009-08-10 07:15 - 00000000 ____D C:\Documents and Settings\home\Tracing

2013-06-01 16:54 - 2013-03-06 21:54 - 00000000 ____D C:\Documents and Settings\home\Application Data\systweak

2013-06-01 16:24 - 2012-08-05 23:22 - 00000719 ____A C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk

2013-06-01 16:24 - 2012-08-05 23:21 - 00000000 ____D C:\Program Files\Calibre2

2013-06-01 16:07 - 2013-06-01 16:07 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\Amazon Browser Bar

2013-06-01 16:07 - 2013-06-01 16:06 - 00000000 ____D C:\Program Files\Amazon Browser Bar

2013-06-01 16:06 - 2013-06-01 16:06 - 00000000 ____D C:\Program Files\Amazon

2013-06-01 16:05 - 2013-06-01 16:05 - 00000270 ____A C:\Windows\Tasks\RegClean Pro_UPDATES.job

2013-06-01 16:03 - 2013-06-01 16:03 - 00000725 ____A C:\Documents and Settings\All Users\Desktop\RegClean Pro.lnk

2013-06-01 16:03 - 2013-06-01 16:03 - 00000000 ____D C:\Program Files\RegClean Pro

2013-06-01 16:03 - 2012-12-22 07:42 - 00000682 ____A C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

2013-06-01 16:02 - 2009-08-19 19:15 - 00000000 ____D C:\Program Files\CCleaner

2013-05-28 22:19 - 2009-07-30 20:26 - 00000000 ____D C:\Program Files\Online Services

2013-05-27 22:39 - 2013-05-18 22:14 - 00000000 ____D C:\Program Files\Seagate Replica

2013-05-21 21:35 - 2013-02-06 09:27 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\CRE

2013-05-21 21:27 - 2012-09-07 21:45 - 00000000 ____D C:\Program Files\SecurityKISS Tunnel

2013-05-21 21:24 - 2008-08-30 16:11 - 00000000 ____D C:\Windows\twain_32

2013-05-21 21:07 - 2009-08-09 19:34 - 00000022 ____A C:\Windows\FLASHKSK.INI

2013-05-19 09:51 - 2013-05-19 09:50 - 00076974 ____A C:\Documents and Settings\home\My Documents\[Hamilton_Laurell_K]_A_Clean_Sweep(Bookos.org).epub

2013-05-19 09:29 - 2013-05-19 09:18 - 00248856 ____A C:\Documents and Settings\home\My Documents\[Hamilton_Laurell_K]_Hamilton,_Laurell_-_Ravenloft(Bookos.org).lit

2013-05-19 09:28 - 2013-05-19 09:17 - 00173187 ____A C:\Documents and Settings\home\My Documents\[Hamilton_Laurell_K]_Nightshade(Bookos.org).lit

2013-05-19 09:24 - 2013-05-19 09:14 - 00392647 ____A C:\Documents and Settings\home\My Documents\[Hamilton_Laurell_K]_Never_After(Bookos.org).epub

2013-05-19 09:20 - 2013-05-19 09:09 - 00372858 ____A C:\Documents and Settings\home\My Documents\[Laurell_K-1._Hamilton]_Bullet(Bookos.org).epub

2013-05-19 08:59 - 2013-05-19 08:59 - 00056469 ____A C:\Documents and Settings\home\My Documents\[Hamilton_Laurell_K]_Bite_The_Girl_Who_Was_Infatu(Bookos.org).epub

2013-05-19 08:58 - 2013-05-19 08:58 - 00279287 ____A C:\Documents and Settings\home\My Documents\[Laurell_K._Hamilton]_Hit_List(Bookos.org).epub

2013-05-19 08:58 - 2013-05-19 08:57 - 00465739 ____A C:\Documents and Settings\home\My Documents\[Laurell_K._Hamilton]_Swallowing_Darkness(Bookos.org).epub

2013-05-19 08:57 - 2013-05-19 08:57 - 00372858 ____A C:\Documents and Settings\home\My Documents\[Laurell_K._Hamilton]_Bullet(Bookos.org).epub

2013-05-19 08:56 - 2013-05-19 08:46 - 00257246 ____A C:\Documents and Settings\home\My Documents\[Laurell_K._Hamilton]_Divine_Misdemeanors(Bookos.org).epub

2013-05-19 08:55 - 2013-05-19 08:45 - 00836621 ____A C:\Documents and Settings\home\My Documents\[Laurell_K._Hamilton]_Flirt(Bookos.org).epub

2013-05-19 00:17 - 2013-05-19 00:17 - 00217359 ____A C:\Documents and Settings\home\My Documents\[Anjou_Angelique]_Ja-Rael's_Lioness(Bookos.org).epub

2013-05-19 00:17 - 2013-05-19 00:17 - 00176594 ____A C:\Documents and Settings\home\My Documents\[Fox_Jaide,_Lyons_Brenna,_Nash_Joy]_Dream_Warriors(Bookos.org).epub

2013-05-19 00:14 - 2013-05-19 00:14 - 00195267 ____A C:\Documents and Settings\home\My Documents\[Anjou_Angelique]_Chameleon(Bookos.org).epub

2013-05-18 22:18 - 2013-05-18 22:18 - 00000718 ____A C:\Documents and Settings\All Users\Desktop\Seagate Replica.lnk

2013-05-18 22:07 - 2013-05-18 22:07 - 00000000 ____D C:\Documents and Settings\home\Application Data\Leadertech

2013-05-17 23:48 - 2013-05-17 23:48 - 00150083 ____A C:\Documents and Settings\home\My Documents\reunion-vampires-realm-romance-series.epub

2013-05-17 23:24 - 2013-05-17 23:24 - 00251157 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Enslave(Bookos.org).mobi

2013-05-17 23:18 - 2013-05-17 23:18 - 00192571 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Seduce(Bookos.org).epub

2013-05-17 23:18 - 2013-05-17 23:18 - 00140778 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Covet(Bookos.org).epub

2013-05-17 23:17 - 2013-05-17 23:17 - 00404764 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Forbidden_Blood(Bookos.org).epub

2013-05-17 23:17 - 2013-05-17 23:17 - 00308531 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Ascension(Bookos.org).epub

2013-05-17 23:17 - 2013-05-17 23:17 - 00176032 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Crave(Bookos.org).epub

2013-05-17 23:16 - 2013-05-17 23:16 - 00147876 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_The_Night(Bookos.org).epub

2013-05-16 22:42 - 2013-05-16 22:42 - 00152793 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Vampire_for_Christmas(Bookos.org).epub

2013-05-16 22:36 - 2013-05-16 22:36 - 00082678 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Moonlight(Bookos.org).epub

2013-05-16 22:35 - 2013-05-16 22:35 - 00100723 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Embracing_the_Wolf(Bookos.org).epub

2013-05-16 22:34 - 2013-05-16 22:34 - 00203334 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Cabin_Fever(Bookos.org).lit

2013-05-16 22:34 - 2013-05-16 22:34 - 00096108 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_A_Promise_of_Passion(Bookos.org).lit

2013-05-16 22:33 - 2013-05-16 22:33 - 00205232 ____A C:\Documents and Settings\home\My Documents\[Heaton_Felicity]_Mating_Call(Bookos.org).lit

2013-05-15 10:39 - 2009-08-09 21:03 - 00000000 ____D C:\Windows\ie8updates

2013-05-15 10:17 - 2013-05-15 10:17 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$

2013-05-15 10:17 - 2009-07-30 21:12 - 00000000 ___HD C:\Windows\$hf_mig$

2013-05-15 10:13 - 2009-08-09 19:16 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-05-15 10:12 - 2013-05-15 10:12 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$

2013-05-14 19:27 - 2013-05-14 19:27 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application DataGoogle

2013-05-13 21:05 - 2009-07-30 20:29 - 00002577 ____A C:\Windows\System32\CONFIG.NT



==================== Bamital & volsnap Check =================



C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit



==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-06-2013

Ran by home at 2013-06-09 00:25:34 Run:

Running from C:\Documents and Settings\home\Desktop

Boot Mode: Normal

==========================================================





==================== Installed Programs =======================



7-Zip 9.20

7-Zip 9.20 (Version: 9.20.00.0)

Acrobat.com (Version: 1.7.186)

Adobe Media Player (Version: 1.8)

Akamai NetSession Interface Service

AlterGeo Magic Scanner (Version: 3.2.1.742)

Amazon Browser Bar (Version: 3.0)

Apple Application Support (Version: 2.3.3)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (Version: 2.1.3.127)

AT&T Communication Manager (Version: 7.02.0316.0)

Bonjour (Version: 3.0.0.10)

BrowserProtect

calibre (Version: 0.9.33)

CCleaner (Version: 4.02)

Defraggler (remove only)

Free AVI Video Converter version 5.0.21.1212 (Version: 5.0.21.1212)

InstallerApp (Version: 1.0.0.0)

Intel(R) Extreme Graphics 2 Driver (Version: 6.14.10.4396)

iTunes (Version: 11.0.2.26)

Java 7 Update 21 (Version: 7.0.210)

Java Auto Updater (Version: 2.1.9.5)

Junk Mail filter update (Version: 14.0.8089.726)

Microsoft .NET Framework 1.1 (Version: 1.1.4322)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2742597)

Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)

Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Age of Empires II

Microsoft Age of Empires II: The Conquerors Expansion

Microsoft Application Error Reporting (Version: 12.0.6012.5000)

Microsoft Choice Guard (Version: 2.0.48.0)

Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)

Microsoft Search Enhancement Pack (Version: 1.3.59.0)

Microsoft Silverlight (Version: 5.1.20125.0)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)

Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)

Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)

Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)

Microsoft_VC90_ATL_x86 (Version: 1.00.0000)

Microsoft_VC90_CRT_x86 (Version: 1.00.0000)

Microsoft_VC90_MFC_x86 (Version: 1.00.0000)

MobileMe Control Panel (Version: 3.1.1.0)

Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)

Mozilla Maintenance Service (Version: 21.0)

MSN

MSVCRT (Version: 14.0.1468.721)

Nero 7 Ultra Edition (Version: 7.02.0936)

Paquete de compatibilidad para 2007 Office system (Version: 12.0.6612.1000)

PCI Audio Driver

PDF-Viewer (Version: 2.5.210.0)

Picasa 3 (Version: 3.9)

Punto Switcher (Version: 3.1.1.72)

QuickTime (Version: 7.73.80.64)

RarZilla Free Unrar (Version: 4.80)

RegClean Pro (Version: 6.21)

SanDiskSecureAccess_Manager.exe (Version: 1.1.19755)

Seagate Replica v3.0.1801.8554

Segoe UI (Version: 14.0.4327.805)

Sony USB Driver

Torrey & the Vampire 1.7 (Version: 1.7)

Trend Micro Titanium (Version: 5.00)

Trend Micro Titanium 2012 (Version: 5.4)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)

Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)

Update for Windows Internet Explorer 8 (KB972636) (Version: 1)

Update for Windows Internet Explorer 8 (KB976662) (Version: 1)

Update for Windows Internet Explorer 8 (KB976749) (Version: 1)

Update for Windows Internet Explorer 8 (KB980182) (Version: 1)

VIA Rhine-Family Fast-Ethernet Adapter

VLC media player 1.0.1 (Version: 1.0.1)

WebFldrs XP (Version: 9.50.7523)

Windows Defender (Version: 1.1.1593.21)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component (Version: 3.0.0.0)

Windows Internet Explorer 8 (Version: 20090308.140743)

Windows Live Call (Version: 14.0.8064.0206)

Windows Live Communications Platform (Version: 14.0.8064.206)

Windows Live Essentials (Version: 14.0.8089.0726)

Windows Live Essentials (Version: 14.0.8089.726)

Windows Live Mail (Version: 14.0.8089.0726)

Windows Live Messenger (Version: 14.0.8089.0726)

Windows Live OneCare safety scanner

Windows Live Sign-in Assistant (Version: 5.000.818.5)

Windows Live Upload Tool (Version: 14.0.8014.1029)

Windows Media Format 11 runtime

Windows Media Player 11

Windows PowerShell(TM) 1.0 (Version: 2)

Windows Search 4.0 (Version: 04.00.6001.503)

Windows XP Service Pack 3 (Version: 20080414.031525)

XML Paper Specification Shared Components Pack 1.0
 
==================== Restore Points =========================



12-03-2013 01:37:35 System Checkpoint

12-03-2013 12:52:54 Printer Driver Lexmark 3100 Series Installed

12-03-2013 15:12:38 Removed Foxit Reader

13-03-2013 12:18:49 Software Distribution Service 3.0

14-03-2013 04:16:20 Software Distribution Service 3.0

14-03-2013 13:43:23 Software Distribution Service 3.0

15-03-2013 22:07:33 Software Distribution Service 3.0

16-03-2013 22:59:56 System Checkpoint

18-03-2013 13:09:01 System Checkpoint

18-03-2013 14:23:17 Software Distribution Service 3.0

19-03-2013 22:58:23 System Checkpoint

20-03-2013 01:26:40 Software Distribution Service 3.0

21-03-2013 19:17:09 System Checkpoint

22-03-2013 13:15:17 Software Distribution Service 3.0

22-03-2013 21:36:43 Installed calibre

22-03-2013 21:41:29 Removed calibre

23-03-2013 03:43:29 Windows Defender Checkpoint

28-03-2013 03:09:20 Software Distribution Service 3.0

29-03-2013 21:36:54 Software Distribution Service 3.0

30-03-2013 22:46:56 System Checkpoint

31-03-2013 18:47:00 Installed calibre

31-03-2013 18:55:52 Installed calibre

31-03-2013 18:57:53 Removed calibre

31-03-2013 19:01:31 Removed Adobe Reader XI (11.0.02).

31-03-2013 19:19:10 Removed Adobe Community Help

02-04-2013 13:44:25 Software Distribution Service 3.0

04-04-2013 17:11:42 System Checkpoint

06-04-2013 00:22:32 Software Distribution Service 3.0

06-04-2013 02:17:36 Installed calibre

06-04-2013 02:19:25 Removed calibre

12-04-2013 00:14:24 Software Distribution Service 3.0

12-04-2013 00:29:45 Software Distribution Service 3.0

14-04-2013 03:37:14 Software Distribution Service 3.0

14-04-2013 03:43:43 Removed calibre

19-04-2013 02:56:56 Software Distribution Service 3.0

21-04-2013 21:53:29 Software Distribution Service 3.0

24-04-2013 00:20:50 Software Distribution Service 3.0

24-04-2013 00:29:42 Installed Java 7 Update 21

25-04-2013 01:36:42 System Checkpoint

28-04-2013 19:07:42 System Checkpoint

28-04-2013 21:45:24 Software Distribution Service 3.0

30-04-2013 21:57:42 Software Distribution Service 3.0

30-04-2013 22:14:26 Installed calibre

30-04-2013 22:16:12 Removed calibre

05-05-2013 02:21:10 Software Distribution Service 3.0

05-05-2013 02:56:22 Installed calibre

05-05-2013 02:58:02 Removed calibre

08-05-2013 00:34:25 Software Distribution Service 3.0

11-05-2013 01:31:47 Software Distribution Service 3.0

11-05-2013 02:30:53 Installed calibre

11-05-2013 02:32:29 Removed calibre

14-05-2013 00:33:41 System Checkpoint

15-05-2013 13:45:08 Software Distribution Service 3.0

15-05-2013 14:10:16 Software Distribution Service 3.0

16-05-2013 22:52:56 Software Distribution Service 3.0

18-05-2013 03:16:17 Software Distribution Service 3.0

18-05-2013 04:02:59 Installed calibre

18-05-2013 04:04:42 Removed calibre

19-05-2013 04:39:28 System Checkpoint

22-05-2013 01:17:45 Software Distribution Service 3.0

22-05-2013 01:25:42 Removed ePhoneTools

27-05-2013 15:24:54 Software Distribution Service 3.0

27-05-2013 18:39:20 Installed calibre

27-05-2013 18:41:25 Removed calibre

30-05-2013 23:04:25 System Checkpoint

01-06-2013 20:22:03 Installed calibre

01-06-2013 20:24:51 Removed calibre

01-06-2013 20:26:54 Software Distribution Service 3.0

02-06-2013 13:16:16 Removed Safari

02-06-2013 13:23:43 Removed Google Drive

02-06-2013 13:25:20 Removed Google Earth.

03-06-2013 11:22:35 RegClean Pro Mon, Jun 03, 13 07:20

03-06-2013 19:02:36 Restore Operation

04-06-2013 02:09:26 Installed %1 %2.

07-06-2013 00:39:13 avast! Free Antivirus Setup

07-06-2013 01:36:15 Removed Picture Package

07-06-2013 20:27:27 Software Distribution Service 3.0

08-06-2013 01:02:14 RegClean Pro Fri, Jun 07, 13 21:02

08-06-2013 01:27:27 Installed AT&T Communication Manager.

08-06-2013 01:32:56 Install LG USB NDIS Driver



==================== Hosts content: ==========================





127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com



There are 1000 more lines starting with "127.0.0.1"





==================== Faulty Device Manager Devices =============



Name: Video Controller (VGA Compatible)

Description: Video Controller (VGA Compatible)

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.





==================== Event log errors: =========================



Application errors:

==================

Error: (06/08/2013 09:00:29 PM) (Source: MPSampleSubmission) (User: )

Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.



Error: (06/08/2013 08:51:46 AM) (Source: MPSampleSubmission) (User: )

Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.



Error: (06/07/2013 04:27:27 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )

Description: EventType clr20r3, P1 updaterservice.exe, P2 1.0.0.0, P3 511e08ea, P4 updaterservice, P5 1.0.0.0, P6 511e08ea, P7 25, P8 0, P9 clr20r30, P10 clr20r31.



Error: (06/07/2013 04:24:27 PM) (Source: crypt32) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:27 PM) (Source: crypt32) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:26 PM) (Source: crypt32) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:20 PM) (Source: crypt32) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:17 PM) (Source: crypt32) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:17 PM) (Source: crypt32) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:13:45 PM) (Source: Application Hang) (User: )

Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.





System errors:

=============

Error: (06/09/2013 00:08:20 AM) (Source: W32Time) (User: )

Description: The time provider NtpClient is configured to acquire time from one or more

time sources, however none of the sources are currently accessible.

No attempt to contact a source will be made for 120 minutes.

NtpClient has no source of accurate time.



Error: (06/09/2013 00:08:20 AM) (Source: W32Time) (User: )

Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually

configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120

minutes.

The error was: A socket operation was attempted to an unreachable host. (0x80072751)



Error: (06/08/2013 11:08:20 PM) (Source: W32Time) (User: )

Description: The time provider NtpClient is configured to acquire time from one or more

time sources, however none of the sources are currently accessible.

No attempt to contact a source will be made for 60 minutes.

NtpClient has no source of accurate time.



Error: (06/08/2013 11:08:20 PM) (Source: W32Time) (User: )

Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually

configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60

minutes.

The error was: A socket operation was attempted to an unreachable host. (0x80072751)



Error: (06/08/2013 10:38:20 PM) (Source: W32Time) (User: )

Description: The time provider NtpClient is configured to acquire time from one or more

time sources, however none of the sources are currently accessible.

No attempt to contact a source will be made for 30 minutes.

NtpClient has no source of accurate time.



Error: (06/08/2013 10:38:20 PM) (Source: W32Time) (User: )

Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually

configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30

minutes.

The error was: A socket operation was attempted to an unreachable host. (0x80072751)



Error: (06/08/2013 10:23:20 PM) (Source: W32Time) (User: )

Description: The time provider NtpClient is configured to acquire time from one or more

time sources, however none of the sources are currently accessible.

No attempt to contact a source will be made for 14 minutes.

NtpClient has no source of accurate time.



Error: (06/08/2013 10:23:20 PM) (Source: W32Time) (User: )

Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually

configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15

minutes.

The error was: A socket operation was attempted to an unreachable host. (0x80072751)



Error: (06/08/2013 08:05:35 AM) (Source: Service Control Manager) (User: )

Description: The BrowserProtect service failed to start due to the following error:

%%2



Error: (06/07/2013 08:33:29 PM) (Source: Service Control Manager) (User: )

Description: The BrowserProtect service failed to start due to the following error:

%%2





Microsoft Office Sessions:

=========================

Error: (06/08/2013 09:00:29 PM) (Source: MPSampleSubmission)(User: )

Description: mptelemetry8024402cendsearchsearch1.1.1593.0mpsigdwn.dll1.1.1593.0windows defenderNILNILNIL



Error: (06/08/2013 08:51:46 AM) (Source: MPSampleSubmission)(User: )

Description: mptelemetry8024402cendsearchsearch1.1.1593.0mpsigdwn.dll1.1.1593.0windows defenderNILNILNIL



Error: (06/07/2013 04:27:27 PM) (Source: .NET Runtime 2.0 Error Reporting)(User: )

Description: clr20r3updaterservice.exe1.0.0.0511e08eaupdaterservice1.0.0.0511e08ea250system.overflowexceptionNIL



Error: (06/07/2013 04:24:27 PM) (Source: crypt32)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:27 PM) (Source: crypt32)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:26 PM) (Source: crypt32)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:20 PM) (Source: crypt32)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:17 PM) (Source: crypt32)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:17 PM) (Source: crypt32)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:13:45 PM) (Source: Application Hang)(User: )

Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000





==================== Memory info ===========================



Percentage of memory in use: 81%

Total physical RAM: 1022.73 MB

Available physical RAM: 192.07 MB

Total Pagefile: 2970.62 MB

Available Pagefile: 1990.57 MB

Total Virtual: 2047.88 MB

Available Virtual: 1942.37 MB



==================== Drives ================================



Drive c: () (Fixed) (Total:465.76 GB) (Free:113.5 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive g: () (Removable) (Total:14.9 GB) (Free:14.56 GB) FAT32



==================== MBR & Partition Table ==================



========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 23658E6F)

Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)



========================================================

Disk: 1 (Size: 15 GB) (Disk ID: 00000000)

Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)


==================== End Of Log ====
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-06-2013

Ran by home at 2013-06-09 01:03:52 Run:1

Running from C:\Documents and Settings\home\Desktop\fixit

Boot Mode: Normal



==============================================



jdro => Service deleted successfully.

waytnjrc => Service deleted successfully.


==== End of Fixlog
 
Please post new FSS log (my reply #2).

Bed time here but if you're still up I'll leave you with some homework.

redtarget.gif
Please download MiniToolBox, save it to your desktop and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Devices (do NOT change any settings)
Click Go and post the result.

redtarget.gif
Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
Farbar Service Scanner Version: 31-05-2013 01

Ran by home (administrator) on 09-06-2013 at 01:25:54

Running from "C:\Documents and Settings\home\Desktop"

Microsoft Windows XP Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************



Internet Services:

============



Connection Status:

==============

Localhost is accessible.

There is no connection to network.

Attempt to access Google IP returned error. Google IP is unreachable

Attempt to access Google.com returned error: Other errors

Attempt to access Yahoo IP returned error. Yahoo IP is unreachable

Attempt to access Yahoo.com returned error: Other errors





Windows Firewall:

=============



Firewall Disabled Policy:

==================





System Restore:

============



System Restore Disabled Policy:

========================





Security Center:

============





Windows Update:

============



Windows Autoupdate Disabled Policy:

============================





File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll => MD5 is legit

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit



Extra List:

=======

Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(9) NwlnkNb(10) PSched(7) Tcpip(4) tcpipBM(11)

0x0B00000005000000010000000200000003000000040000000B0000000C0000000600000007000000090000000A000000

IpSec Tag value is correct.



**** End of log ****
 
MiniToolBox by Farbar Version:21-04-2013

Ran by home (administrator) on 09-06-2013 at 01:34:03

Running from "C:\Documents and Settings\home\Desktop"

Microsoft Windows XP Service Pack 3 (X86)

Boot Mode: Normal

***************************************************************************



========================= IE Proxy Settings: ==============================



Proxy is not enabled.

ProxyServer: 169.254.103.158:80



========================= FF Proxy Settings: ==============================



========================= Hosts content: =================================





127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com



There are 13567 more lines starting with "127.0.0.1"



========================= IP Configuration: ================================



VIA Rhine III Fast Ethernet Adapter = Local Area Connection 6 (Connected)





# ----------------------------------

# Interface IP Configuration

# ----------------------------------

pushd interface ip





# Interface IP Configuration for "Local Area Connection 6"



set address name="Local Area Connection 6" source=dhcp

set dns name="Local Area Connection 6" source=dhcp register=PRIMARY

set wins name="Local Area Connection 6" source=dhcp





popd

# End of interface IP configuration









Windows IP Configuration







Host Name . . . . . . . . . . . . : home-52dc6e4b98



Primary Dns Suffix . . . . . . . :



Node Type . . . . . . . . . . . . : Unknown



IP Routing Enabled. . . . . . . . : No



WINS Proxy Enabled. . . . . . . . : No







Ethernet adapter Local Area Connection 6:







Connection-specific DNS Suffix . :



Description . . . . . . . . . . . : VIA Rhine III Fast Ethernet Adapter #2



Physical Address. . . . . . . . . : 00-40-F4-B1-FF-29



Dhcp Enabled. . . . . . . . . . . : Yes



Autoconfiguration Enabled . . . . : Yes



Autoconfiguration IP Address. . . : 169.254.103.158



Subnet Mask . . . . . . . . . . . : 255.255.0.0



Default Gateway . . . . . . . . . :



Server: UnKnown

Address: 127.0.0.1



Ping request could not find host google.com. Please check the name and try again.



Server: UnKnown

Address: 127.0.0.1



Ping request could not find host yahoo.com. Please check the name and try again.







Pinging 127.0.0.1 with 32 bytes of data:







Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128







Ping statistics for 127.0.0.1:



Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Approximate round trip times in milli-seconds:



Minimum = 0ms, Maximum = 0ms, Average = 0ms



===========================================================================

Interface List

0x1 ........................... MS TCP Loopback interface

0x10003 ...00 40 f4 b1 ff 29 ...... VIA Rhine III Fast Ethernet Adapter #2 - Packet Scheduler Miniport

===========================================================================

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

169.254.0.0 255.255.0.0 169.254.103.158 169.254.103.158 20

169.254.103.158 255.255.255.255 127.0.0.1 127.0.0.1 20

169.254.255.255 255.255.255.255 169.254.103.158 169.254.103.158 20

224.0.0.0 240.0.0.0 169.254.103.158 169.254.103.158 20

255.255.255.255 255.255.255.255 169.254.103.158 169.254.103.158 1

===========================================================================

Persistent Routes:

None

========================= Winsock entries =====================================



Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)

Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Catalog5 05 C:\WINDOWS\system32\nwprovau.dll [142336] (Microsoft Corporation)

Catalog9 01 bmnet.dll [File not found] ()

Catalog9 02 bmnet.dll [File not found] ()

Catalog9 03 bmnet.dll [File not found] ()

Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 12 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)

Catalog9 13 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)

Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 22 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 23 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 24 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 25 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 26 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 27 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Event log errors: ===============================



Application errors:

==================

Error: (06/08/2013 09:00:29 PM) (Source: MPSampleSubmission) (User: )

Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.



Error: (06/08/2013 08:51:46 AM) (Source: MPSampleSubmission) (User: )

Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.



Error: (06/07/2013 04:27:27 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )

Description: EventType clr20r3, P1 updaterservice.exe, P2 1.0.0.0, P3 511e08ea, P4 updaterservice, P5 1.0.0.0, P6 511e08ea, P7 25, P8 0, P9 clr20r30, P10 clr20r31.



Error: (06/07/2013 04:24:27 PM) (Source: crypt32) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:27 PM) (Source: crypt32) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:26 PM) (Source: crypt32) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:20 PM) (Source: crypt32) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:17 PM) (Source: crypt32) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:17 PM) (Source: crypt32) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:13:45 PM) (Source: Application Hang) (User: )

Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.





System errors:

=============

Error: (06/09/2013 00:08:20 AM) (Source: W32Time) (User: )

Description: The time provider NtpClient is configured to acquire time from one or more

time sources, however none of the sources are currently accessible.

No attempt to contact a source will be made for 120 minutes.

NtpClient has no source of accurate time.



Error: (06/09/2013 00:08:20 AM) (Source: W32Time) (User: )

Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually

configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120

minutes.

The error was: A socket operation was attempted to an unreachable host. (0x80072751)



Error: (06/08/2013 11:08:20 PM) (Source: W32Time) (User: )

Description: The time provider NtpClient is configured to acquire time from one or more

time sources, however none of the sources are currently accessible.

No attempt to contact a source will be made for 60 minutes.

NtpClient has no source of accurate time.



Error: (06/08/2013 11:08:20 PM) (Source: W32Time) (User: )

Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually

configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60

minutes.

The error was: A socket operation was attempted to an unreachable host. (0x80072751)



Error: (06/08/2013 10:38:20 PM) (Source: W32Time) (User: )

Description: The time provider NtpClient is configured to acquire time from one or more

time sources, however none of the sources are currently accessible.

No attempt to contact a source will be made for 30 minutes.

NtpClient has no source of accurate time.



Error: (06/08/2013 10:38:20 PM) (Source: W32Time) (User: )

Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually

configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30

minutes.

The error was: A socket operation was attempted to an unreachable host. (0x80072751)



Error: (06/08/2013 10:23:20 PM) (Source: W32Time) (User: )

Description: The time provider NtpClient is configured to acquire time from one or more

time sources, however none of the sources are currently accessible.

No attempt to contact a source will be made for 14 minutes.

NtpClient has no source of accurate time.



Error: (06/08/2013 10:23:20 PM) (Source: W32Time) (User: )

Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually

configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15

minutes.

The error was: A socket operation was attempted to an unreachable host. (0x80072751)



Error: (06/08/2013 08:05:35 AM) (Source: Service Control Manager) (User: )

Description: The BrowserProtect service failed to start due to the following error:

%%2



Error: (06/07/2013 08:33:29 PM) (Source: Service Control Manager) (User: )

Description: The BrowserProtect service failed to start due to the following error:

%%2





Microsoft Office Sessions:

=========================

Error: (06/08/2013 09:00:29 PM) (Source: MPSampleSubmission)(User: )

Description: mptelemetry8024402cendsearchsearch1.1.1593.0mpsigdwn.dll1.1.1593.0windows defenderNILNILNIL



Error: (06/08/2013 08:51:46 AM) (Source: MPSampleSubmission)(User: )

Description: mptelemetry8024402cendsearchsearch1.1.1593.0mpsigdwn.dll1.1.1593.0windows defenderNILNILNIL



Error: (06/07/2013 04:27:27 PM) (Source: .NET Runtime 2.0 Error Reporting)(User: )

Description: clr20r3updaterservice.exe1.0.0.0511e08eaupdaterservice1.0.0.0511e08ea250system.overflowexceptionNIL



Error: (06/07/2013 04:24:27 PM) (Source: crypt32)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:27 PM) (Source: crypt32)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:26 PM) (Source: crypt32)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:20 PM) (Source: crypt32)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:17 PM) (Source: crypt32)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:24:17 PM) (Source: crypt32)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.



Error: (06/07/2013 04:13:45 PM) (Source: Application Hang)(User: )

Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000

 
Back