1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Rootkit Help

Discussion in 'Malware and Virus Removal Archive' started by troothteller, 2015/07/31.

Thread Status:
Not open for further replies.
  1. 2015/07/31
    troothteller

    troothteller Well-Known Member Thread Starter

    Joined:
    2010/12/06
    Messages:
    141
    Likes Received:
    0
    [Solved] Rootkit Help

    In networking, your forum moderator retiredlearner thinks I might have a rootkit infections. Odd characteristics are: 1) I cannot uninstall a driver in Device Manager; 2) Windows Control Panel settings for Firewall do not come up; and 3) An unexpected shut down. Trying to fix the Device Manager problem may have led to more damage. This is an XP-Professional where I may have to backup and do a clean install. Let me also disclose that I have a file of Registry Backups going back to 2012, probably dating back to my last XP installation. I created that file in case I ever needed to fix something.
     
    Last edited: 2015/07/31
  2. 2015/07/31
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,889
    Likes Received:
    386

  3. to hide this advert.

  4. 2015/07/31
    troothteller

    troothteller Well-Known Member Thread Starter

    Joined:
    2010/12/06
    Messages:
    141
    Likes Received:
    0
    I got a slew of error messages after opening this file, referring to this Farbar tool.
     
  5. 2015/07/31
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,889
    Likes Received:
    386
    I suggest you wait for Broni our Malware Analyst to respond.
     
  6. 2015/07/31
    troothteller

    troothteller Well-Known Member Thread Starter

    Joined:
    2010/12/06
    Messages:
    141
    Likes Received:
    0
    I just ran this thing Farbar and your site does not provide enough space to post the results for even one scan.
     
  7. 2015/07/31
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,889
    Likes Received:
    386
    As noted under Step 1 .....
     
  8. 2015/07/31
    troothteller

    troothteller Well-Known Member Thread Starter

    Joined:
    2010/12/06
    Messages:
    141
    Likes Received:
    0
    In MS Word it is a 45 page document; so I will make four posts eleven pages at a time.
     
  9. 2015/07/31
    troothteller

    troothteller Well-Known Member Thread Starter

    Joined:
    2010/12/06
    Messages:
    141
    Likes Received:
    0
    Here is the FRST file:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-07-2015
    Ran by Louis Paul Toscano (administrator) on TOSHIBA-USER (31-07-2015 05:01:03)
    Running from C:\Documents and Settings\Louis Paul Toscano\My Documents\Downloads
    Loaded Profiles: Louis Paul Toscano (Available Profiles: Louis Paul Toscano & Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    (Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (America Online) C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    (America Online, Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    (Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BavSvc.exe
    (America Online Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    (TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    (TOSHIBA Corporation) C:\WINDOWS\system32\TPSMain.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    (TOSHIBA Corporation) C:\WINDOWS\system32\TPSBattM.exe
    (Atheros Communications, Inc.) C:\Program Files\Atheros\ACU.exe
    (Agere Systems) C:\Program Files\ltmoh\ltmoh.exe
    (Agere Systems) C:\WINDOWS\agrsmmsg.exe
    (Primax Electronics Ltd.) C:\WINDOWS\system32\ico.exe
    (Primax Electronics Ltd.) C:\WINDOWS\system32\PELMICED.EXE
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
    (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
    () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
    (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
    (Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
    (Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BavTray.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    (Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    (UPEK Inc.) C:\Program Files\Protector Suite QL\psqltray.exe
    (Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BHipsSvc.exe
    (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe
    (Matsushita Electric Industrial Co., Ltd.) C:\WINDOWS\system32\RAMASST.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
    (Matsushita Electric Industrial Co., Ltd.) C:\WINDOWS\system32\DVDRAMSV.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
    (Nero AG) C:\Program Files\Nero\Update\NASvc.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Microsoft Corporation) C:\WINDOWS\system32\locator.exe
    () C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    (mozilla.org) C:\Program Files\SeaMonkey\seamonkey.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    (Microsoft® Corporation) C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
    (Dropbox, Inc.) C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\Dropbox.exe
    (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1343488 2008-08-14] (Synaptics, Inc.)
    HKLM\...\Run: [THotkey] => C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [352256 2006-01-05] (TOSHIBA)
    HKLM\...\Run: [Tvs] => C:\Program Files\Toshiba\Tvs\TvsTray.exe [73728 2005-11-30] (TOSHIBA Corporation)
    HKLM\...\Run: [TPSMain] => C:\WINDOWS\system32\TPSMain.exe [282624 2005-06-01] (TOSHIBA Corporation)
    HKLM\...\Run: [SmoothView] => C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [122880 2005-04-26] (TOSHIBA Corporation)
    HKLM\...\Run: [Pinger] => c:\toshiba\ivp\ism\pinger.exe [151552 2005-03-17] (TOSHIBA Corporation)
    HKLM\...\Run: [ACU] => C:\Program Files\Atheros\ACU.exe [323584 2005-12-08] (Atheros Communications, Inc.)
    HKLM\...\Run: [LtMoh] => C:\Program Files\ltmoh\Ltmoh.exe [184320 2004-08-18] (Agere Systems)
    HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88203 2005-10-15] (Agere Systems)
    HKLM\...\Run: [QuickFinder Scheduler] => C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE [77892 2005-12-01] (Corel Corporation)
    HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [87328 2008-12-29] (Macrovision Corporation)
    HKLM\...\Run: [PdxRegCl] => C:\Program Files\Paradox\Programs\PdxRegCl.exe [49152 2004-06-14] (Corel Corporation)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM\...\Run: [Mouse Suite 98 Daemon] => C:\WINDOWS\system32\ICO.EXE [56128 2006-10-23] (Primax Electronics Ltd.)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-06-24] (DivX, LLC)
    HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1407248 2012-04-24] (Intel(R) Corporation)
    HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1210640 2012-04-24] (Intel(R) Corporation)
    HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
    HKLM\...\Run: [PSQLLauncher] => C:\Program Files\Protector Suite QL\launcher.exe [30208 2006-01-13] (UPEK Inc.)
    HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [Privatefirewall] => C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
    HKLM\...\Run: [Baidu Antivirus] => C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BavTray.exe [2553328 2015-07-24] (Baidu, Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
    Winlogon\Notify\psfus: C:\WINDOWS\system32\psqlpwd.dll [2006-01-13] (UPEK Inc.)
    HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2004-12-30] (TOSHIBA)
    HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112 2008-12-29] (Macrovision Corporation)
    HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\Run: [Dropbox Update] => C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-24] (Dropbox, Inc.)
    Lsa: [Notification Packages] scecli psqlpwd
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FTP Utility.lnk [2014-07-18]
    ShortcutTarget: FTP Utility.lnk -> C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk [2006-01-19]
    ShortcutTarget: RAMASST.lnk -> C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
    Startup: C:\Documents and Settings\Louis Paul Toscano\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-30]
    ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Documents and Settings\Louis Paul Toscano\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk [2015-05-06]
    ShortcutTarget: Microsoft Office OneNote 2003 Quick Launch.lnk -> C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BavShx.dll [2015-07-24] (Baidu, Inc.)
    GroupPolicyScripts: Group Policy detected <======= ATTENTION
    GroupPolicyScripts\User: Group Policy detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
    HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dailysignal.com/
    SearchScopes: HKLM -> DefaultScope value is missing
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?pc=COSP&ptag=D071415-A166D148A50&form=CONBDF&conlogo=CT3334470&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?pc=COSP&ptag=D071415-A166D148A50&form=CONBDF&conlogo=CT3334470&q={searchTerms}
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-16] (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-16] (Oracle Corporation)
    Toolbar: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005 -> No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/nirvana/controls/pcmatic.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1353572538140
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353572722109
    DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab
    DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
    DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-19] (Microsoft Corporation)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-05-18] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{8BB4F5FB-DE6F-40A9-96DE-BACD6DD3DE61}: [DhcpNameServer] 75.75.75.75 75.75.76.76

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Louis Paul Toscano\Application Data\Mozilla\Firefox\Profiles\dy4ezcg3.default-1424457505890
    FF NewTab: hxxp://forecast.weather.gov/MapClick.php?CityName=Hackettstown&state=NJ&site=PHI&lat=40.8538&lon=-74.8254#.VOeVfCzwvXh
    FF DefaultSearchEngine: Bing
    FF DefaultSearchEngine.US: Bing
    FF SelectedSearchEngine: Bing
    FF Homepage: hxxp://forecast.weather.gov/MapClick.php?CityName=Hackettstown&state=NJ&site=PHI&lat=40.8538&lon=-74.8254#.VOeVfCzwvXh
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-01] ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
    FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2015-05-14] (DivX, LLC)
    FF Plugin: @FortinetCacheClean -> C:\Program Files\Fortinet\FortiClient\npccplugin.dll No File
    FF Plugin: @FortinetCacheCleanEx -> C:\Program Files\Fortinet\FortiClient\npccpluginex.dll No File
    FF Plugin: @FortinetTunnelControl -> C:\Program Files\Fortinet\FortiClient\nptcplugin.dll No File
    FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-16] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-16] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
    FF Plugin: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files\PDFlite\npPdfViewer.dll No File
    FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-04-10] (Nero AG)
    FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.)
    FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1019493958-4142826306-2034615594-1005: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files\PDFlite\npPdfViewer.dll No File
    FF Plugin HKU\S-1-5-21-1019493958-4142826306-2034615594-1005: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-01-21] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-01-21] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-01-21] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-01-21] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-01-21] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2015-01-21] (Apple Inc.)
    FF Extension: IE Tab 2 (FF 3.6+) - C:\Documents and Settings\Louis Paul Toscano\Application Data\Mozilla\Firefox\Profiles\dy4ezcg3.default-1424457505890\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2015-07-21]
    FF Extension: Print Edit - C:\Documents and Settings\Louis Paul Toscano\Application Data\Mozilla\Firefox\Profiles\dy4ezcg3.default-1424457505890\Extensions\printedit@DW-dev.xpi [2015-02-25]
    FF Extension: Adblock Plus - C:\Documents and Settings\Louis Paul Toscano\Application Data\Mozilla\Firefox\Profiles\dy4ezcg3.default-1424457505890\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-02]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-11-23]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Google\Chrome\User Data\Default

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-19] (SUPERAntiSpyware.com)
    R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [10328 2004-10-20] (America Online)
    R2 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [100016 2004-10-15] (America Online, Inc)
    R2 BavSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BavSvc.exe [2805208 2015-07-24] (Baidu, Inc.)
    R2 BHipsSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BHipsSvc.exe [544032 2015-07-24] (Baidu, Inc.)
    R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2005-01-17] (TOSHIBA CORPORATION) [File not signed]
    R2 DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [110592 2004-08-28] (Matsushita Electric Industrial Co., Ltd.) [File not signed]
    S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
    S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [786256 2014-07-15] (Nero AG)
    S4 NeroBackItUpBackgroundService; C:\Program Files\Nero\Nero BackItUp\NBService.exe [279544 2015-07-07] (Nero AG)
    R2 PFNet; C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
    R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [919824 2012-04-24] (Intel(R) Corporation)
    R2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [40960 2005-07-12] () [File not signed]
    S3 BdSandboxSrv; C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BdSandboxSrv.exe [X]

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
    R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2006-01-19] (Windows (R) 2000 DDK provider) [File not signed]
    U3 BdApiUtil; C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BdApiUtil.sys [101448 2015-07-24] (Baidu, Inc.)
    R3 bdark; C:\WINDOWS\system32\drivers\bdark.sys [81864 2015-07-14] ()
    U3 BdCameraProtect; C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BdCameraProtect.sys [21384 2015-07-24] (Baidu, Inc.)
    S3 BdSandbox; C:\WINDOWS\System32\drivers\BdSandbox.sys [186176 2014-12-10] (Baidu, Inc.)
    R1 Bfilter; C:\WINDOWS\System32\drivers\Bfilter.sys [51144 2015-07-24] (Baidu, Inc.)
    R1 Bfmon; C:\WINDOWS\System32\drivers\Bfmon.sys [31176 2015-07-24] (Baidu, Inc.)
    R0 Bhbase; C:\WINDOWS\System32\drivers\Bhbase.sys [74888 2015-07-24] (Baidu, Inc.)
    R3 BHipsEx; C:\WINDOWS\System32\drivers\BHipsEx.sys [149960 2015-07-24] (Baidu, Inc.)
    R1 Bnbase; C:\WINDOWS\System32\drivers\bnbase.sys [52168 2015-07-24] (Baidu, Inc.)
    R1 Bndef; C:\WINDOWS\System32\drivers\bndef.sys [462152 2015-07-24] (Baidu, Inc.)
    R3 BNmon; C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\Bnmon.sys [84936 2015-07-24] (Baidu, Inc.)
    R1 Bprotect; C:\WINDOWS\System32\drivers\Bprotect.sys [197064 2015-07-24] (Baidu, Inc.)
    S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
    R2 FdRedir; C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [13568 2006-01-13] (UPEK Inc.) [File not signed]
    R2 FileDisk2; C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys [33024 2006-01-13] (UPEK Inc.) [File not signed]
    R1 Hermes; C:\WINDOWS\System32\drivers\Hermes.sys [273672 2015-03-24] ()
    R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) [File not signed]
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
    R1 meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [102384 2005-06-02] (Matsushita Electric Industrial Co.,Ltd.) [File not signed]
    S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
    R2 Netdevio; C:\WINDOWS\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.) [File not signed]
    R3 NETwLx32; C:\WINDOWS\System32\DRIVERS\NETwLx32.sys [6609920 2010-10-07] (Intel Corporation)
    R3 pelmouse; C:\WINDOWS\System32\DRIVERS\pelmouse.sys [18944 2007-04-18] (Primax Electronics Ltd.)
    R3 pelusblf; C:\WINDOWS\System32\DRIVERS\pelusblf.sys [17920 2007-04-11] (Primax Electronics Ltd.)
    R3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [21248 2003-09-19] (Padus, Inc.) [File not signed]
    S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf.sys [14904 2010-07-07] (Secunia)
    R3 pwipf6; C:\WINDOWS\System32\DRIVERS\pwipf6.sys [135272 2012-05-25] (Privacyware/PWI, Inc.)
    R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-04-25] (Sonic Solutions) [File not signed]
    R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R2 smihlp; C:\Program Files\Protector Suite QL\smihlp.sys [3456 2006-01-13] (UPEK Inc.) [File not signed]
    R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
    R3 tbiosdrv; C:\WINDOWS\System32\DRIVERS\tbiosdrv.sys [9472 2005-08-24] ()
    S3 tosrfec; C:\WINDOWS\System32\DRIVERS\tosrfec.sys [9344 2005-09-09] (TOSHIBA Corporation) [File not signed]
    R3 trufos; C:\WINDOWS\System32\drivers\trufos.sys [343456 2014-09-26] (BitDefender S.R.L.)
    R3 TVALD; C:\WINDOWS\System32\DRIVERS\NBSMI.sys [6144 2005-10-20] (Toshiba Corporation) [File not signed]
    R3 Tvs; C:\WINDOWS\System32\DRIVERS\Tvs.sys [43392 2005-11-30] (TOSHIBA Corporation) [File not signed]
    S3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1428096 2005-12-04] (Intel® Corporation)
    R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
    R3 xpvcom; C:\WINDOWS\System32\DRIVERS\XPVCOM.sys [30032 2007-03-23] ()
    S4 IntelIde; No ImagePath
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
    U5 Tosrfcom; C:\Windows\System32\Drivers\Tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation) [File not signed]

    ==================== NetSvcs (Whitelisted) ===================
     
  10. 2015/07/31
    troothteller

    troothteller Well-Known Member Thread Starter

    Joined:
    2010/12/06
    Messages:
    141
    Likes Received:
    0
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-07-31 04:57 - 2015-07-31 05:01 - 00000000 ____D C:\FRST
    2015-07-31 04:52 - 2015-07-31 04:52 - 00031173 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\MWAV07312015.LOG
    2015-07-31 03:35 - 2015-07-31 03:35 - 00006408 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\Network Activity 07312015.txt
    2015-07-31 03:25 - 2015-07-31 03:25 - 00000825 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\MWAVSCAN.lnk
    2015-07-31 02:52 - 2015-07-31 02:56 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Application Data\Download Manager
    2015-07-29 19:47 - 2015-07-29 19:47 - 00000000 __RSD C:\Documents and Settings\Louis Paul Toscano\My Documents\My Safe
    2015-07-29 08:30 - 2015-07-29 08:30 - 00000139 _____ C:\Documents and Settings\Louis Paul Toscano\My Documents\Files containing text Washington (2).fnd
    2015-07-28 11:53 - 2015-07-28 11:53 - 00000246 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\MBAM07282015.txt
    2015-07-27 13:43 - 2015-07-27 13:43 - 00000832 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\2015_07_27_12_40_53.txt
    2015-07-27 01:56 - 2012-11-02 15:35 - 00000557 _____ C:\WINDOWS\Windows6.1-KB2757638-x86-pkgProperties.txt
    2015-07-27 01:56 - 2012-11-02 15:35 - 00000444 _____ C:\WINDOWS\Windows6.1-KB2757638-x86.xml
    2015-07-27 01:56 - 2012-11-02 15:32 - 00595969 _____ C:\WINDOWS\Windows6.1-KB2757638-x86.cab
    2015-07-27 01:15 - 2012-06-05 11:50 - 01372672 ____N (Microsoft Corporation) C:\WINDOWS\system32\SET3B.tmp
    2015-07-27 01:15 - 2012-06-05 11:50 - 01372672 ____N (Microsoft Corporation) C:\WINDOWS\system32\SET31.tmp
    2015-07-27 01:15 - 2012-06-05 11:50 - 01372672 ____N (Microsoft Corporation) C:\WINDOWS\system32\SET24.tmp
    2015-07-26 23:31 - 2006-12-29 00:31 - 00019569 _____ C:\WINDOWS\000003_.tmp
    2015-07-26 17:53 - 2015-07-26 17:53 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\CrashRpt
    2015-07-26 00:28 - 2008-04-14 05:42 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SET3C.tmp
    2015-07-26 00:26 - 2006-12-29 00:31 - 00019569 _____ C:\WINDOWS\000002_.tmp
    2015-07-25 23:52 - 2015-07-25 23:59 - 00000000 ____D C:\KB2757638
    2015-07-25 23:38 - 2015-07-25 23:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2916036$
    2015-07-25 10:25 - 2015-07-25 10:25 - 00934640 _____ (Microsoft Corporation) C:\Documents and Settings\Louis Paul Toscano\Desktop\WindowsXP-KB2916036-x86-ENU.exe
    2015-07-25 10:19 - 2012-11-02 15:59 - 00171218 _____ C:\WINDOWS\WSUSSCAN.cab
    2015-07-25 10:09 - 2015-07-25 23:02 - 00006226 _____ C:\WINDOWS\KB2916036Uninst.log
    2015-07-25 09:56 - 2012-06-05 11:50 - 01372672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SET5E.tmp
    2015-07-25 09:56 - 2012-06-05 11:50 - 01372672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SET5A.tmp
    2015-07-25 09:56 - 2012-06-05 11:50 - 01372672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SET1E.tmp
    2015-07-25 09:55 - 2012-11-05 22:01 - 01371648 ____N (Microsoft Corporation) C:\WINDOWS\system32\SET9F.tmp
    2015-07-25 09:55 - 2012-11-05 22:01 - 01371648 ____N (Microsoft Corporation) C:\WINDOWS\system32\SET6B.tmp
    2015-07-25 09:55 - 2012-11-05 22:01 - 01371648 ____N (Microsoft Corporation) C:\WINDOWS\system32\SET65.tmp
    2015-07-25 09:55 - 2012-11-05 22:01 - 01371648 ____N (Microsoft Corporation) C:\WINDOWS\system32\SET59.tmp
    2015-07-25 09:55 - 2012-11-05 22:01 - 01371648 ____N (Microsoft Corporation) C:\WINDOWS\system32\SET55.tmp
    2015-07-25 09:55 - 2012-11-05 22:01 - 01371648 ____N (Microsoft Corporation) C:\WINDOWS\system32\SET4F.tmp
    2015-07-25 09:55 - 2012-11-05 22:01 - 01371648 ____N (Microsoft Corporation) C:\WINDOWS\system32\SET4B.tmp
    2015-07-25 09:55 - 2012-11-05 22:01 - 01371648 ____N (Microsoft Corporation) C:\WINDOWS\system32\SET3F.tmp
    2015-07-25 09:55 - 2012-11-05 22:01 - 01371648 ____N (Microsoft Corporation) C:\WINDOWS\system32\SET37.tmp
    2015-07-25 09:55 - 2012-11-05 22:01 - 01371648 ____N (Microsoft Corporation) C:\WINDOWS\system32\SET29.tmp
    2015-07-25 09:55 - 2012-11-05 22:01 - 01371648 ____N (Microsoft Corporation) C:\WINDOWS\system32\SET1F.tmp
    2015-07-25 09:55 - 2012-11-05 22:01 - 01371648 ____N (Microsoft Corporation) C:\WINDOWS\system32\SET1C.tmp
    2015-07-25 09:55 - 2012-11-05 22:01 - 01371648 ____N (Microsoft Corporation) C:\WINDOWS\system32\SET1B.tmp
    2015-07-25 09:55 - 2012-11-05 22:01 - 01371648 ____N (Microsoft Corporation) C:\WINDOWS\system32\SET18.tmp
    2015-07-25 09:55 - 2012-11-05 22:01 - 01371648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SET1A.tmp
    2015-07-25 00:33 - 2015-07-26 21:32 - 00000068 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\MSUpdateDifficultToRemove.txt
    2015-07-25 00:32 - 2015-07-25 00:32 - 00000139 _____ C:\Documents and Settings\Louis Paul Toscano\My Documents\Files containing text Washington.fnd
    2015-07-25 00:04 - 2015-07-25 00:04 - 01589208 _____ (Microsoft Corporation) C:\Documents and Settings\Louis Paul Toscano\Desktop\WindowsXP-KB2719985-x86-ENU.exe
    2015-07-24 23:47 - 2015-07-27 02:09 - 00343952 _____ C:\WINDOWS\KB2757638Uninst.log
    2015-07-24 23:44 - 2015-07-25 09:11 - 00347062 _____ C:\WINDOWS\KB2719985Uninst.log
    2015-07-24 06:46 - 2015-07-14 00:10 - 00081864 _____ C:\WINDOWS\system32\Drivers\bdark.sys
    2015-07-24 06:36 - 2015-07-30 06:08 - 00000470 _____ C:\WINDOWS\Tasks\060184C3-9766-46a0-B258-F4518A0B2633.job
    2015-07-24 06:36 - 2015-07-24 06:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Baidu Antivirus
    2015-07-23 03:38 - 2015-07-23 03:38 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Application Data\CellularEmulator
    2015-07-23 02:55 - 2015-07-23 02:55 - 00000000 ____D C:\Program Files\Microsoft Device Emulator
    2015-07-23 02:55 - 2015-07-23 02:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Windows Mobile 6 SDK
    2015-07-23 02:54 - 2015-07-23 02:55 - 00000000 ____D C:\Program Files\Windows Mobile 6 SDK
    2015-07-22 23:06 - 2015-07-22 23:06 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Nero_AG
    2015-07-22 23:06 - 2015-07-22 23:06 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Nero
    2015-07-22 20:12 - 2015-07-22 20:12 - 00001482 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\MBAM07222015.txt
    2015-07-22 19:05 - 2015-07-22 19:05 - 00001118 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\2015_07_22_16_53_44.txt
    2015-07-22 16:10 - 2015-07-22 16:10 - 00002776 _____ C:\Documents and Settings\Louis Paul Toscano\null
    2015-07-22 08:40 - 2015-07-30 19:59 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Start Menu\Programs\Dropbox
    2015-07-21 22:53 - 2008-04-14 05:42 - 00221696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\seo.dll
    2015-07-21 22:53 - 2008-04-14 05:42 - 00189440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smtpadm.dll
    2015-07-21 22:53 - 2008-04-14 05:42 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SET45.tmp
    2015-07-21 22:53 - 2008-04-14 05:42 - 00010752 ____N (Microsoft Corporation) C:\WINDOWS\system32\smtpapi.dll
    2015-07-21 22:53 - 2008-04-14 05:42 - 00010752 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smtpapi.dll
    2015-07-21 22:53 - 2008-04-14 05:42 - 00009728 ____N (Microsoft Corporation) C:\WINDOWS\system32\rwnh.dll
    2015-07-21 22:53 - 2008-04-14 05:42 - 00009728 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rwnh.dll
    2015-07-21 22:53 - 2008-04-14 05:41 - 00081920 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieencode.dll
    2015-07-21 22:53 - 2008-04-14 05:41 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieencode.dll
    2015-07-21 22:52 - 2006-12-29 00:31 - 00019569 _____ C:\WINDOWS\000001_.tmp
    2015-07-21 22:41 - 2015-07-29 23:48 - 00636654 _____ C:\WINDOWS\setupapi.log
    2015-07-21 17:17 - 2015-07-21 17:17 - 00000380 _____ C:\WINDOWS\Tasks\BackItUp_Launch.job
    2015-07-21 17:17 - 2015-07-21 17:17 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\My Documents\Nero BackItUp Device Backup
    2015-07-21 17:09 - 2015-07-21 17:09 - 00002212 _____ C:\Documents and Settings\All Users\Desktop\Nero BackItUp.lnk
    2015-07-21 10:12 - 2015-07-21 10:12 - 00003400 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\VolumeC.txt
    2015-07-20 20:13 - 2015-07-20 20:15 - 00005896 _____ C:\Documents and Settings\Louis Paul Toscano\RESET.TXT
    2015-07-20 15:19 - 2015-07-20 15:19 - 00004282 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\20150720.txt
    2015-07-17 20:14 - 2015-07-17 20:14 - 00001185 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\MBAMRun2Jul172015.txt
    2015-07-17 14:33 - 2002-01-26 14:53 - 00074304 _____ (Microsoft Corporation) C:\WINDOWS\system32\rarepair.exe
    2015-07-17 12:02 - 2001-08-17 13:48 - 00012800 _____ (Microsoft Corporation) C:\Documents and Settings\Louis Paul Toscano\My Documents\dhcploc.exe
    2015-07-17 10:20 - 2015-07-17 10:20 - 00000851 _____ C:\WINDOWS\KB833747.log
    2015-07-17 08:53 - 2015-07-17 08:53 - 00004166 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\MBAM01712015Removal.txt
    2015-07-17 08:45 - 2015-07-17 08:45 - 00003961 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\MBAM07172015.txt
    2015-07-17 05:30 - 2015-07-17 05:30 - 00000354 _____ C:\Documents and Settings\Louis Paul Toscano\My Documents\FindRAS07172015.txt
    2015-07-16 15:39 - 2015-07-16 15:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{31ab37a7-452f-254e-31ab-b37a7452de9d}
    2015-07-16 14:18 - 2015-07-28 11:33 - 00000000 ____D C:\Program Files\PCPitstop
    2015-07-16 14:18 - 2015-07-28 11:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCPitstop
    2015-07-16 14:03 - 2015-07-16 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SystemRequirementsLab
    2015-07-16 14:01 - 2015-07-16 14:01 - 00000000 ____D C:\Program Files\Common Files\Java
    2015-07-16 08:34 - 2015-07-16 08:52 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Desktop\Forticlient Remover
    2015-07-16 03:02 - 2015-07-16 03:03 - 00000000 ____D C:\SMCLpav
    2015-07-15 13:22 - 2015-07-15 13:22 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\VS Revo Group
    2015-07-15 13:20 - 2015-07-22 22:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
    2015-07-15 13:20 - 2015-07-20 21:45 - 00000936 _____ C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
    2015-07-15 13:20 - 2015-07-15 13:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\VS Revo Group
    2015-07-15 13:20 - 2009-12-30 11:20 - 00027064 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
    2015-07-15 00:23 - 2015-07-15 00:23 - 00001923 _____ C:\Documents and Settings\All Users\Desktop\Nero MediaHome.lnk
    2015-07-14 21:13 - 2015-07-14 21:13 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Lavasoft
    2015-07-14 21:13 - 2015-07-14 21:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Lavasoft
    2015-07-14 16:40 - 2015-07-20 23:58 - 00173544 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2015-07-14 15:29 - 2015-07-14 15:30 - 00003865 _____ C:\Documents and Settings\All Users\Application Data\lpm.dat
    2015-07-14 15:27 - 2015-07-14 15:27 - 00002552 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
    2015-07-14 15:26 - 2015-07-14 15:26 - 00342016 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService.dll
    2015-07-14 14:54 - 2015-07-21 17:09 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Nero
    2015-07-14 14:09 - 2015-07-14 14:21 - 00370425 _____ C:\WINDOWS\SetupWLD.log
    2015-07-14 10:59 - 2015-07-14 10:59 - 00000889 _____ C:\Documents and Settings\All Users\Desktop\WD My Cloud.lnk
    2015-07-14 10:59 - 2015-07-14 10:59 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Application Data\com.wd.WDMyCloud
    2015-07-14 10:59 - 2015-07-14 10:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Western Digital
    2015-07-14 10:58 - 2015-07-14 10:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Bonjour Print Services
    2015-07-14 10:57 - 2015-07-14 10:57 - 00000242 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\WD My Cloud Learning Center.url
    2015-07-14 10:57 - 2015-07-14 10:57 - 00000195 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\WD My Cloud Public Share.url
    2015-07-14 10:57 - 2015-07-14 10:57 - 00000191 _____ C:\Documents and Settings\Louis Paul Toscano\Desktop\WD My Cloud Dashboard.url
    2015-07-13 22:47 - 2015-07-13 22:47 - 00000270 _____ C:\WINDOWS\Q311542.log
    2015-07-13 21:46 - 2015-07-14 09:24 - 00000000 ____D C:\WINDOWS\LastGood(2)
    2015-07-12 21:15 - 2015-07-13 21:18 - 00008192 _____ C:\WINDOWS\system32\WDPABKP.dat
    2015-07-12 17:54 - 2015-07-14 09:25 - 00000000 ____D C:\Program Files\Western Digital
    2015-07-12 17:53 - 2015-07-14 10:58 - 00000000 ____D C:\Program Files\Bonjour Print Services
    2015-07-12 17:52 - 2015-07-14 10:58 - 00000000 ____D C:\Program Files\Bonjour
    2015-07-12 17:40 - 2015-07-14 09:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Western Digital
    2015-07-12 17:30 - 2015-07-14 09:25 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Western Digital
    2015-07-11 15:07 - 2015-07-15 00:22 - 00000000 ____D C:\Program Files\Common Files\Nero
    2015-07-11 15:05 - 2015-07-11 15:05 - 00000738 _____ C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
    2015-07-11 15:03 - 2015-07-11 15:03 - 00000803 _____ C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
    2015-07-11 14:51 - 2015-07-11 14:51 - 00043494 _____ C:\Documents and Settings\Louis Paul Toscano\Local Settings\Tempdivx6fe8
    2015-07-11 13:21 - 2015-07-14 23:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{ad2a8709-82e6-c811-ad2a-a870982e1c26}
    2015-07-11 11:20 - 2015-07-11 11:20 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\42D66E14.sys
    2015-07-11 11:04 - 2015-07-11 11:04 - 00000131 _____ C:\Documents and Settings\Louis Paul Toscano\My Documents\Files containing text Philadelphia.fnd
    2015-07-11 11:04 - 2015-07-11 11:04 - 00000116 _____ C:\Documents and Settings\Louis Paul Toscano\My Documents\Files containing text Circuit.fnd
    2015-07-11 11:04 - 2015-07-11 11:04 - 00000107 _____ C:\Documents and Settings\Louis Paul Toscano\My Documents\Files containing text Bone.fnd
    2015-07-08 02:08 - 2015-07-08 02:08 - 00253196 _____ C:\Documents and Settings\Louis Paul Toscano\Local Settings\Tempdivx75fb
    2015-07-03 07:20 - 2015-07-03 07:21 - 00000000 ____D C:\Program Files\Mozilla Firefox

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-07-31 05:01 - 2012-11-22 02:27 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp
    2015-07-31 04:53 - 2015-06-24 22:42 - 00001040 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1019493958-4142826306-2034615594-1005UA.job
    2015-07-31 04:52 - 2012-11-23 13:16 - 00000448 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{03CF1C70-73A8-4B6C-85B0-0007F76BEBD8}.job
    2015-07-31 03:31 - 2014-09-26 14:43 - 00006430 _____ C:\WINDOWS\UPDLL.LOG
    2015-07-31 03:30 - 2014-09-26 14:32 - 00000056 _____ C:\WINDOWS\Lic.xxx
    2015-07-31 03:29 - 2014-09-26 14:32 - 00011332 _____ C:\WINDOWS\general.log
    2015-07-31 03:26 - 2014-09-26 14:33 - 00016358 _____ C:\WINDOWS\ESCAN.LOG
    2015-07-31 03:26 - 2006-01-19 14:54 - 00002184 _____ C:\WINDOWS\win.ini
    2015-07-31 03:01 - 2013-03-28 22:26 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Jewish Federation
    2015-07-31 02:55 - 2014-10-07 01:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\BavSvc_exe
    2015-07-31 02:22 - 2012-11-28 02:21 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2015-07-30 23:06 - 2006-01-19 16:16 - 00032354 _____ C:\WINDOWS\SchedLgU.Txt
    2015-07-30 21:42 - 2006-01-19 16:12 - 01344786 _____ C:\WINDOWS\WindowsUpdate.log
    2015-07-30 20:46 - 2014-05-18 06:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
    2015-07-30 20:46 - 2013-04-24 21:14 - 00000000 ____D C:\Program Files\SpywareBlaster
    2015-07-30 20:01 - 2013-09-05 00:06 - 00000000 ___RD C:\Documents and Settings\Louis Paul Toscano\My Documents\Dropbox
    2015-07-30 20:01 - 2013-09-05 00:01 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox
    2015-07-30 18:00 - 2014-10-07 01:10 - 00000482 _____ C:\WINDOWS\Tasks\Baidu Antivirus Update.job
    2015-07-30 07:52 - 2015-06-24 22:41 - 00000988 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1019493958-4142826306-2034615594-1005Core.job
    2015-07-29 20:13 - 2006-01-19 08:09 - 00000290 _____ C:\WINDOWS\wiadebug.log
    2015-07-29 19:59 - 2006-01-19 14:54 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
    2015-07-29 19:54 - 2015-03-24 04:03 - 00249648 _____ C:\WINDOWS\system32\HermesHelp.dll
    2015-07-29 19:48 - 2006-01-19 08:09 - 00000049 _____ C:\WINDOWS\wiaservc.log
    2015-07-29 19:46 - 2014-03-07 08:54 - 00000248 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2015-07-29 19:44 - 2006-01-19 16:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2015-07-29 19:42 - 2012-12-10 05:21 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\My Documents\My Documents XP Folder
    2015-07-29 19:42 - 2012-11-22 02:27 - 00000278 ___SH C:\Documents and Settings\Louis Paul Toscano\ntuser.ini
    2015-07-29 07:02 - 2013-07-13 00:31 - 00006144 _____ C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-07-28 17:14 - 2006-01-19 14:55 - 00000211 __RSH C:\boot.ini
    2015-07-28 17:14 - 2006-01-19 14:54 - 00000227 _____ C:\WINDOWS\system.ini
    2015-07-28 17:14 - 2006-01-19 08:06 - 00243632 _____ C:\WINDOWS\setupact.log
    2015-07-28 11:52 - 2014-06-15 21:31 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-07-27 19:02 - 2012-12-05 19:48 - 00000514 _____ C:\WINDOWS\nsw.log
    2015-07-27 15:20 - 2013-01-09 08:49 - 00953603 _____ C:\WINDOWS\KB2757638.log
    2015-07-27 15:18 - 2006-01-19 17:12 - 00250871 _____ C:\WINDOWS\updspapi.log
    2015-07-27 15:02 - 2015-03-23 00:36 - 00009460 _____ C:\WINDOWS\system32\HWLook.log
    2015-07-27 13:47 - 2012-11-22 02:27 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano
    2015-07-27 11:30 - 2013-01-09 08:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2757638$
    2015-07-27 02:09 - 2006-01-19 08:07 - 01887632 _____ C:\WINDOWS\iis6.log
    2015-07-27 02:09 - 2006-01-19 08:07 - 00768549 _____ C:\WINDOWS\tsoc.log
    2015-07-27 02:09 - 2006-01-19 08:07 - 00563298 _____ C:\WINDOWS\comsetup.log
    2015-07-27 02:09 - 2006-01-19 08:07 - 00340154 _____ C:\WINDOWS\ntdtcsetup.log
    2015-07-27 02:09 - 2006-01-19 08:07 - 00091588 _____ C:\WINDOWS\ocmsn.log
    2015-07-27 02:09 - 2006-01-19 08:07 - 00084954 _____ C:\WINDOWS\tabletoc.log
    2015-07-27 02:09 - 2006-01-19 08:07 - 00001374 _____ C:\WINDOWS\imsins.log
    2015-07-27 02:08 - 2006-01-19 08:07 - 01682011 _____ C:\WINDOWS\FaxSetup.log
    2015-07-27 02:08 - 2006-01-19 08:07 - 00807813 _____ C:\WINDOWS\ocgen.log
    2015-07-27 02:08 - 2006-01-19 08:07 - 00519028 _____ C:\WINDOWS\msmqinst.log
    2015-07-27 02:08 - 2006-01-19 08:07 - 00292643 _____ C:\WINDOWS\netfxocm.log
    2015-07-27 02:08 - 2006-01-19 08:07 - 00117783 _____ C:\WINDOWS\MedCtrOC.log
    2015-07-27 02:08 - 2006-01-19 08:07 - 00083558 _____ C:\WINDOWS\msgsocm.log
    2015-07-27 02:02 - 2006-01-19 08:07 - 00001374 _____ C:\WINDOWS\imsins.BAK
    2015-07-27 01:38 - 2012-11-23 13:51 - 01150169 _____ C:\WINDOWS\KB2719985.log
    2015-07-27 01:17 - 2014-02-12 20:52 - 00027183 _____ C:\WINDOWS\KB2909921-IE8.log
    2015-07-27 01:16 - 2012-11-23 13:58 - 00147380 _____ C:\WINDOWS\KB946648.log
    2015-07-27 01:16 - 2006-01-19 16:10 - 00000000 ____D C:\Program Files\Messenger
    2015-07-27 01:08 - 2013-11-10 23:17 - 00000211 _____ C:\WirelessDiagLog.csv
    2015-07-27 00:55 - 2012-11-23 06:46 - 00076520 _____ C:\WINDOWS\spupdsvc.log
    2015-07-27 00:55 - 2006-01-19 16:11 - 00158395 _____ C:\WINDOWS\wmsetup.log
    2015-07-27 00:55 - 2006-01-19 16:11 - 00001103 _____ C:\WINDOWS\DtcInstall.log
    2015-07-27 00:54 - 2012-11-23 12:00 - 00000517 _____ C:\WINDOWS\spupdsvc.log.1.log
    2015-07-27 00:54 - 2012-11-23 11:59 - 00000090 _____ C:\WINDOWS\system32\spupdwxp.log
    2015-07-26 23:54 - 2006-01-19 08:02 - 00000000 ____D C:\WINDOWS\security
    2015-07-26 23:53 - 2012-11-23 06:35 - 00638374 _____ C:\WINDOWS\svcpack.log
    2015-07-26 23:33 - 2006-01-19 16:13 - 00001574 _____ C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
    2015-07-26 23:33 - 2006-01-19 16:11 - 00003857 _____ C:\WINDOWS\sessmgr.setup.log
    2015-07-26 23:33 - 2006-01-19 16:10 - 00000892 _____ C:\WINDOWS\cmsetacl.log
    2015-07-26 23:33 - 2006-01-19 16:10 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
    2015-07-26 23:32 - 2006-01-19 08:02 - 00000000 ____D C:\WINDOWS\Help
    2015-07-26 21:55 - 2012-11-25 23:23 - 00002265 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
    2015-07-26 21:38 - 2014-09-19 19:06 - 00001802 _____ C:\WINDOWS\SecuniaPackage.log
    2015-07-26 00:26 - 2006-01-19 17:23 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
    2015-07-26 00:14 - 2006-01-19 18:01 - 00002409 _____ C:\Documents and Settings\All Users\Desktop\MyConnect™ Special Offer.lnk
    2015-07-26 00:00 - 2006-01-19 16:16 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
    2015-07-25 23:39 - 2014-02-12 20:24 - 00024985 _____ C:\WINDOWS\KB2916036.log
    2015-07-25 09:55 - 2006-01-19 17:11 - 00000000 ___HD C:\WINDOWS\$hf_mig$
    2015-07-25 09:19 - 2012-11-23 14:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2719985$
    2015-07-25 00:18 - 2014-02-13 23:02 - 00002353 _____ C:\Documents and Settings\Louis Paul Toscano\Start Menu\Programs\Windows Install Clean Up.lnk
    2015-07-24 23:45 - 2012-11-25 05:55 - 00000000 ____D C:\RegistryBackup
    2015-07-24 06:37 - 2014-10-16 04:18 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\BAVData
    2015-07-24 06:36 - 2014-10-07 01:11 - 00462152 _____ (Baidu, Inc.) C:\WINDOWS\system32\Drivers\Bndef.sys
    2015-07-24 06:36 - 2014-10-07 01:11 - 00197064 _____ (Baidu, Inc.) C:\WINDOWS\system32\Drivers\Bprotect.sys
    2015-07-24 06:36 - 2014-10-07 01:11 - 00052168 _____ (Baidu, Inc.) C:\WINDOWS\system32\Drivers\Bnbase.sys
    2015-07-24 06:36 - 2014-10-07 01:10 - 00149960 _____ (Baidu, Inc.) C:\WINDOWS\system32\Drivers\BHipsEx.sys
    2015-07-24 06:36 - 2014-10-07 01:10 - 00074888 _____ (Baidu, Inc.) C:\WINDOWS\system32\Drivers\Bhbase.sys
    2015-07-24 06:36 - 2014-10-07 01:10 - 00051144 _____ (Baidu, Inc.) C:\WINDOWS\system32\Drivers\Bfilter.sys
    2015-07-24 06:36 - 2014-10-07 01:10 - 00031176 _____ (Baidu, Inc.) C:\WINDOWS\system32\Drivers\Bfmon.sys
    2015-07-24 06:36 - 2014-10-07 01:10 - 00000685 _____ C:\Documents and Settings\All Users\Desktop\Baidu Antivirus.lnk
    2015-07-23 02:41 - 2012-11-23 19:03 - 00000000 ____D C:\Program Files\Microsoft ActiveSync
    2015-07-22 23:06 - 2014-12-05 00:16 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Application Data\ImgBurn
    2015-07-22 22:50 - 2013-11-15 17:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Intel PROSet Wireless
    2015-07-22 22:50 - 2013-04-24 21:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
    2015-07-22 22:25 - 2006-01-19 08:02 - 00000000 ____D C:\WINDOWS\system32\inetsrv
    2015-07-22 21:25 - 2012-11-27 22:51 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Application Data\vlc
    2015-07-21 23:10 - 2012-11-29 10:56 - 02219579 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1019493958-4142826306-2034615594-1005-0.dat
    2015-07-21 23:10 - 2012-11-28 02:24 - 00276162 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    2015-07-21 22:13 - 2014-03-09 20:57 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
    2015-07-21 21:09 - 2012-11-28 01:57 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Nero
    2015-07-21 20:40 - 2014-09-23 13:56 - 01558206 _____ C:\WINDOWS\setupapi.log.2.old
    2015-07-21 17:10 - 2012-11-28 01:57 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Application Data\Nero
    2015-07-21 17:09 - 2012-11-28 01:34 - 00000000 ____D C:\Program Files\Nero
    2015-07-21 17:08 - 2012-11-28 01:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Nero
    2015-07-17 20:53 - 2006-01-19 16:16 - 00000000 __SHD C:\Documents and Settings\LocalService
    2015-07-17 20:18 - 2012-11-23 14:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB971513$
    2015-07-17 19:25 - 2006-01-19 08:02 - 00000000 ____D C:\WINDOWS\system32\ias
    2015-07-17 19:24 - 2006-01-19 08:07 - 00607402 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2015-07-17 14:23 - 2012-11-23 13:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB946648$
    2015-07-17 13:29 - 2012-12-07 18:50 - 00000000 ____D C:\WINDOWS\system32\NtmsData
    2015-07-16 18:22 - 2012-11-22 02:26 - 00134466 _____ C:\WINDOWS\DPINST.LOG
    2015-07-16 18:20 - 2013-04-24 21:14 - 00000765 _____ C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
    2015-07-16 18:09 - 2015-03-11 21:23 - 00001168 _____ C:\WINDOWS\wininit.ini
    2015-07-16 14:09 - 2015-01-21 18:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Oracle
    2015-07-16 14:03 - 2012-11-29 03:16 - 00000000 ____D C:\Program Files\SystemRequirementsLab
    2015-07-16 13:56 - 2015-02-24 20:38 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
    2015-07-16 13:56 - 2015-02-24 20:38 - 00096352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
    2015-07-16 13:55 - 2014-10-16 01:34 - 00000000 ____D C:\Program Files\Java
    2015-07-16 13:36 - 2014-10-16 05:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
    2015-07-16 05:01 - 2014-01-28 22:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ProductData
    2015-07-16 03:03 - 2006-01-19 17:26 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
    2015-07-15 13:20 - 2014-09-04 14:47 - 00000000 ____D C:\Program Files\VS Revo Group
    2015-07-14 15:59 - 2013-07-10 08:24 - 00000000 ____D C:\WINDOWS\system32\MRT
    2015-07-14 09:35 - 2006-01-19 16:16 - 00000000 __SHD C:\Documents and Settings\NetworkService
    2015-07-14 09:35 - 2006-01-19 16:16 - 00000000 ____D C:\Documents and Settings\Administrator
    2015-07-14 09:33 - 2006-01-19 16:11 - 00000000 ____D C:\WINDOWS\Registration
    2015-07-14 09:32 - 2012-11-27 22:53 - 00000000 ____D C:\Program Files\DivX
    2015-07-14 09:32 - 2012-11-27 22:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DivX
    2015-07-14 00:48 - 2014-08-13 23:06 - 00000000 ____D C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Adobe
    2015-07-13 21:46 - 2006-01-19 17:23 - 00000000 ____D C:\Program Files\Intel
    2015-07-11 15:05 - 2013-09-10 20:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\DivX
    2015-07-11 11:15 - 2013-02-12 23:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2802968$
    2015-07-08 15:00 - 2014-03-07 08:54 - 00000242 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2015-07-04 02:35 - 2012-12-28 14:12 - 00000000 ____D C:\Program Files\CDBurnerXP
    2015-07-04 02:34 - 2013-04-26 22:18 - 00001615 _____ C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
    2015-07-04 02:34 - 2013-04-26 22:18 - 00001567 _____ C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
    2015-07-03 08:49 - 2012-11-23 14:30 - 127070192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-07-01 11:59 - 2013-03-19 18:08 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2015-07-01 11:59 - 2013-03-19 18:08 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

    ==================== Files in the root of some directories =======

    2015-06-19 13:10 - 2015-06-19 13:10 - 0000376 _____ () C:\Program Files\Common Files\TrackerSoftwareInstallerPDFX5SA.log
    2013-06-24 16:49 - 2013-06-24 16:49 - 0002528 _____ () C:\Documents and Settings\Louis Paul Toscano\Application Data\$_hpcst$.hpc
    2012-11-25 20:53 - 2015-03-08 19:08 - 0000846 _____ () C:\Documents and Settings\Louis Paul Toscano\Application Data\wklnhst.dat
    2014-09-25 15:21 - 2014-10-22 23:57 - 0207027 _____ () C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\ars.cache
     
  11. 2015/07/31
    troothteller

    troothteller Well-Known Member Thread Starter

    Joined:
    2010/12/06
    Messages:
    141
    Likes Received:
    0
    2014-09-25 15:21 - 2014-10-22 23:57 - 0302078 _____ () C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\census.cache
    2013-07-13 00:31 - 2015-07-29 07:02 - 0006144 _____ () C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-09-25 14:52 - 2014-09-25 14:52 - 0000036 _____ () C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\housecall.guid.cache

    Some files in TEMP:
    ====================
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\avcuf32.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\avcuf64.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\avxdisk.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\bdc.exe
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\bdcore.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\bdfltlib2k.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\bdnimbus32.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\bdnimbus64.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\bdupdateservice.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\DEVCON.EXE
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmcyhbc.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\encdec.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\esupdate.exe
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\FSSync.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\Getvlist.exe
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\ikave.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\ipc.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\kave.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\kavvlg.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\msvclnt.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\msvl64.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\msvlclnt.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\mwavdwnl.exe
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\MWAVL.exe
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\mwavscan.exe
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\mwunzip.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\prLoader.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\red32.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\Reload.exe
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\scan.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\ScanningProcess.exe
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\setpriv.exe
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\test2.exe
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\trufos.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\unregx.exe
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\UPDLL10.DLL
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\viewtcp.exe


    Some zero byte size files/folders:
    ==========================
    C:\Windows\logo_1.exe
    C:\Windows\RUNDL132.EXE
    C:\Windows\VDLL.DLL
    C:\Windows\System32\runouce.exe

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End of log ============================

    Here is the addition log:

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-07-2015
    Ran by Louis Paul Toscano (2015-07-31 05:02:44)
    Running from C:\Documents and Settings\Louis Paul Toscano\My Documents\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1019493958-4142826306-2034615594-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    ASPNET (S-1-5-21-1019493958-4142826306-2034615594-1003 - Limited - Enabled)
    Guest (S-1-5-21-1019493958-4142826306-2034615594-501 - Limited - Enabled)
    HelpAssistant (S-1-5-21-1019493958-4142826306-2034615594-1004 - Limited - Disabled)
    Louis Paul Toscano (S-1-5-21-1019493958-4142826306-2034615594-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Louis Paul Toscano
    SUPPORT_388945a0 (S-1-5-21-1019493958-4142826306-2034615594-1002 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Baidu Antivirus (Enabled - Up to date) {4B1BC635-7555-4a6b-8503-768A266DCA61}
    FW: Privatefirewall (Disabled) {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    60CulverAgentUpdate (Version: 1.00.0000 - Your Company Name) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
    Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated)
    Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
    America Online (Choose which version to remove) (HKLM\...\America Online us) (Version: - )
    AOL Coach Version 2.0(Build:20041026.5 en) (HKLM\...\AolCoach2_en) (Version: - )
    AOL Connectivity Services (HKLM\...\AOL Connectivity Services) (Version: - )
    AOL Spyware Protection (HKLM\...\AOL Spyware Protection) (Version: 1.0.76 - AOL Spyware Protection)
    AOL You've Got Pictures Screensaver (HKLM\...\AOL YGP Screensaver) (Version: - )
    Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ArcSoft Software Suite (HKLM\...\{BA561482-C49D-4687-A61C-96236C1688F0}) (Version: - )
    Atheros Client Utility (HKLM\...\{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}) (Version: 1.53.000 - )
    Baidu Antivirus (HKLM\...\Baidu Antivirus) (Version: 5.6.3.186847 - Baidu, Inc.)
    Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v4.00.23(T) - )
    Bonjour (HKLM\...\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}) (Version: 2.0.2.0 - Apple Inc.)
    Bonjour Print Services (HKLM\...\{9D210D79-AEC5-453B-960C-4DD2C73931E1}) (Version: 2.0.2.0 - Apple Inc.)
    CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 1.00.008 - TOSHIBA)
    CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5666 - CDBurnerXP)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Dropbox (HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\Dropbox) (Version: 3.8.5 - Dropbox, Inc.)
    DVD-RAM Driver (HKLM\...\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}) (Version: 5.0.2.5 - )
    F5U216 Ver2.11 (HKLM\...\{EB145CEA-998F-4C9D-AEF7-B4DBBD217DAF}) (Version: - )
    FTP Utility (HKLM\...\InstallShield_{A5EC243A-AAB4-4AF0-85A5-07F9F4618353}) (Version: 1.00.0000 - KONICA MINOLTA)
    FTP Utility (Version: 1.00.0000 - KONICA MINOLTA) Hidden
    High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
    HP Smart Print 2.1 (HKLM\...\{8046B41C-FB30-4614-898F-57D44D0C66EB}) (Version: 2.1.0.235 - Hewlett-Packard)
    ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
    Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: - )
    Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{954B463D-FC19-4855-B9FA-92A136AE7BB7}) (Version: 15.03.0000 - Intel Corporation)
    InterVideo WinDVD Creator 2 (HKLM\...\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}) (Version: 2.0.14.376 - InterVideo Inc.)
    InterVideo WinDVD for TOSHIBA (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.533 - InterVideo Inc.)
    ISO Recorder (HKLM\...\{0F6A7971-0F11-4A79-A0E9-133D0963A570}) (Version: 1.0.0 - Alex Feinman)
    Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
    KONICA MINOLTA magicolor 1690MF (HKLM\...\KONICA MINOLTA magicolor 1690MF) (Version: - )
    KONICA MINOLTA magicolor 1690MF Scanner (HKLM\...\InstallShield_{F7B12AB6-4B1C-4BC5-81CA-7CC42EDF4282}) (Version: 1.00.0000 - KONICA MINOLTA)
    KONICA MINOLTA magicolor 1690MF Scanner (Version: 1.00.0000 - KONICA MINOLTA) Hidden
    KONICA MINOLTA mc1690MF (FAX) (HKLM\...\{37599606-D472-446A-9646-B13CE8A55BB5}) (Version: - )
    Lazesoft Recovery Suite version 3.3 Home Edition (HKLM\...\LS-32CB12D5-CC47-4BC8-BC97-0613CDCB0406_is1) (Version: 3.3 - Lazesoft)
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    Metamail (Toshiba Registration Utility) (HKLM\...\{BE3F89C0-42D5-11D5-A40A-00105AC8331A}) (Version: 4.5 - )
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office OneNote 2003 (HKLM\...\{91A10409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Publisher 2003 (HKLM\...\{91190409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
    Mouse Suite (HKLM\...\{EEDBE2DF-4141-44A9-8614-9832B16637E6}) (Version: 1.2.3 - Dynex)
    MozBackup 1.5.1 (HKLM\...\MozBackup) (Version: - Pavel Cvrcek)
    Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MyConnect Special Offer (HKLM\...\{97D8751D-18A4-482B-9E9C-31DAD9BEC1EC}) (Version: 1.1.0 - TOSHIBA)
    Nero BackItUp (HKLM\...\{40F2F005-FA4C-4BEA-83A6-BFD969467594}) (Version: 15.62.1.116 - Nero AG)
    Nero Info (HKLM\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.1009 - Nero AG)
    Nero MediaHome Free (HKLM\...\{E0460191-5BE9-4E14-8C44-CC2EBC435A75}) (Version: 15.0.02400 - Nero AG)
    Nero Prerequisite Installer 3.0 (HKLM\...\{929FAC65-06DD-4577-882C-E8A558C47B75}) (Version: 15.0.00900 - Nero AG)
    Office 2003 Trial Assistant (Version: 1.0.0 - Microsoft) Hidden
    Paradox (HKLM\...\{D6540C25-6E4E-4DB0-B96D-989E257D9E5C}) (Version: 11.2.0.411 - Corel Corporation)
    Paradox Runtime (HKLM\...\{C2658D01-DC92-43AB-AD6B-04852B89F3A6}) (Version: 11.00.0000 - Corel Corporation)
    PDF-XChange Editor (HKLM\...\{b308d3b2-2203-41a7-95bb-16b819ef137e}) (Version: 5.5.313.1 - Tracker Software Products (Canada) Ltd.)
    PDF-XChange Editor (Version: 5.5.313.1 - Tracker Software Products (Canada) Ltd.) Hidden
    PDF-XChange Lite 2012 (HKLM\...\{25CFCE3C-5C95-49CB-B63A-E2861E6C0C98}_is1) (Version: 5.5.313.1 - Tracker Software Products Ltd)
    Prerequisite installer (Version: 15.0.0010 - Nero AG) Hidden
    Privatefirewall 7.0 (HKLM\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
    Protector Suite 5.4 (HKLM\...\{CDBFC424-DD00-497F-9BDC-4E4178332336}) (Version: 5.4.0.2726 - UPEK)
    Pure Networks Port Magic (HKLM\...\Port Magic) (Version: 1.2.1393.0 - Pure Networks)
    QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version: - )
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7083 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
    sat_screensaver_30mb (HKLM\...\sat_screensaver_30mb.scr) (Version: - )
    SD Secure Module (HKLM\...\{C45F4811-31D5-4786-801D-F79CD06EDD85}) (Version: 1.0.3 - TOSHIBA Corporation)
    SeaMonkey 2.33.1 (x86 en-US) (HKLM\...\SeaMonkey 2.33.1 (x86 en-US)) (Version: 2.33.1 - Mozilla)
    Secunia PSI (HKLM\...\Secunia PSI) (Version: - )
    Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 7.31 - Sonic Solutions)
    SpywareBlaster 5.2 (HKLM\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
    System Requirements Lab (HKLM\...\{FEE1F166-EAE4-4C4B-8988-D82521F9F63F}) (Version: 6.1.5.0 - Husdawg, LLC)
    System Requirements Lab for Intel (HKLM\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
    Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}) (Version: 1.16.0000 - Texas Instruments Inc.)
    TIPCI (Version: 1.16.0000 - Texas Instruments Inc.) Hidden
    TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: - )
    TOSHIBA ConfigFree (HKLM\...\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}) (Version: 5.90.05 - )
    TOSHIBA Controls (HKLM\...\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}) (Version: - )
    TOSHIBA Hotkey Utility (HKLM\...\{64DD71BC-3109-4C88-9AD3-D5422644B722}) (Version: 1.00.01ST - )
    TOSHIBA PC Diagnostic Tool (HKLM\...\PC Diagnostic Tool) (Version: - )
    TOSHIBA Power Saver (HKLM\...\Power Saver) (Version: 7.03.07.I - )
    TOSHIBA SD Memory Card Format (HKLM\...\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}) (Version: - )
    TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.62 (SM2162ALD04) - )
    TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: - )
    TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - )
    TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
    TOSHIBA TouchPad ON/Off Utility (HKLM\...\{69BE47C2-36FE-4397-8199-85D8EAE69982}) (Version: 1.00.01ST - )
    TOSHIBA Utilities (HKLM\...\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}) (Version: 1.00.08ST - )
    TOSHIBA Virtual Sound (HKLM\...\{8B12BA86-ADAC-4BA6-B441-FFC591087252}) (Version: - )
    TOSHIBA Zooming Utility (HKLM\...\{64212898-097F-4F3F-AECA-6D34A7EF82DF}) (Version: - )
    Universal Extractor 1.6.1 (HKLM\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
    Update Manager (Version: 4.60 - Corel Corporation) Hidden
    VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    WD My Cloud (HKLM\...\{F21C4C7B-E803-4BEF-8861-C2C63A133ABB}) (Version: 1.0.4.37 - Western Digital Technologies, Inc.)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows Mobile 6.5 Standard Developer Tool Kit - USA (HKLM\...\{378A0ECD-324C-4727-8D25-242D42209AA6}) (Version: 6.5.0.21234 - Microsoft Corporation)
    Windows PowerShell(TM) 1.0 (HKLM\...\PowerShell) (Version: 1 - Microsoft Corporation)
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
    WordPerfect Office X3 (HKLM\...\{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}) (Version: 13.0 - Corel Corporation)
    WordPerfect OfficeReady (HKLM\...\{737D7CA8-D05C-46C7-AFED-A76616E8CA3B}) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{037FB476-15E0-4ED1-B11A-E420B750B1A8}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{5AFAFE48-7107-4FE5-B21A-86A4254541DD}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\dwusplay.dll (InstallShield Software Corporation)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Dropbox\Update\1.3.27.2 (the data entry has 20 more characters).
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{E42CE23D-69F9-480A-A15F-BFF5E4D170C3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{F1522EC1-F84F-4CE2-A38C-F9384B0DFD41}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32
     
  12. 2015/07/31
    troothteller

    troothteller Well-Known Member Thread Starter

    Joined:
    2010/12/06
    Messages:
    141
    Likes Received:
    0
    -> C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Documents and Settings\Louis Paul Toscano\Application Data\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)

    ==================== Restore Points =========================

    22-07-2015 08:59:07 Software Distribution Service 3.0
    22-07-2015 09:41:52 Software Distribution Service 3.0
    22-07-2015 09:44:24 Software Distribution Service 3.0
    23-07-2015 02:04:01 Restore Operation
    23-07-2015 02:39:05 MSActiveSyncRemoved
    23-07-2015 02:41:03 Removed Microsoft ActiveSync
    23-07-2015 02:54:47 Installed Windows Mobile 6.5 Standard Developer Tool Kit - USA
    23-07-2015 03:23:01 Software Distribution Service 3.0
    23-07-2015 03:36:59 Software Distribution Service 3.0
    23-07-2015 03:47:13 Software Distribution Service 3.0
    23-07-2015 10:38:33 Software Distribution Service 3.0
    23-07-2015 10:43:27 Software Distribution Service 3.0
    23-07-2015 10:47:18 Software Distribution Service 3.0
    23-07-2015 12:24:49 Software Distribution Service 3.0
    23-07-2015 23:31:49 Software Distribution Service 3.0
    24-07-2015 19:59:24 Software Distribution Service 3.0
    24-07-2015 20:26:36 Software Distribution Service 3.0
    24-07-2015 23:37:03 Software Distribution Service 3.0
    24-07-2015 23:43:07 FixWindowsUpdateProblem
    25-07-2015 00:19:10 Software Distribution Service 3.0
    25-07-2015 09:52:31 Software Distribution Service 3.0
    25-07-2015 09:55:44 Software Distribution Service 3.0
    26-07-2015 00:16:29 Software Distribution Service 3.0
    26-07-2015 00:27:09 Installed Windows XP Service Pack 3.
    26-07-2015 00:43:31 Software Distribution Service 3.0
    26-07-2015 00:49:18 Software Distribution Service 3.0
    26-07-2015 20:17:17 CompatibilityToolKit
    27-07-2015 01:15:04 FourCriticalUpdates
    27-07-2015 01:16:09 Software Distribution Service 3.0
    27-07-2015 01:19:01 Software Distribution Service 3.0
    27-07-2015 01:21:19 Software Distribution Service 3.0
    27-07-2015 01:37:55 Installed Windows XP KB2719985.
    27-07-2015 01:40:43 Software Distribution Service 3.0
    27-07-2015 01:52:50 Software Distribution Service 3.0
    27-07-2015 01:58:18 Software Distribution Service 3.0
    27-07-2015 02:00:29 Software Distribution Service 3.0
    27-07-2015 02:08:41 Revo Uninstaller Pro's restore point - Security Update for Windows XP (KB2757638)
    27-07-2015 02:13:34 Software Distribution Service 3.0
    27-07-2015 02:16:08 Software Distribution Service 3.0
    27-07-2015 09:52:22 Software Distribution Service 3.0
    27-07-2015 12:46:50 Software Distribution Service 3.0
    27-07-2015 12:50:23 Software Distribution Service 3.0
    27-07-2015 15:15:16 Software Distribution Service 3.0
    27-07-2015 15:17:50 Software Distribution Service 3.0
    27-07-2015 15:20:01 Software Distribution Service 3.0
    28-07-2015 11:33:02 RemoveDriverAlert
    29-07-2015 11:41:08 System Checkpoint
    29-07-2015 20:02:53 RemoveUnnecessaryNetworkAdapter
    30-07-2015 20:17:18 System Checkpoint
    31-07-2015 02:22:50 NewSAS

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-01-19 14:53 - 2014-05-07 16:57 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\060184C3-9766-46a0-B258-F4518A0B2633.job => C:\WINDOWS\system32\cscript.exeYC:\Documents and Settings\All Users\Application Data\Baidu Security\Duplicaterecord.js <==== ATTENTION
    Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    Task: C:\WINDOWS\Tasks\BackItUp_Launch.job => C:\Program Files\Nero\Nero BackItUp\BackItUp.exe
    Task: C:\WINDOWS\Tasks\Baidu Antivirus Update.job => C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BavUpdater.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1019493958-4142826306-2034615594-1005Core.job => C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1019493958-4142826306-2034615594-1005UA.job => C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\SparkUpdater.job => C:\Program Files\baidu\Spark\SparkUpdate.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{03CF1C70-73A8-4B6C-85B0-0007F76BEBD8}.job => C:\WINDOWS\system32\msfeedssync.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2004-07-20 21:04 - 2004-07-20 21:04 - 00094208 _____ () C:\WINDOWS\system32\TosBtHcrpAPI.dll
    2012-11-22 02:18 - 2002-07-04 13:38 - 00053248 _____ () C:\Program Files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
    2005-01-18 17:16 - 2005-01-18 17:16 - 00149504 _____ () C:\Program Files\Common Files\Corel\Shared\Indexing\WpdFilt.dll
    2015-07-24 06:36 - 2015-07-24 06:36 - 00298480 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\HipsLogger.dll
    2015-07-24 06:36 - 2015-07-14 00:09 - 00176112 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\dark.dll
    2015-07-24 06:36 - 2015-07-24 06:36 - 00540656 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\sqlite.dll
    2006-01-19 17:30 - 2006-01-04 22:14 - 00049152 _____ () C:\Program Files\Toshiba\Toshiba Applet\TouchPad_OnOff.dll
    2014-01-10 01:26 - 2014-01-10 01:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    2015-07-24 06:36 - 2015-07-24 06:36 - 00197944 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\TinyIPC32.dll
    2015-07-24 06:36 - 2015-07-24 06:36 - 00167920 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\Plugins\Plugin_Hips_TipsCtl\HipsTipControl.dll
    2015-07-24 06:36 - 2015-07-24 06:36 - 00147952 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\Plugins\Plugin_User_Mon\HUMHandler\HUMAnalyzeHandler.dll
    2015-07-24 06:36 - 2015-07-24 06:36 - 00158704 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\Plugins\Plugin_User_Mon\HUMHandler\HUMSupplementHandler.dll
    2015-07-24 06:36 - 2015-07-24 06:36 - 00120304 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\Plugins\Plugin_User_Mon\HUMHandler\HUMUSBHandler.dll
    2015-07-24 06:36 - 2015-07-24 06:36 - 00277488 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\Pulgin_Dark_DeleteFileTip.dll
    2015-07-24 06:36 - 2015-07-24 06:36 - 00370672 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BNetOp.dll
    2014-06-18 02:57 - 2009-04-03 03:13 - 00091648 _____ () C:\WINDOWS\system32\M1690WDX.dll
    2006-01-19 17:47 - 2005-07-12 21:14 - 00040960 _____ () c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    2012-12-14 00:02 - 2015-03-23 19:48 - 00150528 _____ () C:\Program Files\SeaMonkey\NSLDAP32V60.dll
    2012-12-14 00:02 - 2015-03-23 19:48 - 00014848 _____ () C:\Program Files\SeaMonkey\NSLDAPPR32V60.dll
    2009-02-26 10:45 - 2009-02-26 10:45 - 00024912 _____ () C:\Program Files\Microsoft Office\Office12\Wordcnvpxy.cnv
    2015-07-30 20:00 - 2015-07-30 20:00 - 00071168 _____ () c:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmcyhbc.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\WINDOWS\cfdemo.scr: SummaryInformation
    AlternateDataStreams: C:\WINDOWS\cfdemo.scr:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\WINDOWS\system32\lsass.exe: SummaryInformation
    AlternateDataStreams: C:\WINDOWS\system32\lsass.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    AlternateDataStreams: C:\Documents and Settings\Louis Paul Toscano\Desktop\msicuu2.exe: SummaryInformation
    AlternateDataStreams: C:\Documents and Settings\Louis Paul Toscano\Desktop\msicuu2.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Documents and Settings\Louis Paul Toscano\Desktop\transactions.csv: SummaryInformation
    AlternateDataStreams: C:\Documents and Settings\Louis Paul Toscano\Desktop\transactions.csv:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Documents and Settings\Louis Paul Toscano\My Documents\ETA 8429 EXP 4-30-15.pdf: SummaryInformation
    AlternateDataStreams: C:\Documents and Settings\Louis Paul Toscano\My Documents\ETA 8429 EXP 4-30-15.pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service "=" "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => " "= "Driver "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service "=" "
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => " "= "Driver "

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\comcast.net -> hxxps://xfinity.comcast.net
    IE trusted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\computermail.net -> hxxps://www.computermail.net
    IE trusted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\google.com -> hxxps://www.google.com
    IE trusted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\microsoft.com -> hxxps://answers.microsoft.com
    IE trusted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\secunia.com -> hxxps://secunia.com
    IE trusted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\webcompanion.com -> hxxp://webcompanion.com
    IE trusted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\yahoo.com -> hxxps://www.yahoo.com

    IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\008k.com -> 008k.com
    IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\00hq.com -> 00hq.com
    IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\0411dd.com -> 0411dd.com
    IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\0511zfhl.com -> 0511zfhl.com
    IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\0632qyw.com -> 0632qyw.com
    IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\1-domains-registrations.com -> 1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\1-se.com -> 1-se.com
    IE restricted site: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\...\1001movie.com -> 1001movie.com

    There are 6092 more restricted sites.

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Toshiba.bmp
    DNS Servers: 75.75.75.75 - 75.75.76.76
    sharedaccess Firewall Service is not running.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^cysec-AV.exe => C:\WINDOWS\pss\cysec-AV.exeCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\WINDOWS\pss\Secunia PSI Tray.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^Louis Paul Toscano^Start Menu^Programs^Startup^HotSync Manager.lnk => C:\WINDOWS\pss\HotSync Manager.lnkStartup
    MSCONFIG\startupfolder: C:^Documents and Settings^Louis Paul Toscano^Start Menu^Programs^Startup^Secunia PSI.lnk => C:\WINDOWS\pss\Secunia PSI.lnkStartup
    MSCONFIG\startupreg: ISUSPM Startup => "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
    MSCONFIG\startupreg: Nero BackItUp => "C:\Program Files\Nero\Nero BackItUp\BackItUp.exe" /WinStart
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
    MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    DomainProfile\AuthorizedApplications: [C:\Program Files\Nero\Nero BackItUp\BackItUp.exe] => Enabled:BackItUp
    StandardProfile\AuthorizedApplications: [C:\Program Files\Nero\Nero BackItUp\BackItUp.exe] => Enabled:BackItUp
    DomainProfile\GloballyOpenPorts: [3389:TCP] => Enabled:mad:xpsp2res.dll,-22009
    DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:mad:xpsp2res.dll,-22004
    DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:mad:xpsp2res.dll,-22005
    DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:mad:xpsp2res.dll,-22001
    DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:mad:xpsp2res.dll,-22002
    StandardProfile\GloballyOpenPorts: [3389:TCP] => Enabled:mad:xpsp2res.dll,-22009
    StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ==================== Faulty Device Manager Devices =============

    Name: RAS Async Adapter
    Description: RAS Async Adapter
    Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Manufacturer: Microsoft
    Service: AsyncMac
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action ", and then click "Enable Device ". This starts the Enable Device wizard. Follow the instructions.

    Could not list Devices. Check "winmgmt" service or repair WMI.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/27/2015 03:08:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application QuickTimePlayer.exe, version 7.76.80.95, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (07/27/2015 03:07:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application QuickTimePlayer.exe, version 7.76.80.95, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (07/26/2015 09:51:54 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 39.0.0.5659, faulting module mozalloc.dll, version 39.0.0.5659, fault address 0x00001aa1.
    Processing media-specific event for [plugin-container.exe!ws!]

    Error: (07/26/2015 09:51:54 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 39.0.0.5659, faulting module mozalloc.dll, version 39.0.0.5659, fault address 0x00001aa1.
    Processing media-specific event for [plugin-container.exe!ws!]

    Error: (07/26/2015 09:51:48 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 39.0.0.5659, faulting module mozalloc.dll, version 39.0.0.5659, fault address 0x00001aa1.
    Processing media-specific event for [plugin-container.exe!ws!]

    Error: (07/26/2015 09:38:29 PM) (Source: MsiInstaller) (EventID: 1024) (User: TOSHIBA-USER)
    Description: Product: Adobe Reader XI (11.0.12) - Update 'Adobe Reader XI (11.0.08)' could not be installed. Error code 1638. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (07/26/2015 09:38:29 PM) (Source: MsiInstaller) (EventID: 1024) (User: TOSHIBA-USER)
    Description: Product: Adobe Reader XI (11.0.12) - Update 'Adobe Reader XI (11.0.01)' could not be installed. Error code 1638. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (07/26/2015 09:38:29 PM) (Source: MsiInstaller) (EventID: 1024) (User: TOSHIBA-USER)
    Description: Product: Adobe Reader XI (11.0.12) - Update 'Adobe Reader XI (11.0.02)' could not be installed. Error code 1638. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (07/26/2015 09:38:29 PM) (Source: MsiInstaller) (EventID: 1024) (User: TOSHIBA-USER)
    Description: Product: Adobe Reader XI (11.0.12) - Update 'Adobe Reader XI (11.0.03)' could not be installed. Error code 1638. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (07/26/2015 09:38:29 PM) (Source: MsiInstaller) (EventID: 1024) (User: TOSHIBA-USER)
    Description: Product: Adobe Reader XI (11.0.12) - Update 'Adobe Reader XI (11.0.04)' could not be installed. Error code 1638. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127


    System errors:
    =============
    Error: (07/31/2015 02:41:13 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:
    %%2

    Error: (07/29/2015 07:48:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:
    %%2

    Error: (07/29/2015 07:48:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Net.Tcp Port Sharing Service service failed to start due to the following error:
    %%1053

    Error: (07/29/2015 07:48:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Net.Tcp Port Sharing Service service to connect.

    Error: (07/29/2015 07:48:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The MBAMService service failed to start due to the following error:
    %%1053

    Error: (07/29/2015 07:48:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the MBAMService service to connect.

    Error: (07/29/2015 07:46:44 PM) (Source: NETLOGON) (EventID: 3095) (User: )
    Description: This computer is configured as a member of a workgroup, not as
    a member of a domain. The Netlogon service does not need to run in this
    configuration.

    Error: (07/29/2015 07:46:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The @%SystemRoot%\system32\FirewallAPI.dll,-23090 service depends on the @%SystemRoot%\system32\bfe.dll,-1001 service which failed to start because of the following error:
    %%1053

    Error: (07/29/2015 07:46:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The @%SystemRoot%\system32\bfe.dll,-1001 service failed to start due to the following error:
    %%1053

    Error: (07/29/2015 07:46:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the @%SystemRoot%\system32\bfe.dll,-1001 service to connect.


    Microsoft Office:
    =========================
    Error: (07/27/2015 03:08:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: QuickTimePlayer.exe7.76.80.95hungapp0.0.0.000000000

    Error: (07/27/2015 03:07:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: QuickTimePlayer.exe7.76.80.95hungapp0.0.0.000000000

    Error: (07/26/2015 09:51:54 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: plugin-container.exe39.0.0.5659mozalloc.dll39.0.0.565900001aa1

    Error: (07/26/2015 09:51:54 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: plugin-container.exe39.0.0.5659mozalloc.dll39.0.0.565900001aa1

    Error: (07/26/2015 09:51:48 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: plugin-container.exe39.0.0.5659mozalloc.dll39.0.0.565900001aa1

    Error: (07/26/2015 09:38:29 PM) (Source: MsiInstaller) (EventID: 1024) (User: TOSHIBA-USER)
    Description: Adobe Reader XI (11.0.12)Adobe Reader XI (11.0.08)1638(NULL)(NULL)

    Error: (07/26/2015 09:38:29 PM) (Source: MsiInstaller) (EventID: 1024) (User: TOSHIBA-USER)
    Description: Adobe Reader XI (11.0.12)Adobe Reader XI (11.0.01)1638(NULL)(NULL)

    Error: (07/26/2015 09:38:29 PM) (Source: MsiInstaller) (EventID: 1024) (User: TOSHIBA-USER)
    Description: Adobe Reader XI (11.0.12)Adobe Reader XI (11.0.02)1638(NULL)(NULL)

    Error: (07/26/2015 09:38:29 PM) (Source: MsiInstaller) (EventID: 1024) (User: TOSHIBA-USER)
    Description: Adobe Reader XI (11.0.12)Adobe Reader XI (11.0.03)1638(NULL)(NULL)

    Error: (07/26/2015 09:38:29 PM) (Source: MsiInstaller) (EventID: 1024) (User: TOSHIBA-USER)
    Description: Adobe Reader XI (11.0.12)Adobe Reader XI (11.0.04)1638(NULL)(NULL)


    ==================== Memory info ===========================

    Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz
    Percentage of memory in use: 49%
    Total physical RAM: 2549.98 MB
    Available physical RAM: 1275.12 MB
    Total Virtual: 4443.05 MB
    Available Virtual: 3236.45 MB

    ==================== Drives ================================

    Drive c: (SQ004013P03) (Fixed) (Total:74.28 GB) (Free:28.28 GB) NTFS ==>[drive with boot components (Windows XP)]
    Drive z: () (Network) (Total:1829.36 GB) (Free:1791.83 GB)

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 388E388D)
    Partition 1: (Active) - (Size=74.3 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=251 MB) - (Type=88)

    ==================== End of log ============================

    I did not click on Fix because your instructions did not say to; however, I think it ran more than once.

    Having just run eScan Toolkit, it found the following three:

    JS:Trojan.Crypt.NJ[ZP] (DB) - two instances
    Adware.PricePeep.A[ZP] (DB)
     
  13. 2015/07/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  14. 2015/07/31
    troothteller

    troothteller Well-Known Member Thread Starter

    Joined:
    2010/12/06
    Messages:
    141
    Likes Received:
    0
    broni, this is confusing because FRST went to my regular Downloads file; but I will run it from where it is.
     
  15. 2015/07/31
    troothteller

    troothteller Well-Known Member Thread Starter

    Joined:
    2010/12/06
    Messages:
    141
    Likes Received:
    0
    [Active] Rootkit Help

    I downloaded the program and hit "Fix." A bunch of error messages came up, too many to take screenshots. Then those boxes came up that said, "A plugin needs to close. Send report?" A button that said click OK to reboot came up, and I clicked OK. I am posting this from my Windows 7. The XP seems to hang with the program still open but not rebooting. I am going to hit "Fix" again. From having tried to fix this XP myself, I really made a mess of it.
     
  16. 2015/07/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You have to read my instructions carefully.
    Copy FRST file from "Downloads" folder and paste it on your Desktop.
    Make sure that "fixlist.txt" is also on your Desktop.
    Then run FRST again and hit "Fix" button.
     
  17. 2015/07/31
    troothteller

    troothteller Well-Known Member Thread Starter

    Joined:
    2010/12/06
    Messages:
    141
    Likes Received:
    0
    broni, since my first run of this program went south, should I hit only "Fix;" or should I hit "Scan" first and then "Fix?" Under previous guidelines, the program did not run for very long. At this time I downloaded fixlist.txt to my Desktop after copying FRST from my Downloads folder to Desktop.
     
  18. 2015/07/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Just run FRST and hit "Fix" button.
     
  19. 2015/07/31
    troothteller

    troothteller Well-Known Member Thread Starter

    Joined:
    2010/12/06
    Messages:
    141
    Likes Received:
    0
    If we accomplished nothing else today, broni, we got this to work. After I post the log, I will reboot because that is what it tried to do in the previous run. The log:
    Fix result of Farbar Recovery Scan Tool (x86) Version:30-07-2015
    Ran by Louis Paul Toscano (2015-07-31 19:24:39) Run:2
    Running from C:\Documents and Settings\Louis Paul Toscano\Desktop
    Loaded Profiles: Louis Paul Toscano (Available Profiles: Louis Paul Toscano & Administrator)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    GroupPolicyScripts: Group Policy detected <======= ATTENTION
    GroupPolicyScripts\User: Group Policy detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    Toolbar: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-1019493958-4142826306-2034615594-1005 -> No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
    FF Plugin: @FortinetCacheClean -> C:\Program Files\Fortinet\FortiClient\npccplugin.dll No File
    FF Plugin: @FortinetCacheCleanEx -> C:\Program Files\Fortinet\FortiClient\npccpluginex.dll No File
    FF Plugin: @FortinetTunnelControl -> C:\Program Files\Fortinet\FortiClient\nptcplugin.dll No File
    FF Plugin: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files\PDFlite\npPdfViewer.dll No File
    FF Plugin HKU\S-1-5-21-1019493958-4142826306-2034615594-1005: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files\PDFlite\npPdfViewer.dll No File
    S4 IntelIde; No ImagePath
    2015-06-19 13:10 - 2015-06-19 13:10 - 0000376 _____ () C:\Program Files\Common Files\TrackerSoftwareInstallerPDFX5SA.log
    2013-06-24 16:49 - 2013-06-24 16:49 - 0002528 _____ () C:\Documents and Settings\Louis Paul Toscano\Application Data\$_hpcst$.hpc
    2012-11-25 20:53 - 2015-03-08 19:08 - 0000846 _____ () C:\Documents and Settings\Louis Paul Toscano\Application Data\wklnhst.dat
    2014-09-25 15:21 - 2014-10-22 23:57 - 0207027 _____ () C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\ars.cache
    2014-09-25 15:21 - 2014-10-22 23:57 - 0302078 _____ () C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\census.cache
    2013-07-13 00:31 - 2015-07-29 07:02 - 0006144 _____ () C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-09-25 14:52 - 2014-09-25 14:52 - 0000036 _____ () C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\housecall.guid.cache
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\avcuf32.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\avcuf64.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\avxdisk.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\bdc.exe
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\bdcore.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\bdfltlib2k.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\bdnimbus32.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\bdnimbus64.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\bdupdateservice.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\DEVCON.EXE
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmcyhbc.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\encdec.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\esupdate.exe
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\FSSync.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\Getvlist.exe
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\ikave.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\ipc.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\kave.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\kavvlg.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\msvclnt.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\msvl64.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\msvlclnt.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\mwavdwnl.exe
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\MWAVL.exe
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\mwavscan.exe
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\mwunzip.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\prLoader.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\red32.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\Reload.exe
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\scan.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\ScanningProcess.exe
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\setpriv.exe
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\test2.exe
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\trufos.dll
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\unregx.exe
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\UPDLL10.DLL
    C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\viewtcp.exe
    C:\Windows\logo_1.exe
    C:\Windows\RUNDL132.EXE
    C:\Windows\VDLL.DLL
    C:\Windows\System32\runouce.exe
    Task: C:\WINDOWS\Tasks\060184C3-9766-46a0-B258-F4518A0B2633.job => C:\WINDOWS\system32\cscript.exeYC:\Documents and Settings\All Users\Application Data\Baidu Security\Duplicaterecord.js <==== ATTENTION
    C:\Documents and Settings\All Users\Application Data\Baidu Security\Duplicaterecord.js
    AlternateDataStreams: C:\WINDOWS\cfdemo.scr: SummaryInformation
    AlternateDataStreams: C:\WINDOWS\cfdemo.scr:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\WINDOWS\system32\lsass.exe: SummaryInformation
    AlternateDataStreams: C:\WINDOWS\system32\lsass.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    AlternateDataStreams: C:\Documents and Settings\Louis Paul Toscano\Desktop\msicuu2.exe: SummaryInformation
    AlternateDataStreams: C:\Documents and Settings\Louis Paul Toscano\Desktop\msicuu2.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Documents and Settings\Louis Paul Toscano\Desktop\transactions.csv: SummaryInformation
    AlternateDataStreams: C:\Documents and Settings\Louis Paul Toscano\Desktop\transactions.csv:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Documents and Settings\Louis Paul Toscano\My Documents\ETA 8429 EXP 4-30-15.pdf: SummaryInformation
    AlternateDataStreams: C:\Documents and Settings\Louis Paul Toscano\My Documents\ETA 8429 EXP 4-30-15.pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

    *****************

    "C:\WINDOWS\system32\GroupPolicy\Machine" => File/Folder not found.
    "C:\WINDOWS\system32\GroupPolicy\User" => File/Folder not found.
    HKLM\SOFTWARE\Policies\Google => key not found.
    HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
    HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
    HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
    HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} => value not found.
    HKCR\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} => key not found.
    HKLM\Software\MozillaPlugins\@FortinetCacheClean => key not found.
    HKLM\Software\MozillaPlugins\@FortinetCacheCleanEx => key not found.
    HKLM\Software\MozillaPlugins\@FortinetTunnelControl => key not found.
    HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin => key not found.
    HKU\S-1-5-21-1019493958-4142826306-2034615594-1005\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin => key not found.
    C:\Program Files\PDFlite\npPdfViewer.dll not found.
    IntelIde => service not found.
    "C:\Program Files\Common Files\TrackerSoftwareInstallerPDFX5SA.log" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Application Data\$_hpcst$.hpc" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Application Data\wklnhst.dat" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\ars.cache" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\census.cache" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data\housecall.guid.cache" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\avcuf32.dll" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\avcuf64.dll" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\avxdisk.dll" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\bdc.exe" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\bdcore.dll" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\bdfltlib2k.dll" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\bdnimbus32.dll" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\bdnimbus64.dll" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\bdupdateservice.dll" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\DEVCON.EXE" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmcyhbc.dll" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\encdec.dll" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\esupdate.exe" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\FSSync.dll" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\Getvlist.exe" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\ikave.dll" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\ipc.dll" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\kave.dll" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\kavvlg.dll" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\msvclnt.dll" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\msvl64.dll" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\msvlclnt.dll" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\mwavdwnl.exe" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\MWAVL.exe" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\mwavscan.exe" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\mwunzip.dll" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\prLoader.dll" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\red32.dll" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\Reload.exe" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\scan.dll" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\ScanningProcess.exe" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\setpriv.exe" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\test2.exe" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\trufos.dll" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\unregx.exe" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\UPDLL10.DLL" => File/Folder not found.
    "C:\Documents and Settings\Louis Paul Toscano\Local Settings\Temp\viewtcp.exe" => File/Folder not found.
    "C:\Windows\logo_1.exe" => File/Folder not found.
    "C:\Windows\RUNDL132.EXE" => File/Folder not found.
    "C:\Windows\VDLL.DLL" => File/Folder not found.
    "C:\Windows\System32\runouce.exe" => File/Folder not found.
    C:\WINDOWS\Tasks\060184C3-9766-46a0-B258-F4518A0B2633.job not found.
    "C:\Documents and Settings\All Users\Application Data\Baidu Security\Duplicaterecord.js" => File/Folder not found.
    "C:\WINDOWS\cfdemo.scr" => ": SummaryInformation" ADS not found.
    "C:\WINDOWS\cfdemo.scr" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
    "C:\WINDOWS\system32\lsass.exe" => ": SummaryInformation" ADS not found.
    "C:\WINDOWS\system32\lsass.exe" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
    "C:\Documents and Settings\All Users\Application Data\TEMP" => ":5C321E34" ADS not found.
    "C:\Documents and Settings\Louis Paul Toscano\Desktop\msicuu2.exe" => ": SummaryInformation" ADS not found.
    "C:\Documents and Settings\Louis Paul Toscano\Desktop\msicuu2.exe" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
    "C:\Documents and Settings\Louis Paul Toscano\Desktop\transactions.csv" => ": SummaryInformation" ADS not found.
    "C:\Documents and Settings\Louis Paul Toscano\Desktop\transactions.csv" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
    "C:\Documents and Settings\Louis Paul Toscano\My Documents\ETA 8429 EXP 4-30-15.pdf" => ": SummaryInformation" ADS not found.
    "C:\Documents and Settings\Louis Paul Toscano\My Documents\ETA 8429 EXP 4-30-15.pdf" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.

    ==== End of Fixlog 19:24:40 ====
     
  20. 2015/07/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good job :)

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported ".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  21. 2015/07/31
    troothteller

    troothteller Well-Known Member Thread Starter

    Joined:
    2010/12/06
    Messages:
    141
    Likes Received:
    0
    broni, before I do this, under RogueKiller, does the second line pertain to XP users? Vista instructions usually do. The problem is on Windows XP.
     
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.