Author Topic: [Resolved - K] Police Report Malware  (Read 7170 times)

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7670
Re: [Resolved - K] Police Report Malware
« Reply #30 on: August 13, 2015, 08:11:38 AM »
Do not save to a folder, save direct to the Desktop, double click the reg file to run, accept what is prompted.

Cheers....



Offline chipmeister

  • Bronze Member
  • Posts: 183
Re: [Resolved - K] Police Report Malware
« Reply #31 on: August 13, 2015, 10:25:48 AM »
Thanks, sorry to be a pain. that's just how it opened. Now to be a bigger pain, can you send me that attachment one more time? For some reason, it won't open from the thread. Thanks.

Chip

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7670
Re: [Resolved - K] Police Report Malware
« Reply #32 on: August 13, 2015, 12:51:47 PM »
You`re not being a pain, zip file attached for you....

Offline chipmeister

  • Bronze Member
  • Posts: 183
Re: [Resolved - K] Police Report Malware
« Reply #33 on: August 14, 2015, 01:11:42 AM »
Thanks Kevin,
Okay, no matter how I try to transfer it from the thread, it shows up on my desktop as a folder titled fixme.zip. When I open the folder, inside is a file fixme.reg. So I dragged that to my desktop. Double clicking it gives me a window asking me if I want to add the information c:\documents and settings\owner\desktop\fixme.reg to the registry. However, if I right click it, a dropdown menu opens with merger as the only item in bold at the top. If I click it, I get that same window about adding the information. If I click yes, it says it has been successfully added to the registry. Is there a chance that's what we wanted to do, only vis a slightly different method? Thanks.

Chip

Offline chipmeister

  • Bronze Member
  • Posts: 183
Re: [Resolved - K] Police Report Malware
« Reply #34 on: August 14, 2015, 01:56:57 AM »
Actually, I think that fixme.zip folder is how my system moved zipped files. I got rid of my old unzipping program and am not too familiar with the new one yet. So I assume the fixme.reg is the thing we want. I didn't do anything to unzip it. Just did what I described above.

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7670
Re: [Resolved - K] Police Report Malware
« Reply #35 on: August 14, 2015, 06:07:22 AM »
Hiya Chips,

Continue on with the rest of the steps, we can check on the reg fix later.

Thank you,

Kevin

Offline chipmeister

  • Bronze Member
  • Posts: 183
Re: [Resolved - K] Police Report Malware
« Reply #36 on: August 15, 2015, 01:26:59 AM »
Hi Kevin,
Here is some of what I got. First, the MBAM log is pasted here and the fixlog.text is attached. I'll get to the rest shortly. Thanks.

Chip

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/14/2015
Scan Time: 9:02:26 PM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.14.06
Rootkit Database: v2015.08.06.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Disabled
Self-protection: Enabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 364585
Time Elapsed: 47 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7670
Re: [Resolved - K] Police Report Malware
« Reply #37 on: August 15, 2015, 07:09:19 AM »
Thanks for the logs/update...

Offline chipmeister

  • Bronze Member
  • Posts: 183
Re: [Resolved - K] Police Report Malware
« Reply #38 on: August 15, 2015, 09:22:51 PM »
Hi Kevin: Here's the AdwCleaner and JRT logs. I tried to run the Windows tool as administrator. I actually had to right click through a few menus to get to it as it did come up with the administrator option initially. Unfortunately, it needs a password and to be honest, I probably haven't logged in as administrator for a number of years so I do not have that password handy. I'll see if I can find it.. Thanks.

# AdwCleaner v5.000 - Logfile created 15/08/2015 at 21:38:43
# Updated 14/08/2015 by Xplode
# Database : 2015-08-15.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Owner - OWNER-3904C3CFA
# Running from : C:\Documents and Settings\Owner\desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Documents and Settings\Owner\Application Data\FoxTab
[-] Folder Deleted : C:\Program Files\FoxTab

***** [ Files ] *****

[-] File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\Program Files\Pale Moon\browser\searchplugins\yahoo.xml

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKU\.DEFAULT\Software\IGearSettings

***** [ Web browsers ] *****

[-] [C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: Proxy settings cleared
:: Winsock settings cleared

*************************

C:\AdwCleaner[C2].txt - [1550 octets] - [15/08/2015 21:38:43]
C:\AdwCleaner[S2].txt - [1537 octets] - [15/08/2015 21:33:56]

########## EOF - C:\AdwCleaner[C2].txt - [1676 octets] ##########





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.6 (08.10.2015:1)
OS: Microsoft Windows XP x86
Ran by Owner on Sat 08/15/2015 at 21:48:49.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\2q7p36am.default\minidumps [9 files]



~~~ Chrome


[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/15/2015 at 21:55:51.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7670
Re: [Resolved - K] Police Report Malware
« Reply #39 on: August 16, 2015, 01:26:59 AM »
There will probably be no need to select "run as administrator" for XP, just double click on MRST. I do not see XP systems much at all nowadays, hence my c/r`s are set for Windows 7, 8, 8.1 and 10....

Thank you,

Kevin...

Offline chipmeister

  • Bronze Member
  • Posts: 183
Re: [Resolved - K] Police Report Malware
« Reply #40 on: August 16, 2015, 02:05:38 AM »
Hi Kevin,

Yes, I know XP is a dinosaur. In the near future I'm going to be replacing the machine and getting a new OS. Tough though because i do like the interface. Anyway, below is the Microsoft tool scan result. Enjoy your morning.

Chip
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Sun Aug 16 03:44:01 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0

Results Summary:
----------------
No infection found.

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7670
Re: [Resolved - K] Police Report Malware
« Reply #41 on: August 16, 2015, 03:33:01 AM »
Thanks for logs/update, continue please:

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two logs....

If these logs are clean I guess we can clean up, obviously if there are any remaining issues or concerns please let me know....

Cheeers,

Kevin...

Offline chipmeister

  • Bronze Member
  • Posts: 183
Re: [Resolved - K] Police Report Malware
« Reply #42 on: August 17, 2015, 02:55:41 AM »
O.K. Kevin, here you go. Hope we're clear, Thanks again,

Chip


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-08-2015
Ran by Owner (administrator) on OWNER-3904C3CFA (17-08-2015 04:49:29)
Running from C:\Documents and Settings\Owner\desktop
Loaded Profiles: Owner (Available Profiles: Owner & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgemcx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgidsagent.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2006-02-09] (ATI Technologies, Inc.)
HKLM\...\Run: [Carbonite Backup] => C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)
HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-117609710-1801674531-725345543-1003\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [37152 2014-05-14] (Glarysoft Ltd)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
BootExecute: autocheck autochk *  BootDefrag.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\S-1-5-21-117609710-1801674531-725345543-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\S-1-5-21-117609710-1801674531-725345543-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files\AVG\AVG2012\avgdtiex.dll [2012-10-15] (AVG Technologies CZ, s.r.o.)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-13] (Sonic Solutions)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-02-26] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-02-26] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll [2012-03-27] (AVG Technologies CZ, s.r.o.)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{61D028E3-200A-4392-904E-EDE5C5179C05}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2q7p36am.default
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-22] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2011-10-17] (Google)
FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-02-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-02-26] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-06-04] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [No File]
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-06-04] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-12-18] (Adobe Systems Inc.)
FF Plugin: nuance.com/DragonRIAPlugin -> C:\PROGRA~1\Nuance\NATURA~1\Program\npDgnRia.dll [2013-10-15] (Nuance Communications Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-06-04] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-01-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-01-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-01-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-01-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-01-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2012-12-07] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-06-04] (RealPlayer)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-02-22]
FF HKLM\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-10-15]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-04]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack
FF Extension: AVG Do Not Track - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack [2012-09-27]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4 [2012-03-17]
FF HKU\S-1-5-21-117609710-1801674531-725345543-1003\...\Firefox\Extensions: [{BF1E8C08-D2E9-11E1-8270-B8AC6F996F26}] - C:\Documents and Settings\Owner\Local Settings\Application Data\{BF1E8C08-D2E9-11E1-8270-B8AC6F996F26}
FF Extension: Mozilla Safe Browsing - C:\Documents and Settings\Owner\Local Settings\Application Data\{BF1E8C08-D2E9-11E1-8270-B8AC6F996F26} [2012-07-21]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-13]
CHR Extension: (Google Docs) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-13]
CHR Extension: (Google Drive) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-20]
CHR Extension: (YouTube) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-13]
CHR Extension: (Google Search) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-13]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-13]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-10-13]
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2014-10-13]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-13]
CHR Extension: (Gmail) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-13]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-10-15]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [520192 2006-02-09] () [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [5058256 2014-06-27] (Carbonite, Inc. (www.carbonite.com))
S3 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [311184 2013-10-15] (Nuance Communications, Inc.)
R2 ehRecvr; C:\WINDOWS\eHome\ehRecvr.exe [194560 2004-08-10] (Microsoft Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170912 2013-02-26] (Oracle Corporation)
S3 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2014-05-06] (Eastman Kodak Company)
S3 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-12-11] (Eastman Kodak Company)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [459832 2012-02-15] (Sony Corporation)
S3 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [993848 2011-01-10] (Secunia)
S4 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-01-10] (Secunia)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [25920 1998-11-12] (Adaptec)
R3 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\WINDOWS\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [301920 2012-08-24] (AVG Technologies CZ, s.r.o.)
S3 AX88772; C:\WINDOWS\System32\DRIVERS\ax88772.sys [17920 2004-08-05] (ASIX Electronics Corp.) [File not signed]
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2005-03-22] (Adaptec, Inc.) [File not signed]
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [87136 2004-08-04] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40544 2004-08-13] (Sonic Solutions) [File not signed]
R0 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [17088 2014-05-15] (Glarysoft Ltd)
S3 htcusbnet; C:\WINDOWS\System32\DRIVERS\htcusbnet.sys [128512 2010-12-15] (HTC Corporation)
R3 IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [1339776 2005-05-06] (Intel Corporation)
R3 IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [618880 2006-03-01] (Intel Corporation)
R3 IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [47360 2005-05-06] (Intel Corporation)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [121560 2015-06-18] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-08-17] (Malwarebytes Corporation)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
R3 mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [36880 2005-05-06] (Intel Corporation)
R3 MxlW2k; C:\WINDOWS\system32\Drivers\MxlW2k.sys [28276 2010-09-09] (MusicMatch, Inc.) [File not signed]
R3 P17; C:\WINDOWS\System32\drivers\P17.sys [1127936 2007-06-15] (Creative Technology Ltd.)
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions) [File not signed]
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25723 2004-08-13] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34843 2004-08-13] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4123 2004-08-13] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2239 2004-08-13] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86202 2004-08-13] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14715 2004-08-13] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6363 2004-08-13] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98714 2004-08-13] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100603 2004-08-13] (Sonic Solutions) [File not signed]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-17 04:49 - 2015-08-17 04:50 - 00022081 _____ C:\Documents and Settings\Owner\desktop\FRST.txt
2015-08-15 21:55 - 2015-08-15 21:55 - 00001358 _____ C:\Documents and Settings\Owner\desktop\JRT.txt
2015-08-15 21:42 - 2015-08-15 21:42 - 00001745 _____ C:\Documents and Settings\Owner\desktop\AdwCleaner[C2].txt
2015-08-15 21:38 - 2015-08-15 21:38 - 00001745 _____ C:\AdwCleaner[C2].txt
2015-08-15 21:33 - 2015-08-15 21:36 - 00001537 _____ C:\AdwCleaner[S2].txt
2015-08-15 21:20 - 2015-08-15 21:21 - 50075360 _____ (Microsoft Corporation) C:\Documents and Settings\Owner\desktop\Windows-KB890830-V5.27.exe
2015-08-15 21:19 - 2015-08-15 21:19 - 01563648 _____ C:\Documents and Settings\Owner\desktop\AdwCleaner.exe
2015-08-15 21:17 - 2015-08-15 21:17 - 01791580 _____ (Malwarebytes Corporation) C:\Documents and Settings\Owner\desktop\JRT.exe
2015-08-14 16:01 - 2015-08-17 04:48 - 00000000 ____D C:\Documents and Settings\Owner\desktop\FRST-OlderVersion
2015-08-14 03:02 - 2015-08-12 23:46 - 00000308 _____ C:\Documents and Settings\Owner\desktop\fixme.reg
2015-08-09 18:47 - 2015-08-09 18:47 - 00002628 _____ C:\Documents and Settings\Owner\desktop\FSS.txt
2015-08-09 18:46 - 2015-08-09 18:46 - 00899072 _____ (Farbar) C:\Documents and Settings\Owner\desktop\FSS.exe
2015-08-09 18:38 - 2015-08-17 04:49 - 00000000 ____D C:\Documents and Settings\Owner\desktop\Virus Aug 2015
2015-08-09 18:24 - 2015-08-17 04:48 - 01676800 _____ (Farbar) C:\Documents and Settings\Owner\desktop\FRST.exe
2015-08-07 04:14 - 2015-08-07 06:56 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2015-08-06 20:51 - 2015-08-07 01:34 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2015-07-24 19:01 - 2015-07-24 19:03 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\CanonIJMIG
2015-07-24 18:59 - 2015-07-24 19:00 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\CanonIJScan
2015-07-24 18:16 - 2015-07-24 18:16 - 00000000 ____D C:\Documents and Settings\Owner\desktop\Canon Printer
2015-07-24 18:13 - 2015-07-24 18:13 - 00003698 _____ C:\Documents and Settings\Owner\desktop\PSA Passwords.eml
2015-07-24 15:41 - 2015-07-24 15:41 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\CanonIJFAX
2015-07-24 15:41 - 2012-05-25 09:21 - 00103936 _____ (CANON INC.) C:\WINDOWS\system32\CNC_BLU.dll
2015-07-24 15:40 - 2012-09-21 09:33 - 00321024 _____ (CANON INC.) C:\WINDOWS\system32\CNC_BLL.dll
2015-07-24 15:40 - 2012-05-25 09:20 - 00263168 _____ (CANON INC.) C:\WINDOWS\system32\CNC_BLC.dll
2015-07-24 15:40 - 2012-05-25 09:20 - 00096768 _____ (CANON INC.) C:\WINDOWS\system32\CNC_BLI.dll
2015-07-24 15:40 - 2012-05-15 15:58 - 00098048 _____ C:\WINDOWS\system32\CNC176BD.TBL
2015-07-24 15:40 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA.dll
2015-07-24 15:39 - 2015-07-24 15:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Canon MX920 series User Registration
2015-07-24 15:25 - 2015-07-24 15:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Canon MX920 series Manual
2015-07-24 06:22 - 2015-07-24 06:22 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\CanonIJEGV
2015-07-24 06:20 - 2015-07-24 06:20 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\CanonIJQuickMenu
2015-07-24 06:13 - 2015-07-24 06:13 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Canon Easy-WebPrint EX
2015-07-24 06:12 - 2015-07-24 15:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
2015-07-24 05:59 - 2012-09-21 05:00 - 00258560 _____ (CANON INC.) C:\WINDOWS\system32\CNCALBL.DLL
2015-07-24 05:58 - 2015-07-24 05:58 - 00000000 ___HD C:\Program Files\CanonBJ
2015-07-24 05:58 - 2012-09-20 05:00 - 00315904 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMBL.DLL
2015-07-24 05:57 - 2015-07-24 05:57 - 00000000 ____D C:\WINDOWS\system32\STRING
2015-07-24 05:57 - 2012-07-31 04:47 - 00366592 _____ (CANON INC.) C:\WINDOWS\system32\CNMNPPM.DLL
2015-07-24 05:57 - 2012-07-31 04:47 - 00035840 _____ (CANON INC.) C:\WINDOWS\system32\CNMNPUI.DLL
2015-07-24 05:56 - 2015-07-24 05:56 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\CanonIJETV
2015-07-20 14:53 - 2015-07-20 14:53 - 00088683 _____ C:\Documents and Settings\Owner\desktop\May 28 Seniority List-1.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-17 04:50 - 2014-07-17 03:58 - 00000000 ____D C:\FRST
2015-08-17 04:50 - 2012-03-17 02:45 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\temp
2015-08-17 04:30 - 2015-04-08 15:42 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-17 04:29 - 2010-05-11 15:58 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-17 04:29 - 2010-05-11 11:29 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-08-17 04:29 - 2010-05-11 11:29 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-08-17 04:29 - 2004-08-10 08:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-16 04:06 - 2014-09-03 15:23 - 00264944 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-16 04:06 - 2010-05-11 15:58 - 00032648 _____ C:\WINDOWS\SchedLgU.Txt
2015-08-16 04:06 - 2010-05-11 15:58 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
2015-08-15 23:24 - 2010-05-11 15:47 - 00000000 ____D C:\WINDOWS\Registration
2015-08-15 21:38 - 2014-07-21 16:43 - 00000000 ____D C:\AdwCleaner
2015-08-14 16:01 - 2012-03-17 02:45 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2015-08-14 04:07 - 2010-10-28 14:20 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Realplayer Vids and Audio
2015-08-14 04:06 - 2010-05-12 09:34 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Political
2015-08-13 06:03 - 2010-05-11 15:58 - 00000000 ____D C:\Documents and Settings\Owner
2015-08-13 04:23 - 2015-05-26 02:27 - 00000000 ____D C:\Documents and Settings\Owner\desktop\PSA
2015-08-09 15:39 - 2015-04-08 15:41 - 00000777 _____ C:\Documents and Settings\All Users\desktop\Malwarebytes Anti-Malware.lnk
2015-08-09 15:39 - 2015-04-08 15:41 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-09 15:39 - 2015-04-08 15:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-09 07:38 - 2011-04-13 02:18 - 00000000 ____D C:\WINDOWS\system32\Drivers\AVG
2015-08-06 21:08 - 2011-06-21 23:07 - 00000000 ____D C:\Documents and Settings\Administrator
2015-08-06 21:08 - 2010-05-11 15:55 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-08-06 20:52 - 2010-05-11 15:58 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-08-03 12:36 - 2014-05-15 16:35 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\DiskDefrag
2015-07-28 11:01 - 2010-05-11 17:04 - 129304528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-26 16:30 - 2010-05-12 09:08 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\media cbs
2015-07-24 19:00 - 2010-10-21 00:01 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Canon
2015-07-24 16:21 - 2015-03-30 14:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Kodak
2015-07-24 16:21 - 2015-01-02 18:08 - 00160136 _____ C:\WINDOWS\setupapi.log
2015-07-24 15:42 - 2010-06-07 11:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
2015-07-24 15:42 - 2010-06-07 11:00 - 00000000 ____D C:\Program Files\Canon
2015-07-24 15:41 - 2010-05-11 11:20 - 00000000 ____D C:\WINDOWS\twain_32
2015-07-24 15:41 - 2010-05-11 11:20 - 00000000 ____D C:\WINDOWS\Media
2015-07-24 07:13 - 2012-03-17 23:11 - 01907950 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-117609710-1801674531-725345543-1003-0.dat
2015-07-24 07:13 - 2012-03-17 23:11 - 00170798 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-07-23 02:23 - 2015-01-28 04:19 - 00000000 ____D C:\Documents and Settings\Owner\desktop\Aviation
2015-07-22 18:50 - 2010-05-19 13:06 - 00000116 _____ C:\WINDOWS\NeroDigital.ini

==================== Files in the root of some directories =======

2012-12-04 02:32 - 2012-12-04 02:32 - 0751078 _____ () C:\Documents and Settings\Owner\Application Data\1.bmp
2015-03-17 17:37 - 2015-03-17 17:37 - 0000049 _____ () C:\Documents and Settings\Owner\Application Data\232.txt
2015-03-17 17:36 - 2015-03-17 17:36 - 0000048 _____ () C:\Documents and Settings\Owner\Application Data\292.txt
2015-03-17 17:26 - 2015-03-17 17:36 - 0000003 _____ () C:\Documents and Settings\Owner\Application Data\rgsuseropened.txt
2011-12-16 20:14 - 2011-12-16 20:14 - 0000000 _____ () C:\Documents and Settings\Owner\Application Data\xfFRj.txt
2010-05-19 13:03 - 2015-04-26 00:11 - 0218112 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-23 17:44 - 2013-01-23 17:44 - 0026900 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\dt.dat
2010-07-12 00:53 - 2010-07-12 00:53 - 0000128 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat

Some files in TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================




Additional scan result of Farbar Recovery Scan Tool (x86) Version:16-08-2015
Ran by Owner (2015-08-17 04:51:50)
Running from C:\Documents and Settings\Owner\desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-117609710-1801674531-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-117609710-1801674531-725345543-1007 - Limited - Enabled)
Guest (S-1-5-21-117609710-1801674531-725345543-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-117609710-1801674531-725345543-1000 - Limited - Disabled)
Owner (S-1-5-21-117609710-1801674531-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-117609710-1801674531-725345543-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Anti-Virus Free Edition 2012 (Enabled - Out of date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
AC3Filter 1.63b (HKLM\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.5.0.880 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.01) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.01 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
aioscnnr (Version: 7.6.13.10 - Your Company Name) Hidden
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
ArcSoft PhotoImpression 4 (HKLM\...\{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}) (Version:  - )
ArcSoft PhotoStudio 5.5 (HKLM\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1014 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5183 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.23-060209a1-030546C-Dell - )
AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2240 - AVG Technologies)
AVG 2012 (Version: 12.0.2221 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.4311 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2240 - AVG Technologies) Hidden
Broadcom Gigabit Integrated Controller (Version: 7.53.02 - Broadcom) Hidden
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MP Navigator 2.0 (HKLM\...\MP Navigator 2.0) (Version:  - )
Canon MP950 (HKLM\...\{00DD3B64-74A4-4be7-BAC4-934499C5E34C}) (Version:  - )
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX920 series User Registration (HKLM\...\Canon MX920 series User Registration) (Version:  - Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version:  - )
Carbonite (HKLM\...\Carbonite Backup) (Version: 5.5.5 build 4151  (Jun-27-2014) - Carbonite)
CardRecovery 5.30 (HKLM\...\{88D68A69-D247-466B-90DD-575F6BE16230}_is1) (Version:  - WinRecovery Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CoolUtils Mail Viewer (HKLM\...\CoolUtils Mail Viewer_is1) (Version: 2.5 - Softplicity, Inc.)
Dragon NaturallySpeaking 12 (HKLM\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.)
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
essentials (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
FLV to AVI WMV MPEG Free Converter 3.2.60 (HKLM\...\FLV to AVI WMV MPEG Free Converter_is1) (Version:  - )
Glary Utilities 5.0 (HKLM\...\Glary Utilities 5) (Version: 5.0.0.1 - Glarysoft Ltd)
GoldWave v5.56 (HKLM\...\GoldWave v5.56) (Version:  - )
Golf 2003 (HKLM\...\Golf 2003) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth (HKLM\...\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}) (Version: 6.1.0.5001 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.0.1.001 - HTC Corporation)
HTC Sync (HKLM\...\{B78CFC07-B623-4995-ADCC-B2B4D59D083A}) (Version: 3.3.21 - HTC Corporation)
iBid (HKLM\...\{B019715B-FBD4-41AB-805D-71C05A7D9807}) (Version: 3.0 - Codeglory)
iBid (HKLM\...\iBid) (Version: 2.6.1.0 - Not Yet Determined)
Intel(R) 537EP V9x DF PCI Modem (HKLM\...\Intel(R) 537EP V9x DF PCI Modem) (Version:  - )
Intel(R) Processor ID Utility (HKLM\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 4.80.0000 - Intel(R) Corporation)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 7 Update 15 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)
Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MasterCook 6: Deluxe Edition (HKLM\...\MasterCook 6: Deluxe Edition) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
MWSnap 3 (HKLM\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
MyFreeCodec (HKU\S-1-5-21-117609710-1801674531-725345543-1003\...\MyFreeCodec) (Version:  - )
Nero Suite (HKLM\...\NeroMultiInstaller!UninstallKey) (Version:  - )
ocr (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OmniPage SE 2.0 (HKLM\...\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}) (Version: 2.00.0004 - ScanSoft, Inc.)
OVT Scanner (HKLM\...\{A746CE98-A755-4AD7-B4B8-346DC74CDECD}) (Version: 1.00.0000 - OVT)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41417}) (Version: 3.61.0 - dotPDN LLC)
Pale Moon 24.6.2 (x86 en-US) (HKLM\...\Pale Moon 24.6.2 (x86 en-US)) (Version: 24.6.2 - Moonchild Productions)
Planetairum Gold (HKLM\...\Planetairum Gold) (Version:  - )
PlayMemories Home (HKLM\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.0.02.14151 - Sony Corporation)
PowerDVD 5.5 (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Quick Startup 2.8.0.718 (HKLM\...\Quick Startup_is1) (Version:  - GlarySoft.com)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
Seagate Manager Installer (HKLM\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
Secunia PSI (2.0.0.3001) (HKLM\...\Secunia PSI) (Version:  - )
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.95 - Sonic Solutions)
Sonic MyDVD (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 5.3.0 - Sonic Solutions)
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 7.3 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}) (Version: 2.9 - Sonic Solutions)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TextMaker Viewer (HKLM\...\TextMaker Viewer) (Version:  - SoftMaker Software GmbH)
TurboTax 2010 (HKLM\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Veoh Web Player (HKLM\...\Veoh Web Player Beta) (Version: 1.1.7.1176 - Veoh Networks, Inc.)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.581  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-117609710-1801674531-725345543-1003\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinX Free FLV to MPEG Converter 4.1.10 (HKLM\...\WinX Free FLV to MPEG Converter_is1) (Version:  - Digiarty Software,Inc.)
WModem Driver Installer (HKLM\...\HTC_WModemDriver) (Version: 2.0.6.9 - HTC)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-117609710-1801674531-725345543-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)

==================== Restore Points =========================

15-08-2015 06:04:36 System Checkpoint
15-08-2015 21:48:57 JRT Pre-Junkware Removal
17-08-2015 04:44:33 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-03-13 01:47 - 2014-07-21 21:07 - 00000000 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GlaryInitialize 5.job => C:\Program Files\Glary Utilities 5\Initialize.exe

==================== Loaded Modules (Whitelisted) ==============

2014-04-03 04:42 - 2004-08-10 07:00 - 00268288 _____ () C:\WINDOWS\system32\sbe.dll
2004-08-10 07:00 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2004-08-10 07:00 - 2008-04-14 06:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-10 07:00 - 2008-04-14 06:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-06-22 18:14 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2014-08-02 01:53 - 2014-03-15 04:40 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\60332688.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\90921399.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\60332688.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\90921399.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-117609710-1801674531-725345543-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\FrostWire\FrostWire.exe] => Disabled:FrostWire
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Disabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe] => Enabled:Kodak.AiO.HomeCenter
StandardProfile\AuthorizedApplications: [C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe] => Enabled:Kodak.AiO.Statistics
StandardProfile\AuthorizedApplications: [C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe] => Enabled:Kodak.AiO.SetupUtility
StandardProfile\AuthorizedApplications: [C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe] => Enabled:Kodak.AiO.FwUpdater
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe] => Enabled:Kodak.AiO.Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe] => :LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server
StandardProfile\GloballyOpenPorts: [51001:TCP] => Enabled:Dragon Smart Phone Server
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [9322:TCP] => Enabled:EKDiscovery
StandardProfile\GloballyOpenPorts: [5353:UDP] => Enabled:Bonjour Port 5353

==================== Faulty Device Manager Devices =============

Name: RADEON X300 Series Secondary
Description: RADEON X300 Series Secondary
Class Guid:  TI Technologies Inc.
Manufacturer: ATI Technologies Inc.
Service: ati2mtag
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/15/2015 04:17:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 28.0.0.5186, faulting module mozalloc.dll, version 28.0.0.5186, fault address 0x0000119c.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (03/15/2015 04:17:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application acrord32.exe, version 11.0.1.36, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x00002008.
Processing media-specific event for [acrord32.exe!ws!]

Error: (03/01/2015 06:17:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 28.0.0.5186, faulting module mozalloc.dll, version 28.0.0.5186, fault address 0x0000119c.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (02/11/2015 03:23:32 AM) (Source: VSS) (EventID: 12298) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be held during the shadow copy creation period on volume C:\.
The volume index in the shadow copy set is 0. Error details: Flush[0x00000000], Release[0x8000ffff], OnRun[0x00000000].

Error: (02/11/2015 03:23:32 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(000001DC,0x0053c030,00039D10,0,00038D08,4096,[0]).  hr = 0x80070057.

Error: (02/11/2015 03:23:32 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(000001DC,0x0053c010,00039D10,0,00038D08,4096,[0]).  hr = 0x80070057.

Error: (01/17/2015 05:08:56 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80080005.

Error: (12/13/2014 09:09:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application acrord32.exe, version 11.0.1.36, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x00002008.
Processing media-specific event for [acrord32.exe!ws!]

Error: (11/15/2014 06:46:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 28.0.0.5186, faulting module mozalloc.dll, version 28.0.0.5186, fault address 0x0000119c.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (11/15/2014 06:45:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 28.0.0.5186, faulting module mozalloc.dll, version 28.0.0.5186, fault address 0x0000119c.
Processing media-specific event for [plugin-container.exe!ws!]


System errors:
=============
Error: (08/17/2015 04:30:42 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (08/15/2015 09:49:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PMBDeviceInfoProvider service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/15/2015 09:49:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Internet Pass-Through Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (08/15/2015 09:49:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/15/2015 09:49:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/15/2015 09:49:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/15/2015 09:49:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The CarboniteService service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/15/2015 09:49:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Media Center Receiver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/15/2015 09:49:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AVG WatchDog service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (08/15/2015 09:38:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.


Microsoft Office:
=========================
Error: (08/15/2015 04:17:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe28.0.0.5186mozalloc.dll28.0.0.51860000119c

Error: (03/15/2015 04:17:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: acrord32.exe11.0.1.36msvcr100.dll10.0.40219.32500002008

Error: (03/01/2015 06:17:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe28.0.0.5186mozalloc.dll28.0.0.51860000119c

Error: (02/11/2015 03:23:32 AM) (Source: VSS) (EventID: 12298) (User: )
Description: C:\00x000000000x8000ffff0x00000000

Error: (02/11/2015 03:23:32 AM) (Source: VSS) (EventID: 12289) (User: )
Description: DeviceIoControl(000001DC,0x0053c030,00039D10,0,00038D08,4096,[0])0x80070057

Error: (02/11/2015 03:23:32 AM) (Source: VSS) (EventID: 12289) (User: )
Description: DeviceIoControl(000001DC,0x0053c010,00039D10,0,00038D08,4096,[0])0x80070057

Error: (01/17/2015 05:08:56 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80080005

Error: (12/13/2014 09:09:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: acrord32.exe11.0.1.36msvcr100.dll10.0.40219.32500002008

Error: (11/15/2014 06:46:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe28.0.0.5186mozalloc.dll28.0.0.51860000119c

Error: (11/15/2014 06:45:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe28.0.0.5186mozalloc.dll28.0.0.51860000119c


==================== Memory info ===========================

Processor:  Intel(R) Pentium(R) 4 CPU 3.20GHz
Percentage of memory in use: 95%
Total physical RAM: 1022.09 MB
Available physical RAM: 41.64 MB
Total Virtual: 2460.32 MB
Available Virtual: 1449.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149 GB) (Free:55.7 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: D71AD71A)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of log ============================

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7670
Re: [Resolved - K] Police Report Malware
« Reply #43 on: August 17, 2015, 07:15:21 AM »
Hiya chip,

Logs look good, no obvious malware or infection. Continue as follows please:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to http://java.com/en/ and click on "Do I have Java"
It will check your current version and then offer to update to the latest version
Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:


  • Remove disinfection tools
  • Purge System Restore <--- this will remove all previous restore points and create a fresh point relative to system status at present.
  • Reset system settings

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following link to fully understand PC security and best practices, you may find it useful....

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

Let me know if there are any remaining issues or conceerns...

Cheers,

Kevin...

Offline chipmeister

  • Bronze Member
  • Posts: 183
Re: [Resolved - K] Police Report Malware
« Reply #44 on: August 17, 2015, 03:23:00 PM »
Thanks Kevin,

Did the Delfix. When you see that Java issue, is it associated with a specific browser? I only ask because I usually use Firefox and Mozilla has blocked Java from running on their browser due to security concerns.So, I show here that I'm maybe 3 or 4 updates behind, but I can't even use it to download any updates and  it's probably moot anyway as it's blocked. However, my backup, Internet Explorer did have it, so I installed the latest there, then went in and removed the earlier version. Funny after I did that I got a message saying 'I had an non-current version (which might not be secure)' and did I want to delete it? I clicked yes and it was done in about a second. I'm thinking maybe a remnant of the old version. Anyway, new one is in. Otherwise all seems well and operating normally. Was there anything else we might try regarding the issue you found early on with the IE proxy?

Chip