Results 1 to 6 of 6
  1. #1
    Member
    Join Date
    Aug 2014
    Posts
    4
    Points
    0

    Default McAfee and MalwareBytes cannot run/blocked...software restriction policy???

    I have a computer that cannot run the McAfee virus software NOR the MalwareBytes software.
    I suspect the computer has a virus, but cannot run any of these tools to check.
    The error says the programs can't run due to "software restriction policy".
    There are NOT any software restriction policies on the pc.

    Can you help???

    Thanks,

    MoeMoe

  2. #2
    Member
    Join Date
    Aug 2014
    Posts
    4
    Points
    0

    Default

    Here is HiJackThis Log file:

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 11:29:20 AM, on 8/26/2014
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)


    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Intel\AMT\LMS.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\WINDOWS\system32\mfevtps.exe
    c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
    C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\TeamViewer\Version8\TeamViewer.exe
    C:\Program Files\TeamViewer\Version8\tv_w32.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.exe
    C:\WINDOWS\system32\ctfmon.exe
    S:\mps\CleanupGuide\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft\BingBar\7.3.132.0\BingApp.exe
    C:\Program Files\Microsoft\BingBar\7.3.132.0\BingBar.exe
    C:\Program Files\Microsoft\BingBar\7.3.132.0\BingSurrogate.exe
    C:\Program Files\Microsoft\BingBar\7.3.132.0\BingSurrogate.exe
    C:\Program Files\Microsoft\BingBar\7.3.132.0\BingSurrogate.exe
    C:\Program Files\Microsoft\BingBar\7.3.132.0\BingSurrogate.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Internet Explorer 6 Search Companion is no longer supported.
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Internet Explorer 6 Search Companion is no longer supported.
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = MSN.com
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110420142923.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll
    O4 - Startup: compact.lnk = C:\Documents and Settings\marko.RSC\Application Data\Microsoft\Windows\IEUpdate\compact.exe
    O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1271773288137
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1354289806862
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.rockfordspring.com
    O17 - HKLM\Software\..\Telephony: DomainName = corp.rockfordspring.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.rockfordspring.com
    O20 - Winlogon Notify: irtvewq - \irtvewq.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InforVisualDrillback - Unknown owner - C:/Infor/VISUAL Enterprise/VISUAL Manufacturing/http2vm.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
    O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

    --
    End of file - 8648 bytes

  3. #3
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello moemoe14,

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


    In your next reply post:
    • FRST.txt
    • Addition.txt


    Thanks
    Joe

  4. #4
    Member
    Join Date
    Aug 2014
    Posts
    4
    Points
    0

    Default

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:26-08-2014
    Ran by marko (administrator) on GX780-55MRQL1 on 28-08-2014 10:32:56
    Running from C:\Documents and Settings\marko.RSC\Desktop\scans2014
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
    Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
    (Intel Corporation) C:\Program Files\Intel\AMT\lms.exe
    (McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
    (Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
    (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
    (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
    (Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
    (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
    Winlogon\Notify\irtvewq: \irtvewq.dll [X]
    HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 220 more characters). <==== ATTENTION!
    HKLM\...99B7938DA9E4}\LocalServer32: [a] #@~^MHsAAA==n{F+2im'xh,)mDk-+or8%mYvEUmDb2ORUtVsJbIStrVc+e'*+* Y.zPhxlc3XwC NAx\bDKU:xO?DDrUT/ (the data entry has 31460 more characters). <==== ATTENTION!
    InvalidSubkeyName: [HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\******<*>] <===== ATTENTION
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-758252316-122362781-1648912389-1108\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe [699248 2013-02-19] (Adobe Systems Incorporated)
    HKU\S-1-5-21-758252316-122362781-1648912389-1108\...\Policies\Explorer: [Run] "C:\Documents and Settings\marko.RSC\Application Data\Microsoft\Windows\IEUpdate\compact.exe"
    HKU\S-1-5-21-758252316-122362781-1648912389-1108\...\InprocServer32: [Default-pngfilt] C:\DOCUME~1\marko.RSC\LOCALS~1\Temp\1D.tmp <==== ATTENTION!
    Lsa: [Authentication Packages] msv1_0 wvauth
    Startup: C:\Documents and Settings\marko.RSC\Start Menu\Programs\Startup\compact.lnk
    ShortcutTarget: compact.lnk -> C:\Documents and Settings\marko.RSC\Application Data\Microsoft\Windows\IEUpdate\compact.exe (No File)
    Startup: C:\Documents and Settings\marko.RSC\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
    ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    Startup: C:\Documents and Settings\marko.RSC\Start Menu\Programs\Startup\compact.lnk
    ShortcutTarget: compact.lnk -> C:\Documents and Settings\marko.RSC\Application Data\Microsoft\Windows\IEUpdate\compact.exe (No File)
    Startup: C:\Documents and Settings\marko.RSC\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
    ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    ShellIconOverlayIdentifiers: EnabledUnlockedFDEIconOverlay -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
    ShellIconOverlayIdentifiers: UninitializedFdeIconOverlay -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Internet Explorer 6 Search Companion is no longer supported.
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Help_Page = Support | Dell US
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110420142923.dll (McAfee, Inc.)
    BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1271773288137
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
    Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Tcpip\Parameters: [DhcpNameServer] 151.106.100.47 151.106.100.45

    FireFox:
    ========
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-03]
    FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
    FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-04-06]

    Chrome:
    =======

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
    R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-04-06] (Sun Microsystems, Inc.)
    S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware2\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware2\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [120128 2011-01-12] (McAfee, Inc.)
    R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [159320 2011-04-20] (McAfee, Inc.)
    R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [209760 2011-01-12] (McAfee, Inc.)
    R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [145936 2011-04-20] (McAfee, Inc.)
    R2 MSSQL$UTSSQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
    S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
    R2 nvsvc; C:\WINDOWS\system32\nvsvc32.exe [172100 2010-01-14] (NVIDIA Corporation) [File not signed]
    S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2009-11-18] (Wave Systems Corp.) [File not signed]
    S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () [File not signed]
    R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1148264 2009-11-24] (Wave Systems Corp.)
    R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-10-15] (Intel Corporation)
    S3 InforVisualDrillback; "C:/Infor/VISUAL Enterprise/VISUAL Manufacturing/http2vm.exe" -p 9090 -n InforVisualDrillback webserversrvc [X]
    S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{1e9ae278-81ac-b87d-06f8-8a61440f9a91}\ \ \???\{1e9ae278-81ac-b87d-06f8-8a61440f9a91}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
    R3 e1kexpress; C:\WINDOWS\System32\DRIVERS\e1k5132.sys [166568 2009-11-05] (Intel Corporation)
    S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
    R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [116104 2011-04-20] (McAfee, Inc.)
    R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [171296 2011-04-20] (McAfee, Inc.)
    R3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [58456 2011-04-20] (McAfee, Inc.)
    R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [436728 2011-04-20] (McAfee, Inc.)
    S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [85152 2011-04-20] (McAfee, Inc.)
    R1 mfetdi2k; C:\WINDOWS\System32\drivers\mfetdi2k.sys [88544 2011-04-20] (McAfee, Inc.)
    R1 mfetdik; C:\WINDOWS\System32\drivers\mfetdik.sys [52136 2006-11-30] (McAfee, Inc.)
    S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [30880 2009-10-14] (Intel Corporation )
    R0 PBADRV; C:\WINDOWS\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc)
    R2 WavxDMgr; C:\WINDOWS\System32\DRIVERS\WavxDMgr.sys [214656 2010-01-05] (Wave Systems Corp.)
    U3 mfeavfk01; No ImagePath
    S1 mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [X]
    U3 Winsock - Google Desktop Search Backup Before First Install; No ImagePath
    U3 Winsock - Google Desktop Search Backup Before Last Install; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-28 10:32 - 2014-08-28 10:33 - 00000000 ____D () C:\FRST
    2014-08-28 10:32 - 2014-08-28 10:32 - 00000000 ____D () C:\Documents and Settings\marko.RSC\Desktop\scans2014
    2014-08-26 15:35 - 2014-08-26 15:35 - 00000000 ____D () C:\WINDOWS\system32\cos
    2014-08-26 14:47 - 2014-08-26 14:47 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware2
    2014-08-26 14:47 - 2014-08-26 14:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware2
    2014-08-26 14:21 - 2014-08-28 02:00 - 00000510 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2cc7332a-1b7a-459e-aa3e-8fa43a84afcd.job
    2014-08-26 14:21 - 2014-08-26 14:21 - 00000000 ____D () C:\Documents and Settings\marko.RSC\Application Data\SUPERAntiSpyware.com
    2014-08-26 14:20 - 2014-08-28 10:31 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-08-26 14:20 - 2014-08-26 14:21 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    2014-08-26 14:20 - 2014-08-26 14:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2014-08-26 14:13 - 2014-08-26 14:13 - 18986400 _____ (SUPERAntiSpyware) C:\Documents and Settings\marko.RSC\Desktop\SUPERAntiSpyware.exe
    2014-08-17 03:07 - 2014-08-17 03:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8
    2014-08-08 15:35 - 2014-08-08 15:35 - 00008206 _____ () C:\Documents and Settings\NetworkService\Local Settings\DECRYPT_INSTRUCTION.HTML
    2014-08-08 15:35 - 2014-08-08 15:35 - 00008206 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 15:35 - 2014-08-08 15:35 - 00008206 _____ () C:\Documents and Settings\NetworkService\DECRYPT_INSTRUCTION.HTML
    2014-08-08 15:35 - 2014-08-08 15:35 - 00008206 _____ () C:\Documents and Settings\marko.RSC\DECRYPT_INSTRUCTION.HTML
    2014-08-08 15:35 - 2014-08-08 15:35 - 00008206 _____ () C:\Documents and Settings\DECRYPT_INSTRUCTION.HTML
    2014-08-08 15:35 - 2014-08-08 15:35 - 00004148 _____ () C:\Documents and Settings\NetworkService\Local Settings\DECRYPT_INSTRUCTION.TXT
    2014-08-08 15:35 - 2014-08-08 15:35 - 00004148 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 15:35 - 2014-08-08 15:35 - 00004148 _____ () C:\Documents and Settings\NetworkService\DECRYPT_INSTRUCTION.TXT
    2014-08-08 15:35 - 2014-08-08 15:35 - 00004148 _____ () C:\Documents and Settings\marko.RSC\DECRYPT_INSTRUCTION.TXT
    2014-08-08 15:35 - 2014-08-08 15:35 - 00004148 _____ () C:\Documents and Settings\DECRYPT_INSTRUCTION.TXT
    2014-08-08 15:35 - 2014-08-08 15:35 - 00000278 _____ () C:\Documents and Settings\NetworkService\Local Settings\DECRYPT_INSTRUCTION.URL
    2014-08-08 15:35 - 2014-08-08 15:35 - 00000278 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 15:35 - 2014-08-08 15:35 - 00000278 _____ () C:\Documents and Settings\NetworkService\DECRYPT_INSTRUCTION.URL
    2014-08-08 15:35 - 2014-08-08 15:35 - 00000278 _____ () C:\Documents and Settings\marko.RSC\DECRYPT_INSTRUCTION.URL
    2014-08-08 15:35 - 2014-08-08 15:35 - 00000278 _____ () C:\Documents and Settings\DECRYPT_INSTRUCTION.URL
    2014-08-08 15:34 - 2014-08-08 15:34 - 00008206 _____ () C:\Documents and Settings\marko.RSC\My Documents\DECRYPT_INSTRUCTION.HTML
    2014-08-08 15:34 - 2014-08-08 15:34 - 00008206 _____ () C:\Documents and Settings\marko.RSC\Local Settings\DECRYPT_INSTRUCTION.HTML
    2014-08-08 15:34 - 2014-08-08 15:34 - 00008206 _____ () C:\Documents and Settings\marko.RSC\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 15:34 - 2014-08-08 15:34 - 00004148 _____ () C:\Documents and Settings\marko.RSC\My Documents\DECRYPT_INSTRUCTION.TXT
    2014-08-08 15:34 - 2014-08-08 15:34 - 00004148 _____ () C:\Documents and Settings\marko.RSC\Local Settings\DECRYPT_INSTRUCTION.TXT
    2014-08-08 15:34 - 2014-08-08 15:34 - 00004148 _____ () C:\Documents and Settings\marko.RSC\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 15:34 - 2014-08-08 15:34 - 00000278 _____ () C:\Documents and Settings\marko.RSC\My Documents\DECRYPT_INSTRUCTION.URL
    2014-08-08 15:34 - 2014-08-08 15:34 - 00000278 _____ () C:\Documents and Settings\marko.RSC\Local Settings\DECRYPT_INSTRUCTION.URL
    2014-08-08 15:34 - 2014-08-08 15:34 - 00000278 _____ () C:\Documents and Settings\marko.RSC\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 13:22 - 2014-08-08 16:54 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\marko\Local Settings\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\marko\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\marko\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\marko\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\marko.RSC\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\david\Local Settings\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\david\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\david\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\david\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\marko\Local Settings\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\marko\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\marko\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\marko\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\marko.RSC\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\david\Local Settings\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\david\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\david\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\david\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\marko\Local Settings\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\marko\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\marko\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\marko\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\marko.RSC\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\david\Local Settings\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\david\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\david\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\david\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:56 - 2014-08-08 10:56 - 00008204 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:56 - 2014-08-08 10:56 - 00008204 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:56 - 2014-08-08 10:56 - 00008204 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:56 - 2014-08-08 10:56 - 00008204 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:56 - 2014-08-08 10:56 - 00008204 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:56 - 2014-08-08 10:56 - 00008204 _____ () C:\Documents and Settings\administrator.RSC\Local Settings\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:56 - 2014-08-08 10:56 - 00008204 _____ () C:\Documents and Settings\administrator.RSC\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:56 - 2014-08-08 10:56 - 00008204 _____ () C:\Documents and Settings\administrator.RSC\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:56 - 2014-08-08 10:56 - 00008204 _____ () C:\Documents and Settings\administrator.RSC\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:56 - 2014-08-08 10:56 - 00004146 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:56 - 2014-08-08 10:56 - 00004146 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:56 - 2014-08-08 10:56 - 00004146 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:56 - 2014-08-08 10:56 - 00004146 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:56 - 2014-08-08 10:56 - 00004146 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:56 - 2014-08-08 10:56 - 00004146 _____ () C:\Documents and Settings\administrator.RSC\Local Settings\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:56 - 2014-08-08 10:56 - 00004146 _____ () C:\Documents and Settings\administrator.RSC\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:56 - 2014-08-08 10:56 - 00004146 _____ () C:\Documents and Settings\administrator.RSC\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:56 - 2014-08-08 10:56 - 00004146 _____ () C:\Documents and Settings\administrator.RSC\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:56 - 2014-08-08 10:56 - 00000276 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:56 - 2014-08-08 10:56 - 00000276 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:56 - 2014-08-08 10:56 - 00000276 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:56 - 2014-08-08 10:56 - 00000276 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:56 - 2014-08-08 10:56 - 00000276 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:56 - 2014-08-08 10:56 - 00000276 _____ () C:\Documents and Settings\administrator.RSC\Local Settings\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:56 - 2014-08-08 10:56 - 00000276 _____ () C:\Documents and Settings\administrator.RSC\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:56 - 2014-08-08 10:56 - 00000276 _____ () C:\Documents and Settings\administrator.RSC\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:56 - 2014-08-08 10:56 - 00000276 _____ () C:\Documents and Settings\administrator.RSC\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:55 - 2014-08-26 15:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\EzjiJupiy
    2014-08-08 10:55 - 2014-08-08 10:55 - 00000000 ____D () C:\Sun

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-28 10:33 - 2014-08-28 10:32 - 00000000 ____D () C:\FRST
    2014-08-28 10:33 - 2010-04-22 10:48 - 00000000 ____D () C:\Documents and Settings\marko.RSC\Local Settings\Temp
    2014-08-28 10:32 - 2014-08-28 10:32 - 00000000 ____D () C:\Documents and Settings\marko.RSC\Desktop\scans2014
    2014-08-28 10:31 - 2014-08-26 14:20 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-08-28 10:08 - 2012-07-27 13:29 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-08-28 09:09 - 2010-04-19 16:10 - 00000136 _____ () C:\WINDOWS\system32\config\netlogon.ftl
    2014-08-28 02:00 - 2014-08-26 14:21 - 00000510 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2cc7332a-1b7a-459e-aa3e-8fa43a84afcd.job
    2014-08-27 19:33 - 2008-04-25 04:17 - 00000000 ____D () C:\WINDOWS\security
    2014-08-27 14:30 - 2011-04-13 09:59 - 00000000 _____ () C:\comp_cat.txt
    2014-08-27 09:38 - 2010-04-22 10:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\pdf995
    2014-08-26 15:41 - 2008-04-25 04:22 - 00625186 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-08-26 15:37 - 2014-04-07 07:01 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2014-08-26 15:37 - 2008-04-25 11:16 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-08-26 15:35 - 2014-08-26 15:35 - 00000000 ____D () C:\WINDOWS\system32\cos
    2014-08-26 15:35 - 2010-04-06 09:53 - 00196608 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
    2014-08-26 15:35 - 2008-04-25 16:32 - 00032616 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-08-26 15:35 - 2008-04-25 16:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-08-26 15:35 - 2008-04-25 16:28 - 01883994 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-08-26 15:35 - 2008-04-25 04:17 - 00000000 ____D () C:\WINDOWS\repair
    2014-08-26 15:34 - 2014-08-08 10:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\EzjiJupiy
    2014-08-26 14:47 - 2014-08-26 14:47 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware2
    2014-08-26 14:47 - 2014-08-26 14:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware2
    2014-08-26 14:47 - 2012-11-14 09:58 - 00000793 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-08-26 14:46 - 2012-11-14 09:58 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
    2014-08-26 14:46 - 2012-11-14 09:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    2014-08-26 14:21 - 2014-08-26 14:21 - 00000000 ____D () C:\Documents and Settings\marko.RSC\Application Data\SUPERAntiSpyware.com
    2014-08-26 14:21 - 2014-08-26 14:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    2014-08-26 14:20 - 2014-08-26 14:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2014-08-26 14:13 - 2014-08-26 14:13 - 18986400 _____ (SUPERAntiSpyware) C:\Documents and Settings\marko.RSC\Desktop\SUPERAntiSpyware.exe
    2014-08-25 07:45 - 2010-04-22 10:48 - 00000178 ___SH () C:\Documents and Settings\marko.RSC\ntuser.ini
    2014-08-25 07:45 - 2010-04-22 10:48 - 00000000 ____D () C:\Documents and Settings\marko.RSC
    2014-08-18 12:01 - 2010-11-04 15:01 - 00000000 ____D () C:\QUARANTINE
    2014-08-17 03:07 - 2014-08-17 03:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8
    2014-08-17 03:07 - 2013-08-29 06:54 - 00000817 _____ () C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk
    2014-08-15 11:40 - 2010-04-19 16:11 - 00000000 __SHD () C:\WINDOWS\CSC
    2014-08-08 16:54 - 2014-08-08 13:22 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
    2014-08-08 15:42 - 2012-03-09 14:35 - 00000000 ____D () C:\unzipped
    2014-08-08 15:42 - 2010-04-26 15:03 - 00000000 ____D () C:\WBobCAD
    2014-08-08 15:38 - 2010-12-28 16:40 - 00000000 ____D () C:\Infor
    2014-08-08 15:38 - 2010-04-23 14:31 - 00000000 ____D () C:\SMISD
    2014-08-08 15:35 - 2014-08-08 15:35 - 00008206 _____ () C:\Documents and Settings\NetworkService\Local Settings\DECRYPT_INSTRUCTION.HTML
    2014-08-08 15:35 - 2014-08-08 15:35 - 00008206 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 15:35 - 2014-08-08 15:35 - 00008206 _____ () C:\Documents and Settings\NetworkService\DECRYPT_INSTRUCTION.HTML
    2014-08-08 15:35 - 2014-08-08 15:35 - 00008206 _____ () C:\Documents and Settings\marko.RSC\DECRYPT_INSTRUCTION.HTML
    2014-08-08 15:35 - 2014-08-08 15:35 - 00008206 _____ () C:\Documents and Settings\DECRYPT_INSTRUCTION.HTML
    2014-08-08 15:35 - 2014-08-08 15:35 - 00004148 _____ () C:\Documents and Settings\NetworkService\Local Settings\DECRYPT_INSTRUCTION.TXT
    2014-08-08 15:35 - 2014-08-08 15:35 - 00004148 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 15:35 - 2014-08-08 15:35 - 00004148 _____ () C:\Documents and Settings\NetworkService\DECRYPT_INSTRUCTION.TXT
    2014-08-08 15:35 - 2014-08-08 15:35 - 00004148 _____ () C:\Documents and Settings\marko.RSC\DECRYPT_INSTRUCTION.TXT
    2014-08-08 15:35 - 2014-08-08 15:35 - 00004148 _____ () C:\Documents and Settings\DECRYPT_INSTRUCTION.TXT
    2014-08-08 15:35 - 2014-08-08 15:35 - 00000278 _____ () C:\Documents and Settings\NetworkService\Local Settings\DECRYPT_INSTRUCTION.URL
    2014-08-08 15:35 - 2014-08-08 15:35 - 00000278 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 15:35 - 2014-08-08 15:35 - 00000278 _____ () C:\Documents and Settings\NetworkService\DECRYPT_INSTRUCTION.URL
    2014-08-08 15:35 - 2014-08-08 15:35 - 00000278 _____ () C:\Documents and Settings\marko.RSC\DECRYPT_INSTRUCTION.URL
    2014-08-08 15:35 - 2014-08-08 15:35 - 00000278 _____ () C:\Documents and Settings\DECRYPT_INSTRUCTION.URL
    2014-08-08 15:35 - 2011-02-17 11:52 - 00000000 ____D () C:\epson
    2014-08-08 15:35 - 2010-04-06 10:02 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems
    2014-08-08 15:35 - 2008-04-25 16:32 - 00000000 __SHD () C:\Documents and Settings\NetworkService
    2014-08-08 15:35 - 2008-04-25 11:10 - 00000000 ____D () C:\I386
    2014-08-08 15:34 - 2014-08-08 15:34 - 00008206 _____ () C:\Documents and Settings\marko.RSC\My Documents\DECRYPT_INSTRUCTION.HTML
    2014-08-08 15:34 - 2014-08-08 15:34 - 00008206 _____ () C:\Documents and Settings\marko.RSC\Local Settings\DECRYPT_INSTRUCTION.HTML
    2014-08-08 15:34 - 2014-08-08 15:34 - 00008206 _____ () C:\Documents and Settings\marko.RSC\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 15:34 - 2014-08-08 15:34 - 00004148 _____ () C:\Documents and Settings\marko.RSC\My Documents\DECRYPT_INSTRUCTION.TXT
    2014-08-08 15:34 - 2014-08-08 15:34 - 00004148 _____ () C:\Documents and Settings\marko.RSC\Local Settings\DECRYPT_INSTRUCTION.TXT
    2014-08-08 15:34 - 2014-08-08 15:34 - 00004148 _____ () C:\Documents and Settings\marko.RSC\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 15:34 - 2014-08-08 15:34 - 00000278 _____ () C:\Documents and Settings\marko.RSC\My Documents\DECRYPT_INSTRUCTION.URL
    2014-08-08 15:34 - 2014-08-08 15:34 - 00000278 _____ () C:\Documents and Settings\marko.RSC\Local Settings\DECRYPT_INSTRUCTION.URL
    2014-08-08 15:34 - 2014-08-08 15:34 - 00000278 _____ () C:\Documents and Settings\marko.RSC\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 15:34 - 2013-01-30 16:04 - 00000000 ____D () C:\Documents and Settings\marko.RSC\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files
    2014-08-08 15:34 - 2012-02-21 08:48 - 00005656 _____ () C:\Documents and Settings\marko.RSC\My Documents\EXTMO.txt
    2014-08-08 15:34 - 2010-05-24 15:18 - 00024856 _____ () C:\Documents and Settings\marko.RSC\My Documents\Rubber wheel size.wt.time calculator(1)5-24-10.xls
    2014-08-08 15:34 - 2010-04-23 14:35 - 00000000 ____D () C:\Documents and Settings\marko.RSC\Local Settings\Application Data\Adobe
    2014-08-08 15:34 - 2010-04-22 13:39 - 00000000 ____D () C:\Documents and Settings\marko.RSC\Local Settings\Application Data\Google
    2014-08-08 15:34 - 2010-04-22 10:48 - 00000280 _____ () C:\Documents and Settings\marko.RSC\Local Settings\Application Data\setup.txt
    2014-08-08 15:05 - 2014-04-07 07:01 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\marko\Local Settings\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\marko\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\marko\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\marko\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\marko.RSC\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\david\Local Settings\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\david\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\david\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\david\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00008204 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\marko\Local Settings\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\marko\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\marko\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\marko\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\marko.RSC\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\david\Local Settings\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\david\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\david\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\david\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\marko\Local Settings\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\marko\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\marko\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\marko\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\marko.RSC\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\david\Local Settings\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\david\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\david\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\david\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2013-10-16 09:19 - 00000000 ____D () C:\Documents and Settings\marko.RSC\Application Data\TeamViewer
    2014-08-08 10:57 - 2013-01-30 16:06 - 00000000 ____D () C:\Documents and Settings\marko.RSC\Application Data\OpenOffice.org
    2014-08-08 10:57 - 2012-11-14 09:58 - 00000000 ____D () C:\Documents and Settings\marko.RSC\Application Data\Malwarebytes
    2014-08-08 10:57 - 2011-06-20 15:01 - 00000280 _____ () C:\Documents and Settings\david\Local Settings\Application Data\setup.txt
    2014-08-08 10:57 - 2011-06-20 15:01 - 00000000 ____D () C:\Documents and Settings\david
    2014-08-08 10:57 - 2011-04-20 14:30 - 00000000 ____D () C:\Documents and Settings\marko.RSC\Application Data\McAfee
    2014-08-08 10:57 - 2010-04-22 13:11 - 00000000 ____D () C:\Documents and Settings\marko.RSC\Application Data\Adobe
    2014-08-08 10:57 - 2010-04-19 16:04 - 00000280 _____ () C:\Documents and Settings\marko\Local Settings\Application Data\setup.txt
    2014-08-08 10:57 - 2010-04-19 16:04 - 00000280 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\setup.txt
    2014-08-08 10:57 - 2010-04-19 16:04 - 00000000 ____D () C:\Documents and Settings\marko
    2014-08-08 10:56 - 2014-08-08 10:56 - 00008204 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:56 - 2014-08-08 10:56 - 00008204 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:56 - 2014-08-08 10:56 - 00008204 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:56 - 2014-08-08 10:56 - 00008204 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:56 - 2014-08-08 10:56 - 00008204 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:56 - 2014-08-08 10:56 - 00008204 _____ () C:\Documents and Settings\administrator.RSC\Local Settings\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:56 - 2014-08-08 10:56 - 00008204 _____ () C:\Documents and Settings\administrator.RSC\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:56 - 2014-08-08 10:56 - 00008204 _____ () C:\Documents and Settings\administrator.RSC\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:56 - 2014-08-08 10:56 - 00008204 _____ () C:\Documents and Settings\administrator.RSC\Application Data\DECRYPT_INSTRUCTION.HTML
    2014-08-08 10:56 - 2014-08-08 10:56 - 00004146 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:56 - 2014-08-08 10:56 - 00004146 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:56 - 2014-08-08 10:56 - 00004146 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:56 - 2014-08-08 10:56 - 00004146 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:56 - 2014-08-08 10:56 - 00004146 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:56 - 2014-08-08 10:56 - 00004146 _____ () C:\Documents and Settings\administrator.RSC\Local Settings\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:56 - 2014-08-08 10:56 - 00004146 _____ () C:\Documents and Settings\administrator.RSC\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:56 - 2014-08-08 10:56 - 00004146 _____ () C:\Documents and Settings\administrator.RSC\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:56 - 2014-08-08 10:56 - 00004146 _____ () C:\Documents and Settings\administrator.RSC\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:56 - 2014-08-08 10:56 - 00000276 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:56 - 2014-08-08 10:56 - 00000276 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:56 - 2014-08-08 10:56 - 00000276 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:56 - 2014-08-08 10:56 - 00000276 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:56 - 2014-08-08 10:56 - 00000276 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:56 - 2014-08-08 10:56 - 00000276 _____ () C:\Documents and Settings\administrator.RSC\Local Settings\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:56 - 2014-08-08 10:56 - 00000276 _____ () C:\Documents and Settings\administrator.RSC\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:56 - 2014-08-08 10:56 - 00000276 _____ () C:\Documents and Settings\administrator.RSC\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:56 - 2014-08-08 10:56 - 00000276 _____ () C:\Documents and Settings\administrator.RSC\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:56 - 2012-11-14 09:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2014-08-08 10:56 - 2010-04-23 14:32 - 00000280 _____ () C:\AUTOEXEC.BAK
    2014-08-08 10:56 - 2010-04-20 10:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee
    2014-08-08 10:56 - 2010-04-20 09:18 - 00000280 _____ () C:\Documents and Settings\administrator.RSC\Local Settings\Application Data\setup.txt
    2014-08-08 10:56 - 2010-04-20 09:18 - 00000000 ____D () C:\Documents and Settings\administrator.RSC
    2014-08-08 10:56 - 2010-04-06 10:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
    2014-08-08 10:56 - 2010-04-06 10:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
    2014-08-08 10:56 - 2009-11-03 17:45 - 00000000 ____D () C:\dell
    2014-08-08 10:56 - 2008-04-25 16:32 - 00000000 ____D () C:\Documents and Settings\Administrator
    2014-08-08 10:56 - 2008-02-05 13:28 - 00000280 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\setup.txt
    2014-08-08 10:55 - 2014-08-08 10:55 - 00000000 ____D () C:\Sun
    2014-08-06 13:56 - 2010-04-23 14:35 - 00000161 _____ () C:\WINDOWS\PPViewer.INI
    2014-08-04 07:04 - 2010-04-26 15:23 - 00000000 ____D () C:\Documents and Settings\marko.RSC\Tracing
    2014-08-04 07:04 - 2010-04-22 10:48 - 00000000 _____ () C:\Documents and Settings\marko.RSC\Local Settings\Application Data\WavXMapDrive.bat
    2014-08-04 07:04 - 2010-01-14 01:52 - 00254073 _____ () C:\WINDOWS\system32\NvApps.xml
    2014-08-04 07:03 - 2010-04-06 10:07 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    ZeroAccess:
    C:\Documents and Settings\marko.RSC\Local Settings\Application Data\Google\Desktop\Install
    ZeroAccess:
    C:\Program Files\Google\Desktop\Install

    Some content of TEMP:
    ====================
    C:\Documents and Settings\marko.RSC\Local Settings\Temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End Of Log ============================

  5. #5
    Member
    Join Date
    Aug 2014
    Posts
    4
    Points
    0

    Default

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:26-08-2014
    Ran by marko at 2014-08-28 10:33:28
    Running from C:\Documents and Settings\marko.RSC\Desktop\scans2014
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)


    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.5.502.149 - Adobe Systems Incorporated)
    Adobe Reader 9.3 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
    Advanced Spring Design 7 (HKLM\...\{F162D60A-6741-4CFE-98A9-07E3B9D3A067}) (Version: 7.12 - UTS/SMI)
    AutoCAD 2000 (HKLM\...\AutoCAD 2000 Uninstall) (Version: - )
    BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
    BobCAD-CAM ver. 17 Mill + Lathe and BobWire 16.1 (HKLM\...\{4E7E9328-CFA1-11D5-BA29-00207804BE9C}) (Version: 17.00.0000 - BobCAD-CAM, Inc.)
    DCP32MMWrapper (Version: 1.6.453.66 - Broadcom Corporation) Hidden
    Dell Backup and Recovery Manager (HKLM\...\{9D59AC32-B0FA-4CD7-A2EC-4B57C06CD9D9}) (Version: 1.2.0 - Dell, Inc.)
    Dell Control Point (Version: 1.6.453.66 - Broadcom Corporation) Hidden
    Dell ControlPoint Security Manager (HKLM\...\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}) (Version: 1.6.453.66 - Dell Inc.)
    Dell Embassy Trust Suite by Wave Systems (Version: 03.05.00.079 - Wave Systems Corp) Hidden
    Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.050 - Dell Inc.)
    Document Manager Lite (Version: 06.09.00.147 - Wave Systems Corp.) Hidden
    EMBASSY Security Center (Version: 04.00.00.071 - Wave Systems Corp) Hidden
    EMBASSY Security Setup (Version: 04.00.00.058 - Wave Systems Corp) Hidden
    EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
    ESC Home Page Plugin (Version: 04.00.00.010 - Wave Systems Corp) Hidden
    Gemalto (Version: 01.01.00.0000 - Wave Systems Corp) Hidden
    GoToMeeting 4.5.0.457 (HKCU\...\GoToMeeting) (Version: - )
    Gupta Runtime 4.0 (HKLM\...\{A22AD9CB-45C1-4EF1-A6A1-615CF87A0B9C}) (Version: 4.00 - Gupta Corp)
    Intel(R) Network Connections 14.8.43.0 (HKLM\...\{11107A2A-AD44-4BC8-ABB5-E88E63BCA785}) (Version: 14.8.43.0 - Dell)
    Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
    Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
    Java(TM) 6 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
    Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    McAfee Agent (HKLM\...\{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}) (Version: 4.5.0.1810 - McAfee, Inc.)
    McAfee VirusScan Enterprise (HKLM\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.00000 - McAfee, Inc.)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
    Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
    Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
    Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Standard 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server 2005 Express Edition (UTSSQLEXPRESS) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
    Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
    Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
    MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
    MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
    NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.56.34 - NVIDIA Corporation)
    NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.00 - NVIDIA Corporation)
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
    Pdf995 (HKLM\...\Pdf995) (Version: - )
    PdfEdit995 (HKLM\...\PdfEdit995) (Version: - )
    PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5024 - Dell Corp.)
    Preboot Manager (Version: 03.00.00.085 - Wave Systems Corp.) Hidden
    Private Information Manager (Version: 06.04.00.057 - Wave Systems Corp.) Hidden
    ScanSoft PaperPort Viewer 7.0 (HKLM\...\ScanSoft PaperPort Viewer 7.0) (Version: - )
    SeaClear II (HKLM\...\SCII_is1) (Version: - Sping)
    Security Wizards (Version: 01.07.00.023 - Your Company Name) Hidden
    Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
    SO32MMWrapper (Version: 1.6.453.66 - Broadcom Corporation) Hidden
    SolidWorks eDrawings 2012 (HKLM\...\{AA70C64F-28D6-4014-8AB0-0C61ECFC7313}) (Version: 12.3.113 - Dassault Systèmes SolidWorks Corp.)
    Spring Calculator Professional (HKLM\...\Spring Calculator Professional_is1) (Version: - IST)
    ST Microelectronics TPM Driver Installer (Version: 1.04.15 - Dell Inc.) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)
    TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
    Torsion Spring Calculator version 3.03 (HKLM\...\Torsion Spring Calculator_is1) (Version: 3.03 - Systeme Sarotech Inc.)
    Trusted Drive Manager (Version: 3.3.0.396 - Wave Systems Corp.) Hidden
    tsp patch (Version: 01.00.00.0000 - Wave Systems Corp) Hidden
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
    Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version: - Microsoft)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
    Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
    Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB980302) (HKLM\...\KB980302-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation)
    Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
    Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB951618-v2) (HKLM\...\KB951618-v2) (Version: 2 - Microsoft Corporation)
    Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
    Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB978207) (Version: 1 - Microsoft Corporation) Hidden
    Update for Windows XP (KB980182) (Version: 1 - Microsoft Corporation) Hidden
    UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden
    VISUAL Enterprise 6.5.4 SP3 (HKLM\...\{3F654DC2-E9E9-4D23-824A-622BF224E807}) (Version: 1.02.0000 - Infor Global Solutions)
    VISUAL Enterprise 6.5.4 SP3 (Version: 1.02.0000 - Infor Global Solutions) Hidden
    VISUAL Enterprise 652 (Version: 6.5.2 - Infor Global Solutions) Hidden
    VizManager 2.2 (HKLM\...\{9ADE98AA-355A-4E55-98E1-FBD2F925B7C7}) (Version: 2.2.1 - Business Technical Consulting)
    Wave Infrastructure Installer (Version: 07.01.19.0000 - Wave Systems Corp) Hidden
    Wave Support Software (Version: 05.10.00.062 - Wave Systems Corp) Hidden
    WebEx (HKLM\...\ActiveTouchMeetingClient) (Version: - WebEx Communications, Inc)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
    Windows Driver Package - STMicroelectronics (stmtpm) System (05/24/2007 1.00.04.15) (HKLM\...\35858E766EFC35B58A45C301DD358D503119A8FA) (Version: 05/24/2007 1.00.04.15 - STMicroelectronics)
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
    Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
    Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
    Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
    Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
    Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
    Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
    Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
    Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
    WinZip (HKLM\...\WinZip) (Version: 11.0 (7313) - WinZip Computing LP)
    XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-758252316-122362781-1648912389-1108_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\457\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-758252316-122362781-1648912389-1108_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-758252316-122362781-1648912389-1108_Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}\InprocServer32 -> C:\DOCUME~1\marko.RSC\LOCALS~1\Temp\1D.tmp No File

    ==================== Restore Points =========================

    11-05-2014 04:15:58 System Checkpoint
    13-05-2014 03:23:36 System Checkpoint
    14-05-2014 03:46:32 System Checkpoint
    14-05-2014 08:00:25 Software Distribution Service 3.0
    15-05-2014 08:12:00 System Checkpoint
    16-05-2014 09:11:54 System Checkpoint
    17-05-2014 10:11:51 System Checkpoint
    18-05-2014 11:35:47 System Checkpoint
    19-05-2014 13:32:54 System Checkpoint
    20-05-2014 14:47:12 System Checkpoint
    21-05-2014 15:47:45 System Checkpoint
    22-05-2014 16:38:08 System Checkpoint
    23-05-2014 17:12:44 System Checkpoint
    24-05-2014 18:11:31 System Checkpoint
    25-05-2014 19:11:30 System Checkpoint
    26-05-2014 21:48:21 System Checkpoint
    27-05-2014 22:47:32 System Checkpoint
    28-05-2014 23:37:34 System Checkpoint
    30-05-2014 00:01:31 System Checkpoint
    31-05-2014 00:49:35 System Checkpoint
    01-06-2014 01:01:21 System Checkpoint
    02-06-2014 02:01:21 System Checkpoint
    03-06-2014 02:01:38 System Checkpoint
    04-06-2014 02:01:40 System Checkpoint
    05-06-2014 02:37:12 System Checkpoint
    06-06-2014 03:01:04 System Checkpoint
    07-06-2014 04:01:03 System Checkpoint
    08-06-2014 05:00:57 System Checkpoint
    09-06-2014 06:00:56 System Checkpoint
    10-06-2014 07:00:58 System Checkpoint
    11-06-2014 08:00:50 System Checkpoint
    12-06-2014 08:00:27 Software Distribution Service 3.0
    13-06-2014 08:24:08 System Checkpoint
    14-06-2014 09:24:09 System Checkpoint
    15-06-2014 11:24:50 System Checkpoint
    16-06-2014 13:06:29 System Checkpoint
    17-06-2014 14:06:04 System Checkpoint
    18-06-2014 15:02:57 System Checkpoint
    19-06-2014 15:23:53 System Checkpoint
    20-06-2014 15:49:12 System Checkpoint
    21-06-2014 16:23:47 System Checkpoint
    22-06-2014 17:23:44 System Checkpoint
    23-06-2014 20:59:01 System Checkpoint
    24-06-2014 21:12:13 System Checkpoint
    25-06-2014 21:26:54 System Checkpoint
    26-06-2014 22:35:35 System Checkpoint
    27-06-2014 23:24:35 System Checkpoint
    28-06-2014 23:32:20 System Checkpoint
    30-06-2014 00:23:24 System Checkpoint
    01-07-2014 00:47:27 System Checkpoint
    02-07-2014 00:59:27 System Checkpoint
    03-07-2014 03:00:45 System Checkpoint
    04-07-2014 03:23:09 System Checkpoint
    05-07-2014 04:23:10 System Checkpoint
    06-07-2014 11:12:00 System Checkpoint
    07-07-2014 11:23:07 System Checkpoint
    08-07-2014 16:18:01 System Checkpoint
    09-07-2014 16:22:58 System Checkpoint
    10-07-2014 16:40:58 System Checkpoint
    11-07-2014 08:00:17 Software Distribution Service 3.0
    12-07-2014 08:22:48 System Checkpoint
    13-07-2014 11:11:35 System Checkpoint
    14-07-2014 11:22:42 System Checkpoint
    15-07-2014 13:54:30 System Checkpoint
    16-07-2014 17:27:16 System Checkpoint
    17-07-2014 17:46:38 System Checkpoint
    18-07-2014 20:11:05 System Checkpoint
    19-07-2014 20:22:29 System Checkpoint
    20-07-2014 21:22:28 System Checkpoint
    21-07-2014 21:26:20 System Checkpoint
    22-07-2014 22:45:09 System Checkpoint
    23-07-2014 22:58:16 System Checkpoint
    24-07-2014 23:00:17 System Checkpoint
    25-07-2014 23:58:22 System Checkpoint
    26-07-2014 08:00:14 Software Distribution Service 3.0
    27-07-2014 11:35:22 System Checkpoint
    28-07-2014 12:22:05 System Checkpoint
    29-07-2014 12:55:40 System Checkpoint
    30-07-2014 13:21:52 System Checkpoint
    31-07-2014 14:06:19 System Checkpoint
    04-08-2014 15:38:52 System Checkpoint
    05-08-2014 16:00:53 System Checkpoint
    06-08-2014 16:06:38 System Checkpoint
    07-08-2014 16:59:54 System Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2008-04-25 11:16 - 2008-04-14 07:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2cc7332a-1b7a-459e-aa3e-8fa43a84afcd.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    ==================== Loaded Modules (whitelisted) =============

    2010-04-22 10:58 - 2010-04-22 11:01 - 00051716 _____ () C:\WINDOWS\system32\pdf995mon.dll
    2007-04-18 19:30 - 2007-04-18 19:30 - 00393216 _____ () C:\Program Files\McAfee\Common Framework\cryptocme2.dll
    2007-04-18 19:30 - 2007-04-18 19:30 - 00471040 _____ () C:\Program Files\McAfee\Common Framework\ccme_base.dll
    2011-01-12 16:05 - 2011-01-12 16:05 - 00065536 _____ () C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll
    2010-04-06 10:01 - 2009-10-15 11:57 - 00077824 _____ () C:\Program Files\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
    2012-03-09 14:34 - 1998-10-17 08:00 - 00033792 _____ () C:\Program Files\WinZip\WZSHLEXT.DLL
    2009-11-19 15:47 - 2009-11-19 15:47 - 00249856 _____ () C:\WINDOWS\system32\wxvault.dll
    2010-04-06 16:48 - 2010-01-07 06:27 - 00473704 _____ () C:\Program Files\NVIDIA Corporation\nView\nvshell.dll
    2008-04-25 11:16 - 2008-04-14 07:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
    2008-04-25 11:16 - 2008-04-14 07:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
    2012-08-10 17:51 - 2013-01-30 16:05 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
    2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
    2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
    2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0D4A69F3

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/24/2014 11:57:26 PM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
    Description: Windows cannot determine the user or computer name. (An internal error occurred. ). Group Policy processing aborted.

    Error: (08/24/2014 10:07:24 PM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
    Description: Windows cannot determine the user or computer name. (An internal error occurred. ). Group Policy processing aborted.

    Error: (08/24/2014 08:13:22 PM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
    Description: Windows cannot determine the user or computer name. (An internal error occurred. ). Group Policy processing aborted.

    Error: (08/24/2014 06:15:19 PM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
    Description: Windows cannot determine the user or computer name. (An internal error occurred. ). Group Policy processing aborted.

    Error: (08/24/2014 04:24:17 PM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
    Description: Windows cannot determine the user or computer name. (An internal error occurred. ). Group Policy processing aborted.

    Error: (08/24/2014 02:40:16 PM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
    Description: Windows cannot determine the user or computer name. (An internal error occurred. ). Group Policy processing aborted.

    Error: (08/24/2014 00:52:14 PM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
    Description: Windows cannot determine the user or computer name. (An internal error occurred. ). Group Policy processing aborted.

    Error: (08/24/2014 11:01:12 AM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
    Description: Windows cannot determine the user or computer name. (An internal error occurred. ). Group Policy processing aborted.

    Error: (08/24/2014 09:27:09 AM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
    Description: Windows cannot determine the user or computer name. (An internal error occurred. ). Group Policy processing aborted.

    Error: (08/24/2014 07:41:07 AM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
    Description: Windows cannot determine the user or computer name. (An internal error occurred. ). Group Policy processing aborted.


    System errors:
    =============
    Error: (08/28/2014 10:32:15 AM) (Source: DCOM) (EventID: 10005) (User: RSC)
    Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
    in order to run the server:
    {4991D34B-80A1-4291-83B6-3328366B9097}

    Error: (08/28/2014 10:32:15 AM) (Source: DCOM) (EventID: 10005) (User: RSC)
    Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
    in order to run the server:
    {4991D34B-80A1-4291-83B6-3328366B9097}

    Error: (08/28/2014 10:32:15 AM) (Source: DCOM) (EventID: 10005) (User: RSC)
    Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
    in order to run the server:
    {4991D34B-80A1-4291-83B6-3328366B9097}

    Error: (08/28/2014 10:32:15 AM) (Source: DCOM) (EventID: 10005) (User: RSC)
    Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
    in order to run the server:
    {4991D34B-80A1-4291-83B6-3328366B9097}

    Error: (08/28/2014 10:32:15 AM) (Source: DCOM) (EventID: 10005) (User: RSC)
    Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
    in order to run the server:
    {4991D34B-80A1-4291-83B6-3328366B9097}

    Error: (08/28/2014 10:32:15 AM) (Source: DCOM) (EventID: 10005) (User: RSC)
    Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
    in order to run the server:
    {4991D34B-80A1-4291-83B6-3328366B9097}

    Error: (08/28/2014 10:32:15 AM) (Source: DCOM) (EventID: 10005) (User: RSC)
    Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
    in order to run the server:
    {4991D34B-80A1-4291-83B6-3328366B9097}

    Error: (08/28/2014 10:32:15 AM) (Source: DCOM) (EventID: 10005) (User: RSC)
    Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
    in order to run the server:
    {4991D34B-80A1-4291-83B6-3328366B9097}

    Error: (08/28/2014 09:32:14 AM) (Source: DCOM) (EventID: 10005) (User: RSC)
    Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
    in order to run the server:
    {4991D34B-80A1-4291-83B6-3328366B9097}

    Error: (08/28/2014 09:32:14 AM) (Source: DCOM) (EventID: 10005) (User: RSC)
    Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""
    in order to run the server:
    {4991D34B-80A1-4291-83B6-3328366B9097}


    Microsoft Office Sessions:
    =========================
    Error: (04/06/2014 04:44:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 294857 seconds with 8940 seconds of active time. This session ended with a crash.

    Error: (12/20/2013 11:30:38 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 271375 seconds with 7560 seconds of active time. This session ended with a crash.

    Error: (11/26/2012 08:20:14 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 270 seconds with 240 seconds of active time. This session ended with a crash.

    Error: (09/07/2012 09:17:11 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6203 seconds with 1020 seconds of active time. This session ended with a crash.

    Error: (06/04/2012 07:15:31 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 159 seconds with 60 seconds of active time. This session ended with a crash.

    Error: (03/05/2012 08:11:39 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 205 seconds with 180 seconds of active time. This session ended with a crash.

    Error: (01/17/2011 10:27:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 7242 seconds with 2040 seconds of active time. This session ended with a crash.

    Error: (06/24/2010 08:05:02 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3341 seconds with 2700 seconds of active time. This session ended with a crash.

    Error: (06/04/2010 07:05:34 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 53 seconds with 0 seconds of active time. This session ended with a crash.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
    Percentage of memory in use: 27%
    Total physical RAM: 3325.52 MB
    Available physical RAM: 2418.06 MB
    Total Pagefile: 5208.63 MB
    Available Pagefile: 4436.26 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1934.05 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:148.97 GB) (Free:120.14 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive m: () (Network) (Total:250 GB) (Free:171.1 GB)
    Drive n: () (Network) (Total:1114.71 GB) (Free:843.46 GB)
    Drive o: () (Network) (Total:1114.71 GB) (Free:843.46 GB)
    Drive p: () (Network) (Total:1114.71 GB) (Free:843.46 GB)
    Drive q: () (Network) (Total:1114.71 GB) (Free:843.46 GB)
    Drive r: () (Network) (Total:1114.71 GB) (Free:843.46 GB)
    Drive s: () (Network) (Total:1114.71 GB) (Free:843.46 GB)
    Drive t: () (Network) (Total:1114.71 GB) (Free:843.46 GB)
    Drive v: () (Network) (Total:528.49 GB) (Free:338.94 GB)

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 149 GB) (Disk ID: A42D04A3)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

  6. #6
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,

    One of the infections found is a backdoor Trojan (ZeroAccess rootkit)

    I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

    Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows operating system, and that is the course we strongly recommend.

    Also looks like your files have been Encrypted by the CryptoWall virus. That's just a small sampling below:

    See Here About CryptoWall......

    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\david\Local Settings\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\david\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\david\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\david\Application Data\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00004146 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.TXT
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\marko\Local Settings\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\marko\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
    2014-08-08 10:57 - 2014-08-08 10:57 - 00000276 _____ () C:\Documents and Settings\marko\DECRYPT_INSTRUCTION.URL
    If you want to clean the machine follow along:

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.

    Code:
     start
    reboot:
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
    Winlogon\Notify\irtvewq: \irtvewq.dll [X]
    HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 220 more characters). <==== ATTENTION!
    HKLM\...99B7938DA9E4}\LocalServer32: [a] #@~^MHsAAA==n{F+2im'xh,)mDk-+or8%mYvEUmDb2ORUtVsJbIStrVc+e'*+* Y.zPhxlc3XwC NAx\bDKU:xO?DDrUT/ (the data entry has 31460 more characters). <==== ATTENTION!
    InvalidSubkeyName: [HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\******<*>] <===== ATTENTION
    HKU\S-1-5-21-758252316-122362781-1648912389-1108\...\InprocServer32: [Default-pngfilt] C:\DOCUME~1\marko.RSC\LOCALS~1\Temp\1D.tmp <==== ATTENTION!
    BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{1e9ae278-81ac-b87d-06f8-8a61440f9a91}\ \ \???\{1e9ae278-81ac-b87d-06f8-8a61440f9a91}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
    "C:\Program Files\Google\Desktop\Install\{1e9ae278-81ac-b87d-06f8-8a61440f9a91}\ \ \???\{1e9ae278-81ac-b87d-06f8-8a61440f9a91}\GoogleUpdate.exe"
    C:\Documents and Settings\marko.RSC\Local Settings\Application Data\Google\Desktop\Install
    C:\Program Files\Google\Desktop\Install
    C:\Documents and Settings\marko.RSC\Local Settings\Temp\Quarantine.exe
    end
    Click Format and ensure Wordwrap is unchecked.
    Save as Fixlist.txt to your Desktop (Must be in this location)
    Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    In your next reply should you decide the try an clean this machine post:
    1- (Fixlog.txt)
    2- A new FRST.txt log

    Thanks
    Joe