Page 1 of 3 123 LastLast
Results 1 to 10 of 29

Thread: Barowwsoe2Save

  1. 2014-02-28, 12:54 #1
    kidzndogz
    kidzndogz is offline
    Junior Member
    Join Date
    Feb 2014
    Location
    East Coast
    Posts
    16

    Default Barowwsoe2Save

    Hi:
    I'm having a difficult time with this malware and I read another post and followed the insturctions:

    Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
    There are 6 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click and choose Run as Admin
    You only need to get one of them to run, not all of them.

    rkill.exe
    rkill.com
    rkill.scr
    rkill.pif
    WiNlOgOn.exe
    uSeRiNiT.exe

    I copied the note pads results and tried to attached them here but it wouldn't allow me to do so with a notice saying "scan result of Farbar Recovery Scan Tool.docx: Invalid File. " I hope this is where I'm supposed to post it because the computer doesn't give me time to work before other things pop-up. It took me an hour just to post this message!

    ~~~~~~~~~~~~~~~~~`

    Please download Farbar Recovery Scan Tool

    (use correct version for your system.....Which system am I using?)
    and Tutorial http://www.geekstogo.com/forum/topic...ery-scan-tool/
  2. 2014-02-28, 13:33 #2
    Juliet
    Juliet is offline
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Hi and welcome

    You really don't have to attach those logs, copy and paste them to notepad (they should actually already be on notepad), then copy and paste here into this topic?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
  3. 2014-02-28, 22:05 #3
    kidzndogz
    kidzndogz is offline
    Junior Member
    Join Date
    Feb 2014
    Location
    East Coast
    Posts
    16

    Default

    I think I tried that, but let me try again tonight.
  4. 2014-02-28, 23:57 #4
    Juliet
    Juliet is offline
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
  5. 2014-03-01, 01:34 #5
    kidzndogz
    kidzndogz is offline
    Junior Member
    Join Date
    Feb 2014
    Location
    East Coast
    Posts
    16

    Default

    It's 31 pages long! 75207 characters. It won't allow me to post it. Should I post it in parts or am I trying to post the wrong thing? I'll post the first bit of it here.

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-02-2014 02
    Ran by NSauter (administrator) on MOM on 28-02-2014 06:18:00
    Running from C:\Documents and Settings\NSauter\My Documents\Downloads
    Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Acer Inc.) C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    (Amazon.com) C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    (Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
    () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
    (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    (Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
    (S3 Graphics, Inc.) C:\WINDOWS\system32\VTTimer.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    (Oberon Media ) C:\Program Files\Gamesbar\SearchEngineProtection.exe
    (acer Inc.) C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    () C:\Program Files\NETGEAR\WNA1000M\WNA1000M.exe
    () C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    (RealNetworks, Inc.) c:\program files\real\realplayer\update\realsched.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
    (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [LaunchApp] - Alaunch
    HKLM\...\Run: [IMJPMIG8.1] - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-04] (Microsoft Corporation)
    HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2004-08-04] ()
    HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
    HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
    HKLM\...\Run: [VTTimer] - C:\WINDOWS\system32\VTTimer.exe [53248 2005-05-13] (S3 Graphics, Inc.)
    HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
    HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [TkBellExe] - c:\program files\real\realplayer\update\realsched.exe [295512 2013-09-21] (RealNetworks, Inc.)
    HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBGAFcALQBOAEgANwA0AFMALQA2AEoAVgBaAFIALQBGAEsAUABZAEEALQAyAFIARgBLAFAALQBTADYARQAwAEYA"&"inst=NwA2AC0ANQAwADMANgAxADEAMgAwADAALQBVADkAMAArADEALQBUAFAAKwAxAC0AWABPADMANgArADEALQBTAFQAMQArADIALQBUAEIAOQArADIALQBOADEARAArADEALQBQAEwAKwA5AC0ARABEAFQAKwAwAA"&"prod=93"&"ver=9.0.894
    HKLM\...\RunOnce: [SpybotSnD] - "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck [5365592 2009-01-26] (Safer Networking Limited)
    HKU\S-1-5-21-1091622689-2893527348-2989258316-1006\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-02-12] (TomTom)
    HKU\S-1-5-21-1091622689-2893527348-2989258316-1006\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    HKU\S-1-5-21-1091622689-2893527348-2989258316-1006\...\Run: [SearchEngineProtection] - C:\Program Files\Gamesbar\SearchEngineProtection.exe [591248 2011-03-03] (Oberon Media )
    HKU\S-1-5-21-1091622689-2893527348-2989258316-1006\...\Run: [CAHeadless] - C:\Program Files\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
    HKU\S-1-5-21-1091622689-2893527348-2989258316-1006\...\Policies\Explorer: [HideSCAHealth] 1
    HKU\S-1-5-21-1091622689-2893527348-2989258316-1006\...\MountPoints2: {05f79474-6739-11df-963b-001558265613} - J:\LaunchU3.exe -a
    HKU\S-1-5-21-1091622689-2893527348-2989258316-1006\...\MountPoints2: {05f79475-6739-11df-963b-001558265613} - K:\REALPLAY.EXE
    HKU\S-1-5-21-1091622689-2893527348-2989258316-1006\...\MountPoints2: {1d4e2def-9cd7-11df-9667-001558265613} - J:\InstallTomTomHOME.exe
    HKU\S-1-5-21-1091622689-2893527348-2989258316-1006\...\MountPoints2: {5cd348dc-57af-11de-9095-001558265613} - J:\LaunchU3.exe -a
    HKU\S-1-5-21-1091622689-2893527348-2989258316-1006\...\MountPoints2: {75be6940-8922-11de-90e1-001558265613} - J:\LaunchU3.exe -a
    HKU\S-1-5-21-1091622689-2893527348-2989258316-1006\...\MountPoints2: {b3eed8a8-8f0e-11e2-975b-100d7fb323f1} - J:\MotorolaDeviceManagerSetup.exe -a
    AppInit_DLLs: c:\progra~1\optimi~1\optpro~1.dll => C:\Program Files\Optimizer Pro\OptProCrash.dll [4208456 2013-10-03] ()
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA1000M Genie.lnk
    ShortcutTarget: NETGEAR WNA1000M Genie.lnk -> C:\Program Files\NETGEAR\WNA1000M\WNA1000M.exe ()
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless 802.11g USB Adapter.lnk
    ShortcutTarget: Wireless 802.11g USB Adapter.lnk -> C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe ()
    Startup: C:\Documents and Settings\NSauter\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x383FD52B3EADCC01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - DefaultScope {F2641A41-2FF8-4B53-9A53-E9DB04B08CD5} URL =
    SearchScopes: HKLM - {94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} URL = http://www.zumie.com/?prt=ZumFreez&keywords={searchTerms}
    SearchScopes: HKCU - DefaultScope {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.msn.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
    SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.msn.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
    SearchScopes: HKCU - {94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} URL =
    BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll No File
    BHO: deal4ime - {40034C10-13E9-09F9-E216-0D4A63039FF0} - C:\Documents and Settings\All Users\Application Data\deal4ime\M.dll ()
    BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: ImageToPng - {8BF2BE1A-8BA7-2BFF-EAF4-1093428B40EB} - C:\Documents and Settings\All Users\Application Data\ImageToPng\iznbkeuTK4.dll ()
    BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
    Toolbar: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
    DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.unh.edu/dana-cached/sc/J...etupClient.cab
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796
    FF user.js: detected! => C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\user.js
    FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
    FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
    FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @oberon-media.com/ONCAdapter - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
    FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Documents and Settings\NSauter\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
    FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Invenda Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npmnqmp07010901.dll (Move Networks)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
    FF SearchPlugin: C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\searchplugins\MyStart Search.xml
    FF Extension: ImageToPng - C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\Extensions\juap@uyutnjirrp.com [2014-02-05]
    FF Extension: deal4ime - C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\Extensions\oidn90k@kxd-tiei.co.uk [2014-02-15]
    FF Extension: Clean Links - C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2013-10-08]
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-02-16]
    FF HKLM\...\FireFox\Extensions: [G2_v1042@gamingsquared.com] - C:\Program Files\GamingSquared\Gaming2\FF_v1042
    FF Extension: (Gaming)2 - C:\Program Files\GamingSquared\Gaming2\FF_v1042 [2008-05-10]
    FF HKLM\...\FireFox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
    FF HKLM\...\FireFox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-21]
    FF HKLM\...\FireFox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
    FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

    Chrome:
    =======
    CHR RestoreOnStartup: "hxxp://msn.com/"
    CHR Extension: (deal4ime) - C:\Documents and Settings\NSauter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajikdlmpdhlojfpcammldldohjobdace [2014-02-13]
    CHR Extension: (RealDownloader) - C:\Documents and Settings\NSauter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-12-29]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\NSauter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
    CHR HKLM\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Documents and Settings\NSauter\Local Settings\Application Data\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx [2013-09-30]
    CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
    CHR HKCU\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Documents and Settings\NSauter\Local Settings\Application Data\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx [2013-09-30]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ========================== Services (Whitelisted) =================

    R2 Acer Media Server; C:\Program Files\Acer\Acer eConsole\MediaServerService.exe [438272 2005-09-21] (Acer Inc.)
    R2 ADVService; C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25640 2007-07-11] (Amazon.com)
    R2 ca82e1a5; C:\Program Files\Optimizer Pro\OptProCrashSvc.dll [193176 2013-10-05] ()
    R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96334 2009-09-08] (Canon Inc.)
    S4 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-12] (Creative Technology Ltd)
    R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [660848 2011-04-12] (Juniper Networks)
    R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-31] (Oracle Corporation)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
    S2 CltMngSvc; C:\Program Files\SearchProtect\bin\CltMngSvc.exe [X]
    S4 Zumie Search Service; "C:\Program Files\Zumie\zumie.exe" "C:\Program Files\Zumie\zumie.dll" Service

    ==================== Drivers (Whitelisted) ====================

    R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2013-03-16] (Cisco Systems, Inc.)
    R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
    S3 ASPI; C:\WINDOWS\System32\DRIVERS\ASPI32.sys [16512 2002-07-17] (Adaptec)
    R3 dsNcAdpt; C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys [26624 2011-04-12] (Juniper Networks)
    R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
    R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
    R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
    R2 int15.sys; C:\Acer\Empowering Technology\eRecovery\int15.sys [69632 2005-01-13] ()
    R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
    R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46096 2013-07-19] (Corel Corporation)
    R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [74496 2005-03-04] (Realtek Semiconductor Corporation )
    S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
    R3 RTL8192cu; C:\WINDOWS\System32\DRIVERS\WNA1000M.sys [994664 2011-01-31] (Realtek Semiconductor Corporation )
    R1 UBHelper; C:\WINDOWS\system32\Drivers\UBHelper.sys [13952 2004-12-17] ()
    R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-01] (VIA Technologies, Inc.)
    R3 viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [172544 2005-05-13] (Copyright (C) VIA/S3 Graphics Co, Ltd.)
    R2 WLNdis50; C:\WINDOWS\System32\DRIVERS\wlndis50.sys [20480 2008-02-27] ()
    S3 ZD1211U(ZyDAS); C:\WINDOWS\System32\DRIVERS\zd1211u.sys [247296 2004-09-29] (ZyDAS Technology Corporation)
    S3 ZDPNDIS5; C:\WINDOWS\system32\ZDPNDIS5.SYS [17151 2004-01-14] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 ALCXWDM; system32\drivers\ALCXWDM.SYS [X]
    S4 IntelIde; No ImagePath
    S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [X]
    S3 RkHit; \??\C:\WINDOWS\system32\drivers\RKHit.sys [X]
    S1 SASDIFSV; \??\C:\DOCUME~1\NSauter\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]
    S1 SASKUTIL; \??\C:\DOCUME~1\NSauter\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [X]
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    U1 WS2IFSL;

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-02-28 06:15 - 2014-02-28 06:18 - 00000000 ____D () C:\FRST
    2014-02-28 05:58 - 2014-02-28 06:00 - 00002476 _____ () C:\Documents and Settings\NSauter\Desktop\Rkill.txt
    2014-02-16 08:46 - 2014-02-16 08:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-02-15 17:10 - 2014-02-15 17:10 - 00000825 _____ () C:\Documents and Settings\NSauter\Desktop\Shortcut to O'Leary 043.lnk
    2014-02-15 17:09 - 2014-02-15 17:09 - 00000586 _____ () C:\Documents and Settings\NSauter\Desktop\Shortcut to Brie Circa 1947.lnk
    2014-02-13 14:44 - 2014-02-13 14:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\deal4ime
    2014-02-12 07:52 - 2014-02-12 07:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
    2014-02-12 07:42 - 2014-02-12 07:42 - 00012216 _____ () C:\WINDOWS\KB2909921-IE8.log
    2014-02-12 07:40 - 2014-02-12 07:42 - 00005431 _____ () C:\WINDOWS\KB2909210-IE8.log
    2014-02-12 02:34 - 2014-02-12 07:52 - 00015034 _____ () C:\WINDOWS\KB2916036.log
    2014-02-05 16:34 - 2014-02-05 16:34 - 00000000 ____D () C:\Documents and Settings\NSauter\My Documents\2013-11-10
    2014-02-05 16:24 - 2014-02-05 16:25 - 00000000 ____D () C:\Documents and Settings\NSauter\My Documents\Charlie W2
    2014-01-30 15:37 - 2014-01-30 15:37 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
    2014-01-30 15:37 - 2014-01-30 15:37 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Mozilla
    2014-01-30 15:37 - 2014-01-30 15:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ImageToPng
    2014-01-30 15:37 - 2014-01-30 15:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\dhdipaidhfodehakhibkeeongcafikel

    ==================== One Month Modified Files and Folders =======

    2014-02-28 06:20 - 2010-05-24 11:46 - 00000426 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{18F49D0F-5D29-4F7D-BF75-6C9A0F4EE19F}.job
    2014-02-28 06:18 - 2014-02-28 06:15 - 00000000 ____D () C:\FRST
    2014-02-28 06:00 - 2014-02-28 05:58 - 00002476 _____ () C:\Documents and Settings\NSauter\Desktop\Rkill.txt
    2014-02-28 05:48 - 2005-12-06 10:25 - 01861541 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-02-28 05:46 - 2013-01-11 22:09 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-02-28 05:22 - 2012-05-12 07:55 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-02-27 06:40 - 2009-10-04 05:47 - 00002515 _____ () C:\Documents and Settings\NSauter\Desktop\Microsoft Office Word 2007.lnk
    2014-02-27 03:17 - 2005-12-06 10:25 - 00032464 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-02-26 12:46 - 2013-01-11 22:09 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-02-23 21:09 - 2009-11-27 18:56 - 00000000 ____D () C:\Documents and Settings\NSauter\Desktop\Facebook Photos
    2014-02-23 16:47 - 2013-11-13 08:18 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
    2014-02-23 11:15 - 2006-06-18 11:59 - 00000733 _____ () C:\WINDOWS\system32\eRLog.ini
    2014-02-22 09:23 - 2012-12-28 06:33 - 00000290 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1091622689-2893527348-2989258316-1006.job
    2014-02-22 09:23 - 2012-12-28 06:33 - 00000282 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1091622689-2893527348-2989258316-1006.job
    2014-02-22 09:23 - 2011-07-22 12:11 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1091622689-2893527348-2989258316-1006.job
    2014-02-22 09:23 - 2005-12-06 10:25 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-02-22 09:23 - 2005-12-06 10:25 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-02-22 09:23 - 2005-12-05 23:51 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2014-02-22 09:23 - 2005-12-05 23:51 - 00000049 _____ () C:\WINDOWS\wiaservc.log
    2014-02-22 09:21 - 2006-06-18 11:53 - 00000278 ___SH () C:\Documents and Settings\NSauter\ntuser.ini
    2014-02-22 07:53 - 2013-12-31 06:00 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2014-02-21 19:22 - 2012-05-12 07:55 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-02-21 19:22 - 2011-06-23 04:34 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-02-19 07:09 - 2013-10-09 07:03 - 00069048 _____ () C:\WINDOWS\setupapi.log
    2014-02-16 15:46 - 2012-04-28 20:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-02-16 09:24 - 2011-02-04 21:19 - 00000000 ____D () C:\Documents and Settings\NSauter\My Documents\Taxes
    2014-02-16 08:47 - 2014-02-16 08:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-02-15 17:10 - 2014-02-15 17:10 - 00000825 _____ () C:\Documents and Settings\NSauter\Desktop\Shortcut to O'Leary 043.lnk
    2014-02-15 17:09 - 2014-02-15 17:09 - 00000586 _____ () C:\Documents and Settings\NSauter\Desktop\Shortcut to Brie Circa 1947.lnk
    2014-02-13 21:14 - 2014-01-11 17:19 - 00007876 _____ () C:\WINDOWS\DBPerf.log
    2014-02-13 14:45 - 2014-02-13 14:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\deal4ime
    2014-02-13 14:45 - 2013-12-22 17:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\7bf2d9e06a4045c3
    2014-02-12 20:07 - 2008-04-08 00:04 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
    2014-02-12 17:51 - 2005-12-06 08:08 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
    2014-02-12 07:52 - 2014-02-12 07:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
    2014-02-12 07:52 - 2014-02-12 02:34 - 00015034 _____ () C:\WINDOWS\KB2916036.log
    2014-02-12 07:52 - 2013-10-09 07:07 - 00014270 _____ () C:\WINDOWS\updspapi.log
    2014-02-12 07:52 - 2013-10-09 07:05 - 00135496 _____ () C:\WINDOWS\FaxSetup.log
    2014-02-12 07:52 - 2013-10-09 07:05 - 00065032 _____ () C:\WINDOWS\ocgen.log
    2014-02-12 07:52 - 2013-10-09 07:05 - 00051898 _____ () C:\WINDOWS\tsoc.log
    2014-02-12 07:52 - 2013-10-09 07:05 - 00044620 _____ () C:\WINDOWS\comsetup.log
    2014-02-12 07:52 - 2013-10-09 07:05 - 00027088 _____ () C:\WINDOWS\ntdtcsetup.log
    2014-02-12 07:52 - 2013-10-09 07:05 - 00021383 _____ () C:\WINDOWS\iis6.log
    2014-02-12 07:52 - 2013-10-09 07:05 - 00007524 _____ () C:\WINDOWS\ocmsn.log
    2014-02-12 07:52 - 2013-10-09 07:05 - 00006798 _____ () C:\WINDOWS\msgsocm.log
    2014-02-12 07:52 - 2013-10-09 07:05 - 00001374 _____ () C:\WINDOWS\imsins.log
    2014-02-12 07:49 - 2005-12-06 08:12 - 00507864 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-02-12 07:46 - 2013-07-13 13:25 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-02-12 07:42 - 2014-02-12 07:42 - 00012216 _____ () C:\WINDOWS\KB2909921-IE8.log
    2014-02-12 07:42 - 2014-02-12 07:40 - 00005431 _____ () C:\WINDOWS\KB2909210-IE8.log
    2014-02-12 07:42 - 2013-10-09 07:05 - 00001374 _____ () C:\WINDOWS\imsins.BAK
    2014-02-12 07:42 - 2006-06-18 19:34 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-02-11 05:52 - 2011-07-22 12:11 - 00000290 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1091622689-2893527348-2989258316-1006.job
    2014-02-09 15:40 - 2012-11-03 10:04 - 00000000 ____D () C:\Documents and Settings\NSauter\My Documents\Dad
    2014-02-06 03:54 - 2004-08-04 00:00 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2014-02-06 03:54 - 2004-08-04 00:00 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2014-02-05 18:26 - 2012-06-13 14:07 - 00522240 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
    2014-02-05 18:26 - 2010-06-10 21:06 - 00743424 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
    2014-02-05 18:26 - 2009-06-27 05:20 - 00247808 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
    2014-02-05 18:26 - 2009-06-27 05:20 - 00012800 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
    2014-02-05 18:26 - 2007-05-09 15:54 - 11113472 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
    2014-02-05 18:26 - 2007-05-09 15:54 - 02006016 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
    2014-02-05 18:26 - 2007-05-09 15:54 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
    2014-02-05 18:26 - 2007-05-09 15:54 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2014-02-05 18:26 - 2006-11-07 21:03 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2014-02-05 18:26 - 2006-11-07 21:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2014-02-05 18:26 - 2006-11-07 21:03 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
    2014-02-05 18:26 - 2006-10-17 11:57 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2014-02-05 18:26 - 2005-07-19 22:00 - 06021120 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
    2014-02-05 18:26 - 2005-07-19 22:00 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-02-05 18:26 - 2005-07-02 21:11 - 01216000 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
    2014-02-05 18:26 - 2005-07-02 21:11 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2014-02-05 18:26 - 2005-07-02 21:11 - 00920064 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
    2014-02-05 18:26 - 2005-07-02 21:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2014-02-05 18:26 - 2005-07-02 21:11 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
    2014-02-05 18:26 - 2005-07-02 21:11 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
    2014-02-05 18:26 - 2005-07-02 21:11 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2014-02-05 18:26 - 2005-07-02 21:11 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
    2014-02-05 18:26 - 2004-08-04 00:00 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2014-02-05 18:26 - 2004-08-04 00:00 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
    2014-02-05 18:26 - 2004-08-04 00:00 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
    2014-02-05 18:26 - 2004-08-04 00:00 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
    2014-02-05 18:26 - 2004-08-04 00:00 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
    2014-02-05 18:26 - 2004-08-04 00:00 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2014-02-05 18:26 - 2004-08-04 00:00 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2014-02-05 18:26 - 2004-08-04 00:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
    2014-02-05 18:26 - 2004-08-04 00:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
    2014-02-05 18:26 - 2004-08-04 00:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
    2014-02-05 18:26 - 2004-08-04 00:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
    2014-02-05 18:26 - 2004-08-04 00:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
    2014-02-05 18:26 - 2004-08-04 00:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
    2014-02-05 18:26 - 2004-08-04 00:00 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
    2014-02-05 18:26 - 2004-08-04 00:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2014-02-05 18:26 - 2004-08-04 00:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
    2014-02-05 18:26 - 2004-08-04 00:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
    2014-02-05 17:24 - 2004-08-04 00:00 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
    2014-02-05 16:34 - 2014-02-05 16:34 - 00000000 ____D () C:\Documents and Settings\NSauter\My Documents\2013-11-10
    2014-02-05 16:25 - 2014-02-05 16:24 - 00000000 ____D () C:\Documents and Settings\NSauter\My Documents\Charlie W2
    2014-01-30 15:37 - 2014-01-30 15:37 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
    2014-01-30 15:37 - 2014-01-30 15:37 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Mozilla
    2014-01-30 15:37 - 2014-01-30 15:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ImageToPng
    2014-01-30 15:37 - 2014-01-30 15:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\dhdipaidhfodehakhibkeeongcafikel
    2014-01-30 15:37 - 2005-12-06 07:57 - 00000000 __SHD () C:\Documents and Settings\LocalService

    Files to move or delete:
    ====================
    C:\Documents and Settings\NSauter\jagex_runescape_preferences.dat


    Some content of TEMP:
    ====================
    C:\Documents and Settings\NSauter\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe


    ==================== Bamital & volsnap Check =================

    C:\WINDOWS\explorer.exe => MD5 is legit
    C:\WINDOWS\system32\winlogon.exe => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit
    C:\WINDOWS\system32\User32.dll => MD5 is legit
    C:\WINDOWS\system32\userinit.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-02-2014 02
    Ran by NSauter at 2014-02-28 06:20:57
    Running from C:\Documents and Settings\NSauter\My Documents\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

    ==================== Installed Programs ======================

    32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
    Acer eConsole (HKLM\...\{EC028E6B-F3F1-4192-B63E-A7C97302ED5A}) (Version: 1.2.23.0 - )
    Acer eMode Management (HKLM\...\{65CDEC30-4BF4-48FB-8059-9FC480E4E94F}) (Version: 2.0.18.0 - )
    Acer System Information (HKLM\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
    Adobe AIR (Version: 2.7.0.19530 - Adobe Systems Incorporated) Hidden
    Adobe Connect 9 Add-in (HKCU\...\Adobe Connect 9 Add-in) (Version: 11,2,392,0 - Adobe Systems Incorporated)
    Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
    Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 10.2.0.22 - Adobe Systems, Inc.)
    Amazon MP3 Downloader 1.0.15 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
    Amazon Unbox Video (HKLM\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.0.0.59 - Amazon.com)
    Amazon Unbox Video (Version: 2.0.0.59 - Amazon.com) Hidden
    Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
    BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
    Canon Auto Update Service (HKLM\...\Auto Update Service) (Version: 1.1.0.13 - Canon Inc.)
    Canon Camera Access Library (HKLM\...\CAL) (Version: 8.5.0.2 - Canon Inc.)
    Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM\...\Software Guide) (Version: 1.6.0.1 - Canon Inc.)
    CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
    Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.9.0.8 - Canon Inc.)
    Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.8.0.1 - Canon Inc.)
    Canon PowerShot SX40 HS Camera User Guide (HKLM\...\CameraUserGuide-PSSX40HS) (Version: 1.0.0.1 - Canon Inc.)
    Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.6.0.11 - Canon Inc.)
    Canon Utilities CameraWindow Launcher (HKLM\...\CameraWindowLauncher) (Version: 7.6.0.1 - Canon Inc.)
    Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.5.0.1 - Canon Inc.)
    Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Copy (Version: 130.0.366.000 - Hewlett-Packard) Hidden
    Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated) <==== ATTENTION
    Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
    Creative System Information (HKLM\...\SysInfo) (Version: - )
    Creative ZEN Vision M Series (HKLM\...\{31C44235-A613-4E95-B297-207BF6C6A8C1}) (Version: 1.0 - )
    deal4ime (HKLM\...\{09854D8E-46B5-057B-5B6E-BFD2A04AD5AB}) (Version: - DaeAl4me)
    Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
    DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
    DJ_AIO_05_F4400_Software_Min (Version: 130.0.448.000 - Hewlett-Packard) Hidden
    F4400 (Version: 130.0.448.000 - Hewlett-Packard) Hidden
    Facebook Plug-In (HKCU\...\Facebook Plug-In) (Version: - Facebook, Inc.)
    GamesBar 2.0.1.82 (HKLM\...\GamesBar) (Version: 2.0.1.82 - Oberon Media, Inc.)
    GamingSquared Console (HKLM\...\GamingSquaredConsole) (Version: - )
    Google Chrome (HKLM\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
    Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
    GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
    HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 (HKLM\...\{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}) (Version: 13.0 - HP)
    HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
    HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
    hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden
    HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
    ImageToPng (HKLM\...\{96CA71FF-122E-97A7-1D4F-F986889CA854}) (Version: - ImmageeTToPng)
    iTunes (HKLM\...\{EF6C4600-306D-4F6A-A119-C2A877D25B4A}) (Version: 7.7.0.43 - Apple Inc.)
    J2SE Runtime Environment 5.0 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150050}) (Version: 1.5.0.50 - Sun Microsystems, Inc.)
    J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
    Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
    Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    Juniper Networks Network Connect 7.0.0 (HKLM\...\Juniper Network Connect 7.0.0) (Version: 7.0.0.18107 - Juniper Networks)
    Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 2.2.5.9755 - Juniper Networks)
    MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
    MetaFrame Presentation Server Client (HKLM\...\{E92B7A19-5FD5-4AEE-9FEF-7AD5DD3A675E}) (Version: 9.100.36280 - Citrix Systems, Inc.)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
    Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
    Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden
    Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
    Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
    Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
    Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: - )
    Move Networks Player for Firefox (HKLM\...\Move Player_is1) (Version: - Move Networks)
    Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
    MSN Music Assistant (HKLM\...\MSN Music Assistant) (Version: - )
    MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 6.0 Parser (HKLM\...\{AEB9948B-4FF2-47C9-990E-47014492A0FE}) (Version: 6.00.3883.8 - Microsoft Corporation)
    NETGEAR WNA1000M Wireless USB 2.0 Adapter (HKLM\...\InstallShield_{62F7B391-E2B2-4714-BBAA-A14E4FAAB95C}) (Version: 1.01.10 - NETGEAR)
    NETGEAR WNA1000M Wireless USB 2.0 Adapter (Version: 1.01.10 - NETGEAR) Hidden
    NTI Backup NOW! 4 (HKLM\...\InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}) (Version: 4 - NewTech Infosystems)
    NTI Backup NOW! 4 (Version: 4 - NewTech Infosystems) Hidden
    QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
    RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
    SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version: - )
    Samsung USB Driver (HKLM\...\{86D6A20D-3910-4441-A3E5-EB6977251C86}) (Version: - )
    Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
    Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
    Shutterfly Studio (HKLM\...\SFlyStudio) (Version: .1 - )
    SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
    TomTom HOME (HKLM\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B}) (Version: 2.9.4 - TomTom)
    TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
    Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
    TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
    Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
    Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
    Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
    Update for Microsoft Windows (KB971513) (HKLM\...\KB971513) (Version: - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB2447568) (HKLM\...\KB2447568-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB982632) (HKLM\...\KB982632-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
    Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
    Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
    USB Dual Vibration Joystick (HKLM\...\{6EA87AEE-9643-4009-BB1A-91922A93C00F}) (Version: - )
    VobSub v2.23 (Remove Only) (HKLM\...\VobSub) (Version: - )
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0018.5 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 7 (Version: 20061107.210142 - Microsoft Corporation) Hidden
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
    Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
    Windows PowerShell(TM) 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
    Wireless 802.11g USB Adapter (HKLM\...\InstallShield_{703FBBAA-ED01-498D-86D5-559C4725CD63}) (Version: 1.00.4331 - Wireless 802.11g USB Adapter)
    Wireless 802.11g USB Adapter (Version: 1.00.4331 - Wireless 802.11g USB Adapter) Hidden
    ZENcast Organizer (HKLM\...\ZENcast Organizer) (Version: - )

    ==================== Restore Points =========================

    01-01-2014 00:36:16 Software Distribution Service 3.0
    01-01-2014 12:24:00 Removed Adobe Photoshop Elements 12.
    01-01-2014 12:43:33 Removed Adobe Photoshop Elements 12.
    01-01-2014 13:00:57 Removed Adobe Photoshop Elements 12.
    01-01-2014 20:30:53 Installed %1 %2.
    01-01-2014 21:49:18 Removed Adobe Photoshop Elements 12.
    01-01-2014 22:41:59 Removed Adobe Photoshop Elements 12.
    03-01-2014 00:09:35 System Checkpoint
    03-01-2014 00:19:40 Software Distribution Service 3.0
    03-01-2014 02:51:30 Installed Acer System Information
    04-01-2014 14:00:04 Software Distribution Service 3.0
    05-01-2014 17:43:49 Software Distribution Service 3.0
    07-01-2014 01:41:39 Software Distribution Service 3.0
    11-01-2014 22:37:06 Software Distribution Service 3.0
    12-01-2014 22:17:09 Software Distribution Service 3.0
    13-01-2014 12:38:38 Software Distribution Service 3.0
    17-01-2014 02:07:52 Software Distribution Service 3.0
    17-01-2014 13:00:48 Software Distribution Service 3.0
    18-01-2014 01:59:41 Software Distribution Service 3.0
    19-01-2014 03:56:42 System Checkpoint
    19-01-2014 21:15:48 Software Distribution Service 3.0
    22-01-2014 03:13:11 System Checkpoint
    22-01-2014 10:33:26 Software Distribution Service 3.0
    24-01-2014 10:54:10 Software Distribution Service 3.0
    25-01-2014 12:24:48 System Checkpoint
    25-01-2014 17:59:46 Software Distribution Service 3.0
    27-01-2014 01:22:42 Software Distribution Service 3.0
    28-01-2014 23:58:36 Software Distribution Service 3.0
    29-01-2014 23:58:16 Software Distribution Service 3.0
    02-02-2014 18:17:42 Software Distribution Service 3.0
    04-02-2014 23:33:22 Software Distribution Service 3.0
    05-02-2014 12:10:43 Software Distribution Service 3.0
    07-02-2014 11:18:17 Software Distribution Service 3.0
    08-02-2014 20:38:42 Software Distribution Service 3.0
    09-02-2014 21:35:45 Software Distribution Service 3.0
    11-02-2014 11:05:55 Software Distribution Service 3.0
    12-02-2014 12:37:00 Software Distribution Service 3.0
    12-02-2014 22:59:01 Software Distribution Service 3.0
    13-02-2014 23:25:57 System Checkpoint
    14-02-2014 10:28:55 Software Distribution Service 3.0
    15-02-2014 12:08:35 Software Distribution Service 3.0
    16-02-2014 14:48:24 Software Distribution Service 3.0
    16-02-2014 21:39:17 Software Distribution Service 3.0
    19-02-2014 02:44:55 Software Distribution Service 3.0
    20-02-2014 10:34:42 Software Distribution Service 3.0
    21-02-2014 10:56:19 Software Distribution Service 3.0
    22-02-2014 11:19:05 Software Distribution Service 3.0
    23-02-2014 16:28:55 Software Distribution Service 3.0
    23-02-2014 21:52:24 Software Distribution Service 3.0
    25-02-2014 22:51:53 Software Distribution Service 3.0
    27-02-2014 00:46:25 System Checkpoint
    27-02-2014 09:55:51 Software Distribution Service 3.0
    28-02-2014 10:39:25 Software Distribution Service 3.0

    ==================== Hosts content: ==========================

    2004-08-04 00:00 - 2013-02-03 21:10 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    Task: C:\WINDOWS\Tasks\Disk Cleanup.job => C:\WINDOWS\system32\cleanmgr.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1091622689-2893527348-2989258316-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1091622689-2893527348-2989258316-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1091622689-2893527348-2989258316-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1091622689-2893527348-2989258316-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{18F49D0F-5D29-4F7D-BF75-6C9A0F4EE19F}.job => C:\WINDOWS\system32\msfeedssync.exe

    ==================== Loaded Modules (whitelisted) =============

    2004-08-04 00:00 - 2004-08-04 00:00 - 00015360 ____C () C:\WINDOWS\system32\tsd32.dll
    2006-06-18 11:54 - 2005-09-21 15:40 - 00737280 _____ () C:\Program Files\Acer\Acer eConsole\log4cxx.dll
    2006-06-18 11:54 - 2005-09-21 15:44 - 00151552 _____ () C:\Program Files\Acer\Acer eConsole\MediaUtil.dll
    2004-08-04 00:00 - 2008-03-24 23:50 - 00355112 _____ () C:\WINDOWS\system32\msjetoledb40.dll
    2007-07-11 17:25 - 2007-07-11 17:25 - 00097320 ____R () C:\Program Files\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll
    2004-08-04 00:00 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
    2013-10-05 17:33 - 2013-10-03 13:46 - 04208456 ____N () C:\Program Files\Optimizer Pro\OptProCrash.dll
    2013-10-05 17:33 - 2013-10-05 17:33 - 00193176 ____N () C:\Program Files\Optimizer Pro\OptProCrashSvc.dll
  6. 2014-03-01, 04:07 #6
    Juliet
    Juliet is offline
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Please go to Add/Remove programs and uninstall
    Coupon Printer
    Optimizer Pro

    ~~~~~~~~~~~~~~~~~~~~~~~~~~
    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

    start
    URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    SearchScopes: HKLM - DefaultScope {F2641A41-2FF8-4B53-9A53-E9DB04B08CD5} URL =
    SearchScopes: HKLM - {94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} URL = http://www.zumie.com/?prt=ZumFreez&keywords={searchTerms}
    SearchScopes: HKCU - {94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} URL =
    BHO: deal4ime - {40034C10-13E9-09F9-E216-0D4A63039FF0} - C:\Documents and Settings\All Users\Application Data\deal4ime\M.dll ()
    Toolbar: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
    FF SearchPlugin: C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\searchplugins\MyStart Search.xml
    FF Extension: ImageToPng - C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\Extensions\juap@uyutnjirrp.com [2014-02-05]
    FF Extension: deal4ime - C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\Extensions\oidn90k@kxd-tiei.co.uk [2014-02-15]
    CHR Extension: (deal4ime) - C:\Documents and Settings\NSauter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajikdlmpdhlojfpcammldldohjobdace [2014-02-13]
    CHR HKLM\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Documents and Settings\NSauter\Local Settings\Application Data\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx [2013-09-30]
    CHR HKCU\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Documents and Settings\NSauter\Local Settings\Application Data\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx [2013-09-30]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    R2 ca82e1a5; C:\Program Files\Optimizer Pro\OptProCrashSvc.dll [193176 2013-10-05] ()
    S2 CltMngSvc; C:\Program Files\SearchProtect\bin\CltMngSvc.exe [X]
    S4 Zumie Search Service; "C:\Program Files\Zumie\zumie.exe"
    C:\Program Files\Zumie\zumie.dll
    S3 RkHit; \??\C:\WINDOWS\system32\drivers\RKHit.sys [X]
    C:\Documents and Settings\NSauter\jagex_runescape_preferences.dat
    C:\Documents and Settings\NSauter\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
    end
    Run FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~

    -AdwCleaner-by Xplode

    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

    Do not click on any links in the top Advertisment.



    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
  7. 2014-03-01, 11:59 #7
    kidzndogz
    kidzndogz is offline
    Junior Member
    Join Date
    Feb 2014
    Location
    East Coast
    Posts
    16

    Default

    1. I removed Coupon Printer but Optimizer Pro was not visible on my add/remove list. Do I still go forward with the instructions?
    2. Is Note Pad the same as One Note? and if not, how do I access Note Pad?
  8. 2014-03-01, 12:11 #8
    kidzndogz
    kidzndogz is offline
    Junior Member
    Join Date
    Feb 2014
    Location
    East Coast
    Posts
    16

    Default

    3. "NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)"

    I think I missed something. FRST/FRST64? and "Farbar Recovery Scan Tool" (FRST) program? Are they supposed to already be on my desktop so I can save it "Next" to it?
  9. 2014-03-01, 13:03 #9
    Juliet
    Juliet is offline
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    1. I removed Coupon Printer but Optimizer Pro was not visible on my add/remove list. Do I still go forward with the instructions?
    2. Is Note Pad the same as One Note? and if not, how do I access Note Pad?
    uninstall what you could find and continue.

    Notepad and One Note or not the same.
    Start -> Run -> type notepad in the Open field -> OK


    Running from C:\Documents and Settings\NSauter\My Documents\Downloads
    Go here and locate Farbar Recovery Scan Tool, right click on the and scroll to "send to", chose desktop.


    I think I missed something. FRST/FRST64? and "Farbar Recovery Scan Tool" (FRST) program? Are they supposed to already be on my desktop so I can save it "Next" to it?
    FRST/FRST64? and "Farbar Recovery Scan Tool are the same. Find the Farbar Recovery Scan Tool icon on your desktop, after you copy and paste the fixlist.txt to notepad, place it next to the Farbar Recovery Scan Tool icon, and press the Fix button just once and wait.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
  10. 2014-03-02, 03:45 #10
    kidzndogz
    kidzndogz is offline
    Junior Member
    Join Date
    Feb 2014
    Location
    East Coast
    Posts
    16

    Default

    I did exactly as instructed and got:

    No fixlist.txt found
    The fixlist.text should be in the same folder/directory the tool is located.

    So I created a folder on the desktop and put them both in it so there was no mistaking that they were together. After clicking on Fix, I received the same message again.
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules