Solved Computer often runs very slow. TM shows 100% CPU usage but shown process add up to less than 10%

S

Steve51

Posts: 17   +0
Have not been able to determine any consistance circumstances when the problem starts.

Here are the requested logs. Thanks for your help, really appreciate it.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.12.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: HOME [administrator]

10/11/2013 11:26:56 PM
mbam-log-2013-10-11 (23-26-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 317356
Time elapsed: 37 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.40.2
Run by Owner at 14:52:05 on 2013-10-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1407.628 [GMT -6:00]
.
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\tsnpstd3.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Philips\SA32xx Device Manager\SA32xx_DeviceManager.exe
C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uProxyServer = :0
uProxyOverride = <local>;*.local
BHO: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - c:\program files\arcsoft\media converter for philips\internet video downloader\ArcURLRecord.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced systemcare 6\browerprotect\ASCPlugin_Protection.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Data Toolbar Helper: {ea576c88-4993-4e97-9926-7c8379c29927} - c:\program files\datatool services\data toolbar 2.3.2\adxloader.dll
TB: Data Toolbar: {3745aa22-808c-4b64-ae23-1151cef147d9} - c:\program files\datatool services\data toolbar 2.3.2\adxloader.dll
EB: DzSoft Favorites Search: {4DC701A0-93AD-11D4-A15B-AF07886E4A07} - c:\program files\dzsoft\favorites search\FavSeek.dll
uRun: [Norton SystemWorks] "c:\program files\norton systemworks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "c:\documents and settings\owner\local settings\application data\akamai\netsession_win.exe"
uRun: [Spotify Web Helper] "c:\documents and settings\owner\application data\spotify\data\SpotifyWebHelper.exe"
mRun: [tsnpstd3] c:\windows\tsnpstd3.exe
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [CHotkey] zHotkey.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [DVD or CD Sharing] "c:\program files\dvd or cd sharing\ODSAgent.exe"
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\owner\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\norton~1.lnk - c:\program files\norton systemworks\norton goback\GBTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\philip~1.lnk - c:\program files\philips\sa32xx device manager\SA32xx_DeviceManager.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - <no file>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - {4DC701A0-93AD-11D4-A15B-AF07886E4A07}
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} - hxxps://quickplace.udayton.edu/qp2.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxps://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262723239101
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342380500929
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxps://www.nationalcreditors.com/WebSys/ClientView/ImgUpload/WebResource.axd?d=GytY9R4STKzC3lLU1wlNZ4r-HV8_ZLkisQPFodoEh16IQJmykBiJoAXQCHkacZRiWR348vHa2qDByU-ViUxqFBil0Ix2bk5X8NznN4ub8XziVq0SUvgsY9WnoUXQa4hwKL-hgBj1EHiPkHDF0IIGWa-Vkbq7nTHfCBTmwz1RUJMIKTQq0&t=633888745160000000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\8xpjm4e6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.wsj.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\8xpjm4e6.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\8xpjm4e6.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npPitPlugin.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\8xpjm4e6.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npdf.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npnitromozilla.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [2010-1-6 13440]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-4-1 37352]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2012-2-23 21752]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2012-12-22 574272]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-4-1 84024]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-4-1 108088]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-4-1 88840]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-8-28 197992]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-8-28 181608]
R2 NBSPortDriver;NBSPortDriver;c:\windows\system32\drivers\NBSPortDriver.sys [2010-1-6 17912]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2010-1-5 819352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S2 vtigercrmMysql540;vtigercrmMysql540;"c:\program files\vtigercrm-5.4.0\mysql\bin\mysqld-nt" "--defaults-file=c:\program files\vtigercrm-5.4.0\mysql\my.ini" vtigercrmmysql540 --> c:\program files\vtigercrm-5.4.0\mysql\bin\mysqld-nt [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-6-23 1691480]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-8-28 79208]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2012-2-24 23456]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-1-20 30192]
S3 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-1-16 198136]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\drivers\procexp151.sys --> c:\windows\system32\drivers\PROCEXP151.SYS [?]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2011-6-22 13464]
S3 UWS HiPriv Services;UWS HiPriv Services;c:\program files\ultidev\web server\UWS.HighPrivilegeUtilities.exe [2011-12-4 48128]
S3 UWS LoPriv Services;UWS LoPriv Services;c:\program files\ultidev\web server\UWS.LowPrivilegeUtilities.exe [2011-12-4 44032]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2010-1-5 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva391;XDva391;\??\c:\windows\system32\xdva391.sys --> c:\windows\system32\XDva391.sys [?]
S4 UltiDev Web Server Pro;UltiDev Web Server Pro;c:\program files\ultidev\web server\UltiDev.WebServer.Monitor.exe [2011-12-4 64512]
.
=============== Created Last 30 ================
.
2013-10-10 23:10:09 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-10-10 23:10:09 -------- d-----w- c:\windows\system32\wbem\Repository
2013-10-09 01:38:17 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2013-10-01 22:23:38 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-22 22:24:22 -------- d-----w- c:\program files\NCH Software
2013-09-22 22:24:19 -------- d-----w- c:\documents and settings\owner\application data\NCH Software
2013-09-22 21:14:02 -------- d-----w- c:\documents and settings\owner\local settings\application data\Spotify
2013-09-22 21:13:28 -------- d-----w- c:\documents and settings\owner\application data\Spotify
2013-09-22 18:26:50 -------- d-----w- c:\documents and settings\owner\application data\BlueSprig
2013-09-22 18:26:42 -------- d-----w- c:\program files\BlueSprig
2013-09-15 00:09:21 -------- d-----w- c:\documents and settings\owner\local settings\application data\WMTools Downloaded Files
.
==================== Find3M ====================
.
2013-10-11 01:56:25 134 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2013-10-11 00:27:30 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-11 00:27:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-01 22:23:26 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-01 22:23:25 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-10-01 22:23:25 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-23 18:33:58 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:33:57 43520 ------w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06:48 385024 ------w- c:\windows\system32\html.iec
2013-09-04 11:27:45 88840 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55:07 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55:06 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-08 06:05:59 920064 ----a-w- c:\windows\system32\wininet(3).dll
2013-08-08 06:05:59 1215488 ----a-w- c:\windows\system32\urlmon(3).dll
2013-08-08 06:05:59 105984 ----a-w- c:\windows\system32\url(3).dll
2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 20:18:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-31 00:51:47 1072544 ----a-w- c:\windows\system32\nvdrsdb0.bin
2013-07-31 00:51:47 1 ----a-w- c:\windows\system32\nvdrssel.bin
2013-07-31 00:51:42 1072544 -c--a-w- c:\windows\system32\nvdrsdb1.bin
2013-07-31 00:45:03 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-07-19 07:18:04 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-07-17 00:58:17 123008 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2013-07-17 00:58:03 60160 ----a-w- c:\windows\system32\drivers\usbaudio.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe GoBack2K.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
c:\windows\system32\drivers\GoBack2K.sys Symantec Corporation Norton GoBack
1 nt!IofCallDriver[0x804E3735] -> \Device\Harddisk0\DR0[0x8A3A9838]
3 CLASSPNP[0xF76B7FD7] -> nt!IofCallDriver[0x804E3735] -> \Device\00000095[0x8A3A2F18]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E3735] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8A40D940]
kernel: MBR read successfully
_asm { CALL 0x56; }
user != kernel MBR !!!
.
============= FINISH: 14:53:01.58 ===============
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================

redtarget.gif
I still need Attach.txt log from DDS.

Next....

redtarget.gif
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Yikes - you guys are fast! Thanks.
Sorry bout the attach file, followed the intructions in it instead of on the post. Here it is.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/5/2010 12:10:40 PM
System Uptime: 10/11/2013 11:17:10 PM (15 hours ago)
.
Motherboard: To be filled by O.E.M. | | MS-7207G
Processor: AMD Athlon(tm) 64 Processor 3500+ | CPU 1 | 2210/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 49 GiB total, 5.653 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is FIXED (NTFS) - 26 GiB total, 13.315 GiB free.
J: is CDROM ()
K: is CDROM ()
Z: is FIXED (NTFS) - 74 GiB total, 18.8 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1828: 9/7/2013 9:01:16 AM - System Checkpoint
RP1829: 9/8/2013 2:37:46 PM - System Checkpoint
RP1830: 9/9/2013 3:25:55 PM - System Checkpoint
RP1831: 9/10/2013 6:32:19 PM - System Checkpoint
RP1832: 9/11/2013 3:00:54 AM - Software Distribution Service 3.0
RP1833: 9/12/2013 3:12:50 AM - System Checkpoint
RP1834: 9/12/2013 3:23:34 PM - Software Distribution Service 3.0
RP1835: 9/12/2013 3:32:18 PM - Software Distribution Service 3.0
RP1836: 9/12/2013 3:42:13 PM - Software Distribution Service 3.0
RP1837: 9/12/2013 4:34:30 PM - Software Distribution Service 3.0
RP1838: 9/12/2013 5:02:14 PM - Software Distribution Service 3.0
RP1839: 9/13/2013 3:01:12 AM - Software Distribution Service 3.0
RP1840: 9/14/2013 3:01:13 AM - Software Distribution Service 3.0
RP1841: 9/15/2013 3:51:42 AM - System Checkpoint
RP1842: 9/16/2013 3:53:40 AM - System Checkpoint
RP1843: 9/17/2013 4:53:35 AM - System Checkpoint
RP1844: 9/18/2013 5:10:30 AM - System Checkpoint
RP1845: 9/19/2013 6:09:42 AM - System Checkpoint
RP1846: 9/20/2013 6:38:09 AM - System Checkpoint
RP1847: 9/21/2013 7:23:38 AM - System Checkpoint
RP1848: 9/22/2013 8:23:41 AM - System Checkpoint
RP1849: 9/23/2013 8:57:35 AM - System Checkpoint
RP1850: 9/24/2013 10:33:56 PM - System Checkpoint
RP1851: 9/26/2013 11:42:21 AM - System Checkpoint
RP1852: 9/27/2013 12:10:58 PM - System Checkpoint
RP1853: 9/28/2013 12:15:59 PM - System Checkpoint
RP1854: 9/29/2013 12:25:59 PM - System Checkpoint
RP1855: 9/30/2013 12:33:10 PM - System Checkpoint
RP1856: 10/1/2013 1:33:13 PM - System Checkpoint
RP1857: 10/1/2013 4:22:55 PM - Removed Java 7 Update 25
RP1858: 10/2/2013 5:33:21 PM - System Checkpoint
RP1859: 10/3/2013 5:41:39 PM - System Checkpoint
RP1860: 10/4/2013 6:28:47 PM - System Checkpoint
RP1861: 10/5/2013 6:33:30 PM - System Checkpoint
RP1862: 10/6/2013 8:53:23 PM - System Checkpoint
RP1863: 10/8/2013 12:45:10 AM - System Checkpoint
RP1864: 10/9/2013 3:18:32 PM - Software Distribution Service 3.0
RP1865: 10/10/2013 4:12:08 PM - Software Distribution Service 3.0
RP1866: 10/10/2013 4:21:48 PM - Restore Operation
RP1867: 10/10/2013 4:56:43 PM - Restore Operation
RP1868: 10/12/2013 5:00:18 AM - System Checkpoint
.
==== Installed Programs ======================
.
7-Zip 9.20
Acer System Information
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Adobe Shockwave Player 11.6
Advanced IP Scanner
Advanced SystemCare 6
Akamai NetSession Interface
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Verifier
ArcSoft Software Suite
ASAP Utilities
Audacity 1.2.6
Auslogics Disk Defrag
Auslogics Duplicate File Finder
Avira Free Antivirus
BackRex Internet Explorer Backup
Belarc Advisor 8.3
Beyond Compare Version 2.5.2
Big Fish Games: Game Manager
BitTorrent
Bonjour
Brain Workshop 4.8.1
Build-a-lot
ccCommon
ContextConsole Shell Extension (x86-32)
ConvertHelper 2.2
CPUID CPU-Z 1.58
CrystalDiskInfo 4.2.0a
CutePDF Writer 2.8
Data Toolbar 2.3.2
Debugging Tools for Windows (x86)
Digital Media Reader
Dropbox
DVD or CD Sharing
DVD Solution
DzSoft Favorites Search 2.1
Express Burn
FastStone Capture 7.3
FastStone Image Viewer 4.2
File Shredder 2.0
FileOpenPatcher
FileWizard
FreshDiagnose
GE98067 98756 and 98046 MiniCam Pro
Google Chrome
Google Desktop
Google Talk Plugin
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Product Detection
HWiNFO32 Version 3.93
HxD Hex Editor version 1.7.7.0
Image Resizer Powertoy Clone for Windows
Index.dat Analyzer v2.5
Internet Explorer (Enable DEP)
iTunes
Java 7 Update 40
Java Auto Updater
Java(TM) 6 Update 31
JavaFX 2.1.1
JetClean
Karen's Directory Printer
Karen's Registry Pruner
LAME v3.98.3 for Audacity
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Local Port Scanner v1.2.2
Log Parser 2.2
Magical Jelly Bean KeyFinder
Malwarebytes Anti-Malware version 1.75.0.1300
Media Converter for Philips
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Bootvis
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Help Viewer 1.0
Microsoft IntelliPoint 7.1
Microsoft IntelliType Pro 8.2
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office 2003 Resource Kit
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Converter Pack
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Communications Server 2005 SP1 Resource Kit
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Personal Folders Backup
Microsoft Report Viewer Redistributable 2005
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2008 R2 Native Client
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic PowerPacks 1.2
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Windows Performance Toolkit
Microsoft Windows SDK for Windows 7 (7.1)
Microsoft Windows SDK for Windows 7 Common Utilities (30514)
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
Microsoft Windows SDK for Windows 7 Samples (30514)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
MixPad
Module for JSON Format
Morefunc
MozBackup 1.4.10
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MRU-Blaster v1.5 (Database 3/28/2004)
MSRedist
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Keyboard Driver
NirSoft BlueScreenView
Nitro Reader 2
Norton GoBack 4.02 (Symantec Corporation)
Norton SystemWorks
Norton SystemWorks 2005
Norton SystemWorks 2005 (Symantec Corporation)
NSW_DRM_COLLECTION
NVIDIA Control Panel 307.83
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
NVIDIA nView 136.53
NVIDIA nView Desktop Manager
NVIDIA Update 1.10.8
NVIDIA Update Components
OGPlanet Game Launcher
Outlook Times Addin 1.1
OutlookTools 2
OutWit Hub 3.0.4.31 (x86 en-US)
Pale Moon 12.2 (x86 en-US)
Pando Media Booster
PandoraRecovery (Remove Only)
PDFill FREE PDF Tools
Power2Go 4.0
PowerDVD
PowerISO
PrimoPDF -- brought to you by Nitro PDF Software
Prism Video File Converter
QuickTime
Real Estate Finance and Investments
Realtek High Definition Audio Driver
RegToy 0.7.4.1
Revo Uninstaller 1.94
SA32xx Device Manager
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SIW version 2011.05.26
Skype web features
Skype™ 6.6
SlimDrivers
Spotify
Stickies 7.1a
Switch Sound File Converter
swMSM
System Requirements Lab
Tiny Time Tracker
TreeSize Free V2.5
Tweak UI
TweakGDS version 1.1.3
Twebst Automation Studio
UltiDev Web Server Pro
Uninstall Startup Inspector
Universal Extractor 1.6.1
Universal Viewer
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
V CAST Music with Rhapsody
VirtualLab Client 5.7.5
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
VLC media player 2.0.8
W Photo Studio
WavePad Sound Editor
WebFldrs XP
What's Running 3.0
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows SDK IntellisenseNFX
Windows XP Service Pack 3
Yu-Gi-Oh! ONLINE 3
.
==== Event Viewer Messages From Past Week ========
.
10/8/2013 9:36:28 PM, error: System Error [1003] - Error code 00000051, parameter1 00000004, parameter2 00000001, parameter3 e13e97d8, parameter4 00001918.
10/8/2013 9:32:33 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
10/8/2013 9:32:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect.
10/8/2013 9:32:33 PM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/8/2013 6:27:27 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
10/6/2013 11:25:31 PM, error: Service Control Manager [7000] - The vtigercrmMysql540 service failed to start due to the following error: The system cannot find the path specified.
10/6/2013 11:25:31 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
10/11/2013 6:57:12 PM, error: System Error [1003] - Error code 00000051, parameter1 00000004, parameter2 00000001, parameter3 e1b35dc8, parameter4 00001918.
10/10/2013 5:39:08 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
10/10/2013 5:39:08 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/10/2013 4:06:02 PM, error: System Error [1003] - Error code 00000051, parameter1 00000004, parameter2 00000001, parameter3 e4290dc8, parameter4 00001918.
.
==== End Of File ===========================
 
And TDSS

16:53:17.0957 0x07cc TDSS rootkit removing tool 3.0.0.12 Oct 9 2013 14:59:22
16:53:18.0628 0x07cc ============================================================
16:53:18.0628 0x07cc Current date / time: 2013/10/12 16:53:18.0628
16:53:18.0628 0x07cc SystemInfo:
16:53:18.0628 0x07cc
16:53:18.0628 0x07cc OS Version: 5.1.2600 ServicePack: 3.0
16:53:18.0628 0x07cc Product type: Workstation
16:53:18.0628 0x07cc ComputerName: HOME
16:53:18.0628 0x07cc UserName: Owner
16:53:18.0628 0x07cc Windows directory: C:\WINDOWS
16:53:18.0628 0x07cc System windows directory: C:\WINDOWS
16:53:18.0628 0x07cc Processor architecture: Intel x86
16:53:18.0628 0x07cc Number of processors: 1
16:53:18.0628 0x07cc Page size: 0x1000
16:53:18.0628 0x07cc Boot type: Normal boot
16:53:18.0628 0x07cc ============================================================
16:53:21.0633 0x07cc System UUID: {6C881464-D68C-2045-D9FF-7E51E56F0432}
16:53:22.0875 0x07cc Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:53:22.0935 0x07cc ============================================================
16:53:22.0935 0x07cc \Device\Harddisk0\DR0:
16:53:22.0975 0x07cc MBR partitions:
16:53:22.0975 0x07cc Initialize success
16:53:22.0975 0x07cc ============================================================
16:53:43.0344 0x0b58 ============================================================
16:53:43.0344 0x0b58 Scan started
16:53:43.0344 0x0b58 Mode: Manual;
16:53:43.0344 0x0b58 ============================================================
16:53:43.0344 0x0b58 KSN ping started
16:53:46.0088 0x0b58 KSN ping finished: true
16:53:46.0128 0x0b58 ================ Scan system memory ========================
16:53:46.0138 0x0b58 System memory - ok
16:53:46.0138 0x0b58 ================ Scan services =============================
16:53:46.0178 0x0b58 Abiosdsk - ok
16:53:46.0188 0x0b58 abp480n5 - ok
16:53:46.0198 0x0b58 ACDaemon - ok
16:53:46.0208 0x0b58 ACPI - ok
16:53:46.0218 0x0b58 ACPIEC - ok
16:53:46.0228 0x0b58 AdobeFlashPlayerUpdateSvc - ok
16:53:46.0238 0x0b58 adpu160m - ok
16:53:46.0248 0x0b58 AdvancedSystemCareService6 - ok
16:53:46.0258 0x0b58 aec - ok
16:53:46.0268 0x0b58 Afc - ok
16:53:46.0278 0x0b58 AFD - ok
16:53:46.0288 0x0b58 agp440 - ok
16:53:46.0298 0x0b58 agpCPQ - ok
16:53:46.0308 0x0b58 Aha154x - ok
16:53:46.0318 0x0b58 aic78u2 - ok
16:53:46.0328 0x0b58 aic78xx - ok
16:53:46.0338 0x0b58 Alerter - ok
16:53:46.0348 0x0b58 ALG - ok
16:53:46.0358 0x0b58 AliIde - ok
16:53:46.0368 0x0b58 alim1541 - ok
16:53:46.0378 0x0b58 Ambfilt - ok
16:53:46.0388 0x0b58 amdagp - ok
16:53:46.0398 0x0b58 AmdPPM - ok
16:53:46.0408 0x0b58 amsint - ok
16:53:46.0418 0x0b58 AntiVirSchedulerService - ok
16:53:46.0428 0x0b58 AntiVirService - ok
16:53:46.0438 0x0b58 Apple Mobile Device - ok
16:53:46.0448 0x0b58 AppMgmt - ok
16:53:46.0458 0x0b58 asc - ok
16:53:46.0468 0x0b58 asc3350p - ok
16:53:46.0478 0x0b58 asc3550 - ok
16:53:46.0508 0x0b58 aspnet_state - ok
16:53:46.0518 0x0b58 AsyncMac - ok
16:53:46.0529 0x0b58 atapi - ok
16:53:46.0539 0x0b58 Atdisk - ok
16:53:46.0549 0x0b58 Atmarpc - ok
16:53:46.0559 0x0b58 AudioSrv - ok
16:53:46.0569 0x0b58 audstub - ok
16:53:46.0579 0x0b58 avgntflt - ok
16:53:46.0589 0x0b58 avipbb - ok
16:53:46.0599 0x0b58 avkmgr - ok
16:53:46.0609 0x0b58 BANTExt - ok
16:53:46.0619 0x0b58 Beep - ok
16:53:46.0629 0x0b58 BITS - ok
16:53:46.0639 0x0b58 Bonjour Service - ok
16:53:46.0649 0x0b58 Browser - ok
16:53:46.0659 0x0b58 BVRPMPR5 - ok
16:53:46.0669 0x0b58 catchme - ok
16:53:46.0679 0x0b58 cbidf - ok
16:53:46.0689 0x0b58 cbidf2k - ok
16:53:46.0699 0x0b58 CCDECODE - ok
16:53:46.0709 0x0b58 ccEvtMgr - ok
16:53:46.0719 0x0b58 ccPwdSvc - ok
16:53:46.0729 0x0b58 ccSetMgr - ok
16:53:46.0739 0x0b58 cd20xrnt - ok
16:53:46.0749 0x0b58 Cdaudio - ok
16:53:46.0759 0x0b58 Cdfs - ok
16:53:46.0769 0x0b58 Cdrom - ok
16:53:46.0779 0x0b58 Changer - ok
16:53:46.0789 0x0b58 CiSvc - ok
16:53:46.0799 0x0b58 ClipSrv - ok
16:53:46.0809 0x0b58 clr_optimization_v2.0.50727_32 - ok
16:53:46.0819 0x0b58 clr_optimization_v4.0.30319_32 - ok
16:53:46.0829 0x0b58 CmdIde - ok
16:53:46.0839 0x0b58 COMSysApp - ok
16:53:46.0849 0x0b58 Cpqarray - ok
16:53:46.0859 0x0b58 CryptSvc - ok
16:53:46.0869 0x0b58 dac2w2k - ok
16:53:46.0879 0x0b58 dac960nt - ok
16:53:46.0889 0x0b58 DcomLaunch - ok
16:53:46.0899 0x0b58 Dhcp - ok
16:53:46.0909 0x0b58 Disk - ok
16:53:46.0919 0x0b58 dmadmin - ok
16:53:46.0929 0x0b58 dmboot - ok
16:53:46.0939 0x0b58 dmio - ok
16:53:46.0949 0x0b58 dmload - ok
16:53:46.0959 0x0b58 dmserver - ok
16:53:46.0969 0x0b58 DMusic - ok
16:53:46.0969 0x0b58 Dnscache - ok
16:53:46.0979 0x0b58 Dot3svc - ok
16:53:46.0989 0x0b58 dpti2o - ok
16:53:46.0999 0x0b58 drmkaud - ok
16:53:47.0009 0x0b58 DrvAgent32 - ok
16:53:47.0019 0x0b58 EagleNT - ok
16:53:47.0029 0x0b58 EagleXNt - ok
16:53:47.0039 0x0b58 EapHost - ok
16:53:47.0049 0x0b58 ERSvc - ok
16:53:47.0059 0x0b58 Eventlog - ok
16:53:47.0069 0x0b58 EventSystem - ok
16:53:47.0079 0x0b58 Fastfat - ok
16:53:47.0089 0x0b58 FastUserSwitchingCompatibility - ok
16:53:47.0099 0x0b58 Fdc - ok
16:53:47.0109 0x0b58 Fips - ok
16:53:47.0109 0x0b58 Flpydisk - ok
16:53:47.0129 0x0b58 FltMgr - ok
16:53:47.0139 0x0b58 FontCache3.0.0.0 - ok
16:53:47.0139 0x0b58 FreshIO - ok
16:53:47.0149 0x0b58 Fs_Rec - ok
16:53:47.0169 0x0b58 Ftdisk - ok
16:53:47.0179 0x0b58 GBDevice - ok
16:53:47.0189 0x0b58 GBFSHook - ok
16:53:47.0199 0x0b58 GBPoll - ok
16:53:47.0209 0x0b58 GEARAspiWDM - ok
16:53:47.0220 0x0b58 GoBack2K - ok
16:53:47.0230 0x0b58 GoogleDesktopManager-051210-111108 - ok
16:53:47.0230 0x0b58 Gpc - ok
16:53:47.0240 0x0b58 gupdate - ok
16:53:47.0250 0x0b58 gupdatem - ok
16:53:47.0260 0x0b58 HdAudAddService - ok
16:53:47.0280 0x0b58 HDAudBus - ok
16:53:47.0290 0x0b58 helpsvc - ok
16:53:47.0300 0x0b58 HidServ - ok
16:53:47.0310 0x0b58 HidUsb - ok
16:53:47.0310 0x0b58 hkmsvc - ok
16:53:47.0320 0x0b58 hpn - ok
16:53:47.0330 0x0b58 HSFHWBS2 - ok
16:53:47.0340 0x0b58 HSF_DPV - ok
16:53:47.0350 0x0b58 HTTP - ok
16:53:47.0360 0x0b58 HTTPFilter - ok
16:53:47.0370 0x0b58 HWiNFO32 - ok
16:53:47.0380 0x0b58 i2omgmt - ok
16:53:47.0390 0x0b58 i2omp - ok
16:53:47.0400 0x0b58 i8042prt - ok
16:53:47.0410 0x0b58 idsvc - ok
16:53:47.0420 0x0b58 Imapi - ok
16:53:47.0430 0x0b58 ImapiService - ok
16:53:47.0450 0x0b58 ini910u - ok
16:53:47.0460 0x0b58 IntcAzAudAddService - ok
16:53:47.0470 0x0b58 IntelIde - ok
16:53:47.0490 0x0b58 Ip6Fw - ok
16:53:47.0500 0x0b58 IpFilterDriver - ok
16:53:47.0510 0x0b58 IpInIp - ok
16:53:47.0520 0x0b58 IpNat - ok
16:53:47.0530 0x0b58 iPod Service - ok
16:53:47.0540 0x0b58 IPSec - ok
16:53:47.0550 0x0b58 IRENUM - ok
16:53:47.0560 0x0b58 isapnp - ok
16:53:47.0580 0x0b58 JavaQuickStarterService - ok
16:53:47.0590 0x0b58 Kbdclass - ok
16:53:47.0590 0x0b58 kbdhid - ok
16:53:47.0610 0x0b58 kmixer - ok
16:53:47.0610 0x0b58 KSecDD - ok
16:53:47.0620 0x0b58 lanmanserver - ok
16:53:47.0630 0x0b58 LanmanWorkstation - ok
16:53:47.0640 0x0b58 lbrtfdc - ok
16:53:47.0660 0x0b58 LmHosts - ok
16:53:47.0670 0x0b58 MCSTRM - ok
16:53:47.0680 0x0b58 mdmxsdk - ok
16:53:47.0690 0x0b58 Messenger - ok
16:53:47.0710 0x0b58 mnmdd - ok
16:53:47.0720 0x0b58 mnmsrvc - ok
16:53:47.0730 0x0b58 Modem - ok
16:53:47.0740 0x0b58 Monfilt - ok
16:53:47.0750 0x0b58 Mouclass - ok
16:53:47.0760 0x0b58 mouhid - ok
16:53:47.0770 0x0b58 MountMgr - ok
16:53:47.0780 0x0b58 MozillaMaintenance - ok
16:53:47.0790 0x0b58 mraid35x - ok
16:53:47.0800 0x0b58 MRxDAV - ok
16:53:47.0810 0x0b58 MRxSmb - ok
16:53:47.0820 0x0b58 MSDTC - ok
16:53:47.0840 0x0b58 Msfs - ok
16:53:47.0850 0x0b58 MSIServer - ok
16:53:47.0860 0x0b58 MSKSSRV - ok
16:53:47.0870 0x0b58 MSPCLOCK - ok
16:53:47.0880 0x0b58 MSPQM - ok
16:53:47.0890 0x0b58 mssmbios - ok
16:53:47.0900 0x0b58 MSTEE - ok
16:53:47.0911 0x0b58 Mup - ok
16:53:47.0921 0x0b58 mxnic - ok
16:53:47.0931 0x0b58 NABTSFEC - ok
16:53:47.0951 0x0b58 napagent - ok
16:53:47.0961 0x0b58 NBSPortDriver - ok
16:53:47.0971 0x0b58 NDIS - ok
16:53:47.0971 0x0b58 NdisIP - ok
16:53:47.0991 0x0b58 NdisTapi - ok
16:53:48.0001 0x0b58 Ndisuio - ok
16:53:48.0011 0x0b58 NdisWan - ok
16:53:48.0021 0x0b58 NDProxy - ok
16:53:48.0031 0x0b58 NetBIOS - ok
16:53:48.0041 0x0b58 NetBT - ok
16:53:48.0051 0x0b58 NetDDE - ok
16:53:48.0061 0x0b58 NetDDEdsdm - ok
16:53:48.0071 0x0b58 Netlogon - ok
16:53:48.0081 0x0b58 Netman - ok
16:53:48.0091 0x0b58 NetTcpPortSharing - ok
16:53:48.0101 0x0b58 NitroReaderDriverReadSpool2 - ok
16:53:48.0111 0x0b58 Nla - ok
16:53:48.0111 0x0b58 Npfs - ok
16:53:48.0121 0x0b58 npggsvc - ok
16:53:48.0131 0x0b58 ntcdrdrv - ok
16:53:48.0141 0x0b58 Ntfs - ok
16:53:48.0151 0x0b58 NtLmSsp - ok
16:53:48.0161 0x0b58 NtmsSvc - ok
16:53:48.0171 0x0b58 Null - ok
16:53:48.0181 0x0b58 nv - ok
16:53:48.0191 0x0b58 nvata - ok
16:53:48.0201 0x0b58 NVENETFD - ok
16:53:48.0211 0x0b58 nvgts - ok
16:53:48.0221 0x0b58 nvnetbus - ok
16:53:48.0231 0x0b58 NVSvc - ok
16:53:48.0241 0x0b58 nvUpdatusService - ok
16:53:48.0251 0x0b58 NwlnkFlt - ok
16:53:48.0261 0x0b58 NwlnkFwd - ok
16:53:48.0271 0x0b58 odserv - ok
16:53:48.0291 0x0b58 ose - ok
16:53:48.0301 0x0b58 P3 - ok
16:53:48.0311 0x0b58 Parport - ok
16:53:48.0321 0x0b58 PartMgr - ok
16:53:48.0331 0x0b58 ParVdm - ok
16:53:48.0341 0x0b58 PCI - ok
16:53:48.0351 0x0b58 PCIDump - ok
16:53:48.0361 0x0b58 PCIIde - ok
16:53:48.0371 0x0b58 Pcmcia - ok
16:53:48.0381 0x0b58 PDCOMP - ok
16:53:48.0391 0x0b58 PDFRAME - ok
16:53:48.0431 0x0b58 PDRELI - ok
16:53:48.0441 0x0b58 PDRFRAME - ok
16:53:48.0451 0x0b58 perc2 - ok
16:53:48.0461 0x0b58 perc2hib - ok
16:53:48.0491 0x0b58 PlugPlay - ok
16:53:48.0501 0x0b58 Point32 - ok
16:53:48.0511 0x0b58 PolicyAgent - ok
16:53:48.0521 0x0b58 PptpMiniport - ok
16:53:48.0531 0x0b58 PrismXL - ok
16:53:48.0541 0x0b58 Processor - ok
16:53:48.0551 0x0b58 PROCEXP151 - ok
16:53:48.0561 0x0b58 ProtectedStorage - ok
16:53:48.0571 0x0b58 PSched - ok
16:53:48.0581 0x0b58 Ptilink - ok
16:53:48.0591 0x0b58 ql1080 - ok
16:53:48.0601 0x0b58 Ql10wnt - ok
16:53:48.0612 0x0b58 ql12160 - ok
16:53:48.0622 0x0b58 ql1240 - ok
16:53:48.0632 0x0b58 ql1280 - ok
16:53:48.0642 0x0b58 RasAcd - ok
16:53:48.0652 0x0b58 RasAuto - ok
16:53:48.0662 0x0b58 Rasl2tp - ok
16:53:48.0672 0x0b58 RasMan - ok
16:53:48.0682 0x0b58 RasPppoe - ok
16:53:48.0692 0x0b58 Raspti - ok
16:53:48.0702 0x0b58 Rdbss - ok
16:53:48.0712 0x0b58 RDPCDD - ok
16:53:48.0722 0x0b58 rdpdr - ok
16:53:48.0742 0x0b58 RDPWD - ok
16:53:48.0752 0x0b58 RDSessMgr - ok
16:53:48.0762 0x0b58 redbook - ok
16:53:48.0772 0x0b58 RemoteAccess - ok
16:53:48.0792 0x0b58 RpcLocator - ok
16:53:48.0802 0x0b58 RpcSs - ok
16:56:35.0572 0x0b58 RSVP - ok
16:56:35.0622 0x0b58 SamSs - ok
16:56:35.0672 0x0b58 SCardSvr - ok
16:56:35.0712 0x0b58 SCDEmu - ok
16:56:35.0762 0x0b58 Schedule - ok
16:56:35.0852 0x0b58 Secdrv - ok
16:56:35.0892 0x0b58 seclogon - ok
16:56:35.0942 0x0b58 SENS - ok
16:56:35.0992 0x0b58 serenum - ok
16:56:36.0032 0x0b58 Serial - ok
16:56:36.0333 0x0b58 Sfloppy - ok
16:56:36.0383 0x0b58 SharedAccess - ok
16:56:36.0423 0x0b58 ShellHWDetection - ok
16:56:36.0473 0x0b58 Simbad - ok
16:56:36.0513 0x0b58 sisagp - ok
16:56:36.0563 0x0b58 SkypeUpdate - ok
16:56:36.0613 0x0b58 SLIP - ok
16:56:36.0743 0x0b58 SNPSTD3 - ok
16:56:36.0783 0x0b58 Sparrow - ok
16:56:36.0833 0x0b58 splitter - ok
16:56:36.0873 0x0b58 Spooler - ok
16:56:36.0924 0x0b58 sr - ok
16:56:36.0974 0x0b58 srservice - ok
16:56:37.0014 0x0b58 Srv - ok
16:56:37.0064 0x0b58 SSDPSRV - ok
16:56:37.0104 0x0b58 ssmdrv - ok
16:56:37.0154 0x0b58 stisvc - ok
16:56:37.0224 0x0b58 streamip - ok
16:56:37.0254 0x0b58 SWDUMon - ok
16:56:37.0304 0x0b58 swenum - ok
16:56:37.0354 0x0b58 swmidi - ok
16:56:37.0394 0x0b58 SwPrv - ok
16:56:37.0484 0x0b58 Symantec Core LC - ok
16:56:37.0534 0x0b58 symc810 - ok
16:56:37.0584 0x0b58 symc8xx - ok
16:56:37.0635 0x0b58 SymEvent - ok
16:56:37.0675 0x0b58 symlcbrd - ok
16:56:37.0725 0x0b58 sym_hi - ok
16:56:37.0775 0x0b58 sym_u3 - ok
16:56:37.0815 0x0b58 sysaudio - ok
16:56:37.0865 0x0b58 SysmonLog - ok
16:56:37.0915 0x0b58 TapiSrv - ok
16:56:37.0955 0x0b58 Tcpip - ok
16:56:38.0005 0x0b58 TDPIPE - ok
16:56:38.0045 0x0b58 TDTCP - ok
16:56:38.0095 0x0b58 TermDD - ok
16:56:38.0145 0x0b58 TermService - ok
16:56:38.0185 0x0b58 Themes - ok
16:56:38.0275 0x0b58 TosIde - ok
16:56:38.0326 0x0b58 TrkWks - ok
16:56:38.0416 0x0b58 Udfs - ok
16:56:38.0456 0x0b58 UltiDev Web Server Pro - ok
16:56:38.0506 0x0b58 ultra - ok
16:56:38.0546 0x0b58 Update - ok
16:56:38.0596 0x0b58 upnphost - ok
16:56:38.0646 0x0b58 UPS - ok
16:56:38.0686 0x0b58 USBAAPL - ok
16:56:38.0736 0x0b58 usbaudio - ok
16:56:38.0786 0x0b58 usbccgp - ok
16:56:38.0826 0x0b58 usbehci - ok
16:56:38.0876 0x0b58 usbhub - ok
16:56:38.0926 0x0b58 usbohci - ok
16:56:38.0966 0x0b58 usbprint - ok
16:56:39.0017 0x0b58 USBSTOR - ok
16:56:39.0057 0x0b58 usbuhci - ok
16:56:39.0107 0x0b58 UWS HiPriv Services - ok
16:56:39.0157 0x0b58 UWS LoPriv Services - ok
16:56:39.0197 0x0b58 VgaSave - ok
16:56:39.0247 0x0b58 viaagp - ok
16:56:39.0297 0x0b58 ViaIde - ok
16:56:39.0347 0x0b58 VMnetAdapter - ok
16:56:39.0387 0x0b58 VolSnap - ok
16:56:39.0437 0x0b58 VSS - ok
16:56:39.0487 0x0b58 vtigercrmMysql540 - ok
16:56:39.0527 0x0b58 W32Time - ok
16:56:39.0617 0x0b58 Wanarp - ok
16:56:39.0667 0x0b58 WDICA - ok
16:56:39.0718 0x0b58 wdmaud - ok
16:56:39.0768 0x0b58 WebClient - ok
16:56:39.0808 0x0b58 winachsf - ok
16:56:39.0938 0x0b58 winmgmt - ok
16:56:39.0988 0x0b58 WinRM - ok
16:56:40.0158 0x0b58 WmdmPmSN - ok
16:56:40.0288 0x0b58 WmiApSrv - ok
16:56:40.0338 0x0b58 WMPNetworkSvc - ok
16:56:40.0378 0x0b58 WpdUsb - ok
16:56:40.0429 0x0b58 WPFFontCache_v0400 - ok
16:56:40.0479 0x0b58 WS2IFSL - ok
16:56:40.0529 0x0b58 wscsvc - ok
16:56:40.0569 0x0b58 WSTCODEC - ok
16:56:40.0619 0x0b58 wuauserv - ok
16:56:40.0669 0x0b58 WudfPf - ok
16:56:40.0709 0x0b58 WudfRd - ok
16:56:40.0759 0x0b58 WudfSvc - ok
16:56:40.0809 0x0b58 WZCSVC - ok
16:56:40.0849 0x0b58 XDva385 - ok
16:56:40.0899 0x0b58 XDva391 - ok
16:56:40.0949 0x0b58 xmlprov - ok
16:56:41.0039 0x0b58 ================ Scan global ===============================
16:56:41.0039 0x0b58 [ Global ] - ok
16:56:41.0039 0x0b58 ================ Scan MBR ==================================
16:56:41.0080 0x0b58 [ D5AFE41F77F339A234E5A6CAC7CB5FBB ] \Device\Harddisk0\DR0
16:56:41.0120 0x0b58 Suspicious mbr (Forged): \Device\Harddisk0\DR0
16:56:41.0600 0x0b58 \Device\Harddisk0\DR0 - ok
16:56:41.0610 0x0b58 ================ Scan VBR ==================================
16:56:41.0760 0x0b58 AV detected via SS1: Avira Desktop, 13.6.20.2100, enabled, updated
16:56:41.0760 0x0b58 Win FW state via NFM: enabled
16:56:44.0725 0x0b58 ============================================================
16:56:44.0725 0x0b58 Scan finished
16:56:44.0725 0x0b58 ============================================================
16:56:44.0735 0x0cbc Detected object count: 0
16:56:44.0735 0x0cbc Actual detected object count: 0
 
redtarget.gif
Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
Here are the RK reports, in order of when they were saved. I ran it twice.

RogueKiller V8.7.2 [Oct 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 10/13/2013 16:16:21
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\WINDOWS\HKNTDLL.dll [x] -> UNLOADED

¤¤¤ Registry Entries : 4 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer :)0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

RogueKiller V8.7.2 [Oct 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 10/13/2013 16:43:40
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer :)0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[25] : NtClose @ 0x80567C07 -> HOOKED (Unknown @ 0xAB58C7A4)
[Address] SSDT[41] : NtCreateKey @ 0x80573887 -> HOOKED (Unknown @ 0xAB58C75E)
[Address] SSDT[50] : NtCreateSection @ 0x80565433 -> HOOKED (Unknown @ 0xAB58C7AE)
[Address] SSDT[53] : NtCreateThread @ 0x80578925 -> HOOKED (Unknown @ 0xAB58C754)
[Address] SSDT[63] : NtDeleteKey @ 0x80595ABA -> HOOKED (Unknown @ 0xAB58C763)
[Address] SSDT[65] : NtDeleteValueKey @ 0x805936DA -> HOOKED (Unknown @ 0xAB58C76D)
[Address] SSDT[68] : NtDuplicateObject @ 0x805749DA -> HOOKED (Unknown @ 0xAB58C79F)
[Address] SSDT[84] : NtFsControlFile @ 0x805771F8 -> HOOKED (GoBack2K.sys @ 0xF7BB7F50)
[Address] SSDT[98] : NtLoadKey @ 0x805ADCBB -> HOOKED (Unknown @ 0xAB58C772)
[Address] SSDT[122] : NtOpenProcess @ 0x80574BC1 -> HOOKED (Unknown @ 0xAB58C740)
[Address] SSDT[128] : NtOpenThread @ 0x80590CFC -> HOOKED (Unknown @ 0xAB58C745)
[Address] SSDT[177] : NtQueryValueKey @ 0x8056A531 -> HOOKED (Unknown @ 0xAB58C7C7)
[Address] SSDT[193] : NtReplaceKey @ 0x8065017E -> HOOKED (Unknown @ 0xAB58C77C)
[Address] SSDT[200] : NtRequestWaitReplyPort @ 0x8056DD9E -> HOOKED (Unknown @ 0xAB58C7B8)
[Address] SSDT[204] : NtRestoreKey @ 0x8064FD15 -> HOOKED (Unknown @ 0xAB58C777)
[Address] SSDT[213] : NtSetContextThread @ 0x8062E94F -> HOOKED (Unknown @ 0xAB58C7B3)
[Address] SSDT[237] : NtSetSecurityObject @ 0x80598227 -> HOOKED (Unknown @ 0xAB58C7BD)
[Address] SSDT[247] : NtSetValueKey @ 0x8057DAF3 -> HOOKED (Unknown @ 0xAB58C768)
[Address] SSDT[255] : NtSystemDebugControl @ 0x8064AD5D -> HOOKED (Unknown @ 0xAB58C7C2)
[Address] SSDT[257] : NtTerminateProcess @ 0x80585851 -> HOOKED (Unknown @ 0xAB58C74F)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xAB58C7D6)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xAB58C7DB)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST3160212A +++++
--- User ---
[MBR] e621faf262e06fe9ec8c033da0fdfb7d
[BSP] 3af301b55d764fceb569ee84492a190d : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 50281 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 102976650 | Size: 102343 Mo
Error reading LL1 MBR!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_10132013_164340.txt >>
RKreport[0]_S_10132013_161621.txt

XXXXXXXXXXXXXXXXXXXXXXXXXX
RogueKiller V8.7.2 [Oct 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 10/13/2013 16:45:07
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[25] : NtClose @ 0x80567C07 -> HOOKED (Unknown @ 0xAB58C7A4)
[Address] SSDT[41] : NtCreateKey @ 0x80573887 -> HOOKED (Unknown @ 0xAB58C75E)
[Address] SSDT[50] : NtCreateSection @ 0x80565433 -> HOOKED (Unknown @ 0xAB58C7AE)
[Address] SSDT[53] : NtCreateThread @ 0x80578925 -> HOOKED (Unknown @ 0xAB58C754)
[Address] SSDT[63] : NtDeleteKey @ 0x80595ABA -> HOOKED (Unknown @ 0xAB58C763)
[Address] SSDT[65] : NtDeleteValueKey @ 0x805936DA -> HOOKED (Unknown @ 0xAB58C76D)
[Address] SSDT[68] : NtDuplicateObject @ 0x805749DA -> HOOKED (Unknown @ 0xAB58C79F)
[Address] SSDT[84] : NtFsControlFile @ 0x805771F8 -> HOOKED (GoBack2K.sys @ 0xF7BB7F50)
[Address] SSDT[98] : NtLoadKey @ 0x805ADCBB -> HOOKED (Unknown @ 0xAB58C772)
[Address] SSDT[122] : NtOpenProcess @ 0x80574BC1 -> HOOKED (Unknown @ 0xAB58C740)
[Address] SSDT[128] : NtOpenThread @ 0x80590CFC -> HOOKED (Unknown @ 0xAB58C745)
[Address] SSDT[177] : NtQueryValueKey @ 0x8056A531 -> HOOKED (Unknown @ 0xAB58C7C7)
[Address] SSDT[193] : NtReplaceKey @ 0x8065017E -> HOOKED (Unknown @ 0xAB58C77C)
[Address] SSDT[200] : NtRequestWaitReplyPort @ 0x8056DD9E -> HOOKED (Unknown @ 0xAB58C7B8)
[Address] SSDT[204] : NtRestoreKey @ 0x8064FD15 -> HOOKED (Unknown @ 0xAB58C777)
[Address] SSDT[213] : NtSetContextThread @ 0x8062E94F -> HOOKED (Unknown @ 0xAB58C7B3)
[Address] SSDT[237] : NtSetSecurityObject @ 0x80598227 -> HOOKED (Unknown @ 0xAB58C7BD)
[Address] SSDT[247] : NtSetValueKey @ 0x8057DAF3 -> HOOKED (Unknown @ 0xAB58C768)
[Address] SSDT[255] : NtSystemDebugControl @ 0x8064AD5D -> HOOKED (Unknown @ 0xAB58C7C2)
[Address] SSDT[257] : NtTerminateProcess @ 0x80585851 -> HOOKED (Unknown @ 0xAB58C74F)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xAB58C7D6)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xAB58C7DB)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST3160212A +++++
--- User ---
[MBR] e621faf262e06fe9ec8c033da0fdfb7d
[BSP] 3af301b55d764fceb569ee84492a190d : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 50281 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 102976650 | Size: 102343 Mo
Error reading LL1 MBR!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_10132013_164507.txt >>
RKreport[0]_S_10132013_161621.txt;RKreport[0]_S_10132013_164340.txt

XXXXXXXXXXXXXXXXXX

RogueKiller V8.7.2 [Oct 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : HOSTSFix -- Date : 10/13/2013 16:45:16
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Reset HOSTS: ¤¤¤
127.0.0.1 localhost


Finished : << RKreport[0]_H_10132013_164516.txt >>
RKreport[0]_D_10132013_164507.txt;RKreport[0]_S_10132013_161621.txt;RKreport[0]_S_10132013_164340.txt

XXXXXXXXXXXXXXXXXXXXXXx

RogueKiller V8.7.2 [Oct 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : ProxyFix -- Date : 10/13/2013 16:45:25
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer :)0) -> DELETED

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[0]_PR_10132013_164525.txt >>
RKreport[0]_D_10132013_164507.txt;RKreport[0]_H_10132013_164516.txt;RKreport[0]_S_10132013_161621.txt
RKreport[0]_S_10132013_164340.txt

XXXXXXXXXXXXXXXXX

RogueKiller V8.7.2 [Oct 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : DNSFix -- Date : 10/13/2013 16:45:33
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[0]_DN_10132013_164533.txt >>
RKreport[0]_D_10132013_164507.txt;RKreport[0]_H_10132013_164516.txt;RKreport[0]_S_10132013_161621.txt
RKreport[0]_S_10132013_164340.txt

XXXXXXXXXXXXXXXXXXXXX
RogueKiller V8.7.2 [Oct 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 10/13/2013 16:49:02
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[25] : NtClose @ 0x80567C07 -> HOOKED (Unknown @ 0xAB58C7A4)
[Address] SSDT[41] : NtCreateKey @ 0x80573887 -> HOOKED (Unknown @ 0xAB58C75E)
[Address] SSDT[50] : NtCreateSection @ 0x80565433 -> HOOKED (Unknown @ 0xAB58C7AE)
[Address] SSDT[53] : NtCreateThread @ 0x80578925 -> HOOKED (Unknown @ 0xAB58C754)
[Address] SSDT[63] : NtDeleteKey @ 0x80595ABA -> HOOKED (Unknown @ 0xAB58C763)
[Address] SSDT[65] : NtDeleteValueKey @ 0x805936DA -> HOOKED (Unknown @ 0xAB58C76D)
[Address] SSDT[68] : NtDuplicateObject @ 0x805749DA -> HOOKED (Unknown @ 0xAB58C79F)
[Address] SSDT[84] : NtFsControlFile @ 0x805771F8 -> HOOKED (GoBack2K.sys @ 0xF7BB7F50)
[Address] SSDT[98] : NtLoadKey @ 0x805ADCBB -> HOOKED (Unknown @ 0xAB58C772)
[Address] SSDT[122] : NtOpenProcess @ 0x80574BC1 -> HOOKED (Unknown @ 0xAB58C740)
[Address] SSDT[128] : NtOpenThread @ 0x80590CFC -> HOOKED (Unknown @ 0xAB58C745)
[Address] SSDT[177] : NtQueryValueKey @ 0x8056A531 -> HOOKED (Unknown @ 0xAB58C7C7)
[Address] SSDT[193] : NtReplaceKey @ 0x8065017E -> HOOKED (Unknown @ 0xAB58C77C)
[Address] SSDT[200] : NtRequestWaitReplyPort @ 0x8056DD9E -> HOOKED (Unknown @ 0xAB58C7B8)
[Address] SSDT[204] : NtRestoreKey @ 0x8064FD15 -> HOOKED (Unknown @ 0xAB58C777)
[Address] SSDT[213] : NtSetContextThread @ 0x8062E94F -> HOOKED (Unknown @ 0xAB58C7B3)
[Address] SSDT[237] : NtSetSecurityObject @ 0x80598227 -> HOOKED (Unknown @ 0xAB58C7BD)
[Address] SSDT[247] : NtSetValueKey @ 0x8057DAF3 -> HOOKED (Unknown @ 0xAB58C768)
[Address] SSDT[255] : NtSystemDebugControl @ 0x8064AD5D -> HOOKED (Unknown @ 0xAB58C7C2)
[Address] SSDT[257] : NtTerminateProcess @ 0x80585851 -> HOOKED (Unknown @ 0xAB58C74F)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xAB58C7D6)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xAB58C7DB)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST3160212A +++++
--- User ---
[MBR] e621faf262e06fe9ec8c033da0fdfb7d
[BSP] 3af301b55d764fceb569ee84492a190d : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 50281 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 102976650 | Size: 102343 Mo
Error reading LL1 MBR!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_10132013_164902.txt >>
RKreport[0]_D_10132013_164507.txt;RKreport[0]_H_10132013_164516.txt;RKreport[0]_S_10132013_161621.txt
RKreport[0]_S_10132013_164340.txt

XXXXXXXXXXXXXXXXXXXXXXXX

RogueKiller V8.7.2 [Oct 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 10/13/2013 16:49:16
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[25] : NtClose @ 0x80567C07 -> HOOKED (Unknown @ 0xAB58C7A4)
[Address] SSDT[41] : NtCreateKey @ 0x80573887 -> HOOKED (Unknown @ 0xAB58C75E)
[Address] SSDT[50] : NtCreateSection @ 0x80565433 -> HOOKED (Unknown @ 0xAB58C7AE)
[Address] SSDT[53] : NtCreateThread @ 0x80578925 -> HOOKED (Unknown @ 0xAB58C754)
[Address] SSDT[63] : NtDeleteKey @ 0x80595ABA -> HOOKED (Unknown @ 0xAB58C763)
[Address] SSDT[65] : NtDeleteValueKey @ 0x805936DA -> HOOKED (Unknown @ 0xAB58C76D)
[Address] SSDT[68] : NtDuplicateObject @ 0x805749DA -> HOOKED (Unknown @ 0xAB58C79F)
[Address] SSDT[84] : NtFsControlFile @ 0x805771F8 -> HOOKED (GoBack2K.sys @ 0xF7BB7F50)
[Address] SSDT[98] : NtLoadKey @ 0x805ADCBB -> HOOKED (Unknown @ 0xAB58C772)
[Address] SSDT[122] : NtOpenProcess @ 0x80574BC1 -> HOOKED (Unknown @ 0xAB58C740)
[Address] SSDT[128] : NtOpenThread @ 0x80590CFC -> HOOKED (Unknown @ 0xAB58C745)
[Address] SSDT[177] : NtQueryValueKey @ 0x8056A531 -> HOOKED (Unknown @ 0xAB58C7C7)
[Address] SSDT[193] : NtReplaceKey @ 0x8065017E -> HOOKED (Unknown @ 0xAB58C77C)
[Address] SSDT[200] : NtRequestWaitReplyPort @ 0x8056DD9E -> HOOKED (Unknown @ 0xAB58C7B8)
[Address] SSDT[204] : NtRestoreKey @ 0x8064FD15 -> HOOKED (Unknown @ 0xAB58C777)
[Address] SSDT[213] : NtSetContextThread @ 0x8062E94F -> HOOKED (Unknown @ 0xAB58C7B3)
[Address] SSDT[237] : NtSetSecurityObject @ 0x80598227 -> HOOKED (Unknown @ 0xAB58C7BD)
[Address] SSDT[247] : NtSetValueKey @ 0x8057DAF3 -> HOOKED (Unknown @ 0xAB58C768)
[Address] SSDT[255] : NtSystemDebugControl @ 0x8064AD5D -> HOOKED (Unknown @ 0xAB58C7C2)
[Address] SSDT[257] : NtTerminateProcess @ 0x80585851 -> HOOKED (Unknown @ 0xAB58C74F)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xAB58C7D6)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xAB58C7DB)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST3160212A +++++
--- User ---
[MBR] e621faf262e06fe9ec8c033da0fdfb7d
[BSP] 3af301b55d764fceb569ee84492a190d : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 50281 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 102976650 | Size: 102343 Mo
Error reading LL1 MBR!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_10132013_164916.txt >>
RKreport[0]_D_10132013_164507.txt;RKreport[0]_H_10132013_164516.txt;RKreport[0]_S_10132013_161621.txt
RKreport[0]_S_10132013_164340.txt;RKreport[0]_S_10132013_164902.txt

XXXXXXXXXXXXXXXXXXXXx
RogueKiller V8.7.2 [Oct 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : HOSTSFix -- Date : 10/13/2013 16:49:23
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Reset HOSTS: ¤¤¤
127.0.0.1 localhost


Finished : << RKreport[0]_H_10132013_164923.txt >>
RKreport[0]_D_10132013_164507.txt;RKreport[0]_D_10132013_164916.txt;RKreport[0]_H_10132013_164516.txt
RKreport[0]_S_10132013_161621.txt;RKreport[0]_S_10132013_164340.txt;RKreport[0]_S_10132013_164902.txt

XXXXXXXXXXXXXXXX

RogueKiller V8.7.2 [Oct 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : ProxyFix -- Date : 10/13/2013 16:49:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[0]_PR_10132013_164926.txt >>
RKreport[0]_D_10132013_164507.txt;RKreport[0]_D_10132013_164916.txt;RKreport[0]_H_10132013_164516.txt
RKreport[0]_H_10132013_164923.txt;RKreport[0]_S_10132013_161621.txt;RKreport[0]_S_10132013_164340.txt
RKreport[0]_S_10132013_164902.txt

XXXXXXXXXXXXXXXXXXXXXXx

RogueKiller V8.7.2 [Oct 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : DNSFix -- Date : 10/13/2013 16:49:30
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[0]_DN_10132013_164930.txt >>
RKreport[0]_D_10132013_164507.txt;RKreport[0]_D_10132013_164916.txt;RKreport[0]_H_10132013_164516.txt
RKreport[0]_H_10132013_164923.txt;RKreport[0]_S_10132013_161621.txt;RKreport[0]_S_10132013_164340.txt
RKreport[0]_S_10132013_164902.txt
 
And the MBAR files:

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.10.13.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: HOME [administrator]

10/13/2013 7:11:47 PM
mbar-log-2013-10-13 (19-11-47).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 323032
Time elapsed: 1 hour(s), 57 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, I:\ DRIVE_FIXED, Z:\ DRIVE_FIXED
CPU speed: 2.210000 GHz
Memory total: 1475665920, free: 732295168

Downloaded database version: v2013.10.13.06
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
10/13/2013 19:11:35
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
GBDevice.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
aliide.sys
cmdide.sys
toside.sys
viaide.sys
intelide.sys
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
cpqarray.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
atapi.sys
aha154x.sys
sparrow.sys
symc810.sys
aic78xx.sys
dac960nt.sys
ql10wnt.sys
amsint.sys
asc.sys
asc3550.sys
mraid35x.sys
i2omp.sys
ini910u.sys
ql1240.sys
aic78u2.sys
symc8xx.sys
sym_hi.sys
sym_u3.sys
ABP480N5.SYS
asc3350p.sys
cd20xrnt.sys
ultra.sys
dpti2o.sys
adpu160m.sys
ql1080.sys
ql1280.sys
ql12160.sys
perc2.sys
perc2hib.sys
hpn.sys
cbidf2k.sys
dac2w2k.sys
ntcdrdrv.sys
nvgts.sys
nvata.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
GoBack2K.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
sisagp.sys
viaagp.sys
Mup.sys
agp440.sys
alim1541.sys
amdagp.sys
agpCPQ.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\Afc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\HSFHWBS2.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvnetbus.sys
\SystemRoot\system32\DRIVERS\AmdPPM.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\NBSPortDriver.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\NVENETFD.sys
\SystemRoot\system32\DRIVERS\NVNRM.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\??\C:\Program Files\HWiNFO32\HWiNFO32.SYS
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\Drivers\BANTExt.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\snpstd3.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\System32\Drivers\GBFSHook.SYS
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\sysaudio.sys
\??\C:\WINDOWS\system32\drivers\symlcbrd.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys
\??\C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\48230029.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR5
Upper Device Object: 0xffffffff893ee030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000ab\
Lower Device Object: 0xffffffff8943b8f8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR4
Upper Device Object: 0xffffffff8940e030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000aa\
Lower Device Object: 0xffffffff89f11968
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR3
Upper Device Object: 0xffffffff893ec030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a9\
Lower Device Object: 0xffffffff8946fa70
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xffffffff893ecab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a8\
Lower Device Object: 0xffffffff89f6a640
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a3a9838
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a40d940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a3a9838, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a3886d8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a388020, DeviceName: Unknown, DriverName: \Driver\GoBack2K\
DevicePointer: 0xffffffff8a3a9838, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a3a2f18, DeviceName: \Device\00000095\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a40d940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\GoBack2K\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
MBR buffers are not equal
failed to create file C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBRCode_0.mbam - 183
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4B36BDEA

Partition information:

Partition 0 type is Other (0x44)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 312576642
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

failed to create file C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam - 5
Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff893ecab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89f736d0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89f67478, DeviceName: Unknown, DriverName: \Driver\GoBack2K\
DevicePointer: 0xffffffff893ecab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89f6a640, DeviceName: \Device\000000a8\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff893ec030, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a022020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89f70e08, DeviceName: Unknown, DriverName: \Driver\GoBack2K\
DevicePointer: 0xffffffff893ec030, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8946fa70, DeviceName: \Device\000000a9\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff8940e030, DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89f73390, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89fa1da0, DeviceName: Unknown, DriverName: \Driver\GoBack2K\
DevicePointer: 0xffffffff8940e030, DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89f11968, DeviceName: \Device\000000aa\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff893ee030, DeviceName: \Device\Harddisk4\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a03c020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89f741a8, DeviceName: Unknown, DriverName: \Driver\GoBack2K\
DevicePointer: 0xffffffff893ee030, DeviceName: \Device\Harddisk4\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8943b8f8, DeviceName: \Device\000000ab\, DriverName: \Driver\USBSTOR\
------------ End ----------
<<<2>>>
<<<3>>>
Volume: Z:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\Documents and Settings\NetworkService\Cookies\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Owner\IETldCache\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Scan finished
=======================================


Failed to write a cleanupn script C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Queue.mbam
 
redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

redtarget.gif
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Here's the ComboFix.txt. What's it all mean?

ComboFix 13-10-13.02 - Owner 10/14/2013 20:21:10.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1407.633 [GMT -6:00]
Running from: z:\documents\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Owner\Local Settings\Application Data\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-09-15 to 2013-10-15 )))))))))))))))))))))))))))))))
.
.
2013-10-14 01:11 . 2013-10-14 01:11 105176 ----a-w- c:\windows\system32\drivers\48230029.sys
2013-10-13 22:54 . 2013-10-14 01:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-10-13 22:54 . 2013-10-13 22:54 105176 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-10-13 22:52 . 2013-10-14 01:09 47064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-10-10 23:10 . 2013-10-10 23:10 -------- d-----w- c:\windows\system32\wbem\Repository
2013-10-09 01:38 . 2013-10-09 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2013-10-01 22:23 . 2013-10-01 22:23 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-22 22:25 . 2013-09-29 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2013-09-22 22:24 . 2013-09-29 03:31 -------- d-----w- c:\program files\NCH Software
2013-09-22 22:24 . 2013-09-29 22:28 -------- d-----w- c:\documents and settings\Owner\Application Data\NCH Software
2013-09-22 21:14 . 2013-09-24 22:13 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Spotify
2013-09-22 21:13 . 2013-09-25 21:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Spotify
2013-09-22 18:26 . 2013-09-22 18:26 -------- d-----w- c:\documents and settings\Owner\Application Data\BlueSprig
2013-09-22 18:26 . 2013-09-22 18:26 -------- d-----w- c:\program files\BlueSprig
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-11 01:56 . 2012-02-29 15:55 134 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2013-10-11 00:27 . 2012-04-04 22:06 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-11 00:27 . 2011-06-01 18:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-01 22:23 . 2012-02-27 16:22 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-01 22:23 . 2012-07-30 23:43 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-10-01 22:23 . 2010-04-15 23:05 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-23 18:33 . 2010-01-05 18:56 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:33 . 2010-01-05 18:54 43520 ------w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33 . 2010-01-05 18:53 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33 . 2010-01-05 18:52 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2010-01-05 18:53 385024 ------w- c:\windows\system32\html.iec
2013-09-04 11:27 . 2013-04-01 23:22 88840 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-08-29 13:27 . 2013-04-01 23:22 136672 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-08-29 01:31 . 2010-01-05 18:56 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-09 01:56 . 2010-01-05 18:56 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2010-01-05 18:56 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2010-01-05 19:03 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2010-01-05 18:56 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-08 06:05 . 2010-01-05 18:56 920064 ----a-w- c:\windows\system32\wininet(3).dll
2013-08-08 06:05 . 2010-01-05 18:56 1215488 ----a-w- c:\windows\system32\urlmon(3).dll
2013-08-08 06:05 . 2010-01-05 18:56 105984 ----a-w- c:\windows\system32\url(3).dll
2013-08-05 13:30 . 2010-01-05 18:55 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 20:18 . 2006-10-19 04:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-31 00:45 . 2011-06-23 04:36 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-07-19 07:18 . 2013-07-19 07:18 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{ea576c88-4993-4e97-9926-7c8379c29927}]
2012-12-14 20:01 518136 ----a-w- c:\program files\DataTool Services\Data Toolbar 2.3.2\adxloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3745aa22-808c-4b64-ae23-1151cef147d9}"= "c:\program files\DataTool Services\Data Toolbar 2.3.2\adxloader.dll" [2012-12-14 518136]
.
[HKEY_CLASSES_ROOT\clsid\{3745aa22-808c-4b64-ae23-1151cef147d9}]
[HKEY_CLASSES_ROOT\DataToolbar.Addon.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norton SystemWorks"="c:\program files\Norton SystemWorks\cfgwiz.exe" [2004-09-10 132248]
"Akamai NetSession Interface"="c:\documents and settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-05 4489472]
"Spotify Web Helper"="c:\documents and settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2013-09-24 1140736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-10 270336]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-08-27 139264]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-22 30192]
"CHotkey"="zHotkey.exe" [2004-12-09 550912]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2000-01-01 1313640]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-08-29 347192]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"RTHDCPL"="RTHDCPL.EXE" [2000-01-01 20143688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-01-31 15517472]
"NvMediaCenter"="NvMCTray.dll" [2013-01-31 108832]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2000-01-01 1982312]
"DVD or CD Sharing"="c:\program files\DVD or CD Sharing\ODSAgent.exe" [2008-02-21 619832]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Owner\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-10-10 29768376]
Stickies.lnk - c:\program files\Stickies\stickies.exe [2011-8-1 1122304]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Norton GoBack.lnk - c:\program files\Norton SystemWorks\Norton GoBack\GBTray.exe [2004-12-21 804480]
Philips SA32XX Device Manager.lnk - c:\program files\Philips\SA32xx Device Manager\SA32xx_DeviceManager.exe -silent [2013-4-28 1615216]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 01000000
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\BinaryBiz\\VirtualLab5\\VLabPro.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Windows Performance Toolkit\\WPF Performance Suite\\WpfPerf.exe"=
"c:\\Program Files\\Debugging Tools for Windows (x86)\\windbg.exe"=
"c:\\Program Files\\UltiDev\\Web Server\\WebDevReplacer.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1040\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1363\\Agent.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
"c:\\Program Files\\HP\\Common\\HPDeviceDetection3.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\DVD or CD Sharing\\ODSAgent.exe"=
"c:\\Program Files\\DVD or CD Sharing\\RemoteInstallMacOSX.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Spotify\\spotify.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58535:TCP"= 58535:TCP:pando Media Booster
"58535:UDP"= 58535:UDP:pando Media Booster
"58420:TCP"= 58420:TCP:pando Media Booster
"58420:UDP"= 58420:UDP:pando Media Booster
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"57447:TCP"= 57447:TCP:pando Media Booster
"57447:UDP"= 57447:UDP:pando Media Booster
"3306:TCP"= 3306:TCP:MySQL55
"58131:TCP"= 58131:TCP:pando Media Booster
"58131:UDP"= 58131:UDP:pando Media Booster
.
R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [1/6/2010 5:35 PM 13440]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [4/1/2013 5:22 PM 37352]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2/23/2012 1:18 AM 21752]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [12/22/2012 3:32 PM 574272]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/1/2013 5:22 PM 84024]
R2 NBSPortDriver;NBSPortDriver;c:\windows\system32\drivers\NBSPortDriver.sys [1/6/2010 5:35 PM 17912]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/21/2013 9:53 AM 162408]
S2 vtigercrmMysql540;vtigercrmMysql540;"c:\program files\vtigercrm-5.4.0\mysql\bin\mysqld-nt" "--defaults-file=c:\program files\vtigercrm-5.4.0\mysql\my.ini" vtigercrmMysql540 --> c:\program files\vtigercrm-5.4.0\mysql\bin\mysqld-nt [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/23/2011 11:50 AM 1691480]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2/24/2012 6:54 PM 23456]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/20/2010 1:33 PM 30192]
S3 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [1/16/2012 9:44 AM 198136]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [6/22/2011 10:36 PM 13464]
S3 UWS HiPriv Services;UWS HiPriv Services;c:\program files\UltiDev\Web Server\UWS.HighPrivilegeUtilities.exe [12/4/2011 8:40 PM 48128]
S3 UWS LoPriv Services;UWS LoPriv Services;c:\program files\UltiDev\Web Server\UWS.LowPrivilegeUtilities.exe [12/4/2011 8:40 PM 44032]
S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
S4 UltiDev Web Server Pro;UltiDev Web Server Pro;c:\program files\UltiDev\Web Server\UltiDev.WebServer.Monitor.exe [12/4/2011 8:40 PM 64512]
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 00:27]
.
2013-10-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2013-10-02 c:\windows\Tasks\ExpressBurnReminder.job
- c:\program files\NCH Software\ExpressBurn\expressburn.exe [2013-09-22 23:39]
.
2013-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 02:39]
.
2013-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 02:39]
.
2013-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1049826726-1173585048-3043808071-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-30 21:52]
.
2013-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1049826726-1173585048-3043808071-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-30 21:52]
.
2013-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1049826726-1173585048-3043808071-1006Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-27 16:14]
.
2013-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1049826726-1173585048-3043808071-1006UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-27 16:14]
.
2013-10-15 c:\windows\Tasks\JetCleanLoginCheckUpdate.job
- c:\program files\BlueSprig\JetClean\AutoUpdate.exe [2013-09-22 21:05]
.
2013-10-01 c:\windows\Tasks\jucheck.job
- c:\program files\Common Files\Java\Java Update\jucheck.exe [2013-07-02 15:16]
.
2010-08-03 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-11-11 23:23]
.
2012-02-24 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2000-01-01 00:00]
.
2012-01-26 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2004-11-04 05:19]
.
2013-10-14 c:\windows\Tasks\Symantec Drmc.job
- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2004-10-27 18:48]
.
2012-01-27 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2010-01-05 00:26]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki...
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxps://www.nationalcreditors.com/WebSys/ClientView/ImgUpload/WebResource.axd?d=GytY9R4STKzC3lLU1wlNZ4r-HV8_ZLkisQPFodoEh16IQJmykBiJoAXQCHkacZRiWR348vHa2qDByU-ViUxqFBil0Ix2bk5X8NznN4ub8XziVq0SUvgsY9WnoUXQa4hwKL-hgBj1EHiPkHDF0IIGWa-Vkbq7nTHfCBTmwz1RUJMIKTQq0&t=633888745160000000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\8xpjm4e6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.wsj.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-14 22:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vtigercrmMysql540]
"ImagePath"="\"c:\program files\vtigercrm-5.4.0\mysql\bin\mysqld-nt\" \"--defaults-file=c:\program files\vtigercrm-5.4.0\mysql\my.ini\" vtigercrmMysql540"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d0,78,e8,76,ed,85,fa,41,b5,0c,de,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d0,78,e8,76,ed,85,fa,41,b5,0c,de,\
.
[HKEY_USERS\S-1-5-21-1049826726-1173585048-3043808071-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3456)
c:\windows\system32\WININET.dll
c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.22.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Norton SystemWorks\Norton GoBack\GBPoll.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
c:\windows\zHotkey.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\iPod\bin\iPodService.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\program files\Philips\SA32xx Device Manager\SA32xx_DeviceManager.exe
c:\documents and settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Completion time: 2013-10-14 22:18:23 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-15 04:18
ComboFix2.txt 2012-07-19 04:35
ComboFix3.txt 2012-02-15 15:04
ComboFix4.txt 2012-02-13 19:57
.
Pre-Run: 6,454,669,312 bytes free
Post-Run: 6,994,370,560 bytes free
.
- - End Of File - - 7DF027925271170E093E2C49B039B7F6
D5AFE41F77F339A234E5A6CAC7CB5FBB
 
Looks good.

redtarget.gif
Uninstall Advanced SystemCare 6.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Here are the adw and jlt logs. Forgot to turn anti-virus off for jlt so ran it twice. First is jrt 1 and second is jrt 2. Shocking.

# AdwCleaner v3.008 - Report created 16/10/2013 at 21:44:52
# Updated 17/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - HOME
# Running from : Z:\Documents\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\blekkotb
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\eSupport.com
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\Admin\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8xpjm4e6.default\Conduit
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8xpjm4e6.default\ConduitEngine
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8xpjm4e6.default\CT1060933
Folder Deleted : C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\jttz8fde.default\Conduit
Folder Deleted : C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\jttz8fde.default\CT1060933
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8xpjm4e6.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
Folder Deleted : C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\jttz8fde.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8xpjm4e6.default\Extensions\engine@conduit.com
Folder Deleted : C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\jttz8fde.default\Extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
File Deleted : C:\END
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8xpjm4e6.default\user.js
File Deleted : C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\jttz8fde.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.EasyHideBtn
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.EasyHideBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.Localizer
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.Localizer.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighter
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighter.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighterStatistics
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighterStatistics.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SkypeIEHelper
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SkypeIEHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SNameProxy
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SNameProxy.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{937936AF-28CA-4973-B8AE-F250406149A2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\g25kgsxd.default\prefs.js ]


[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8xpjm4e6.default\prefs.js ]

Line Deleted : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT1060933.AllowNonPrivacy", false);
Line Deleted : user_pref("CT1060933.CTID", "CT1060933");
Line Deleted : user_pref("CT1060933.CTPBaseServerUrl", "hxxp://services.conduit.com/");
Line Deleted : user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Sun Oct 31 2010 20:26:35 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT1060933.CommunityChanged", true);
Line Deleted : user_pref("CT1060933.CurrentServerDate", "1-11-2010");
Line Deleted : user_pref("CT1060933.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT1060933.DownloadDomainsCheckInterval", "168");
Line Deleted : user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Sun Oct 31 2010 20:25:30 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201073583");
Line Deleted : user_pref("CT1060933.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT1060933.EMailNotifierPollDate", "Tue Oct 21 2008 14:25:07 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT1060933.EnableUsage", false);
Line Deleted : user_pref("CT1060933.FirstServerDate", "1-11-2010");
Line Deleted : user_pref("CT1060933.FirstTime", true);
Line Deleted : user_pref("CT1060933.FirstTimeFF3", true);
Line Deleted : user_pref("CT1060933.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT1060933.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT1060933.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT1060933.Initialize", true);
Line Deleted : user_pref("CT1060933.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT1060933.InstallationAndCookieDataSentCount", 1);
Line Deleted : user_pref("CT1060933.InstalledDate", "Wed Jan 06 2010 13:21:24 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT1060933.InvalidateCache", false);
Line Deleted : user_pref("CT1060933.IsGrouping", false);
Line Deleted : user_pref("CT1060933.IsMulticommunity", true);
Line Deleted : user_pref("CT1060933.LanguagePackLastCheckTime", "Sun Oct 31 2010 20:25:34 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT1060933.LanguagePackReloadInterval", "24");
Line Deleted : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT1060933.LastLogin", "Wed Oct 22 2008 13:24:19 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT1060933.LastLogin_2.2.0.9", "Fri Jan 08 2010 15:27:17 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT1060933.LastLogin_2.7.2.0", "Sun Oct 31 2010 20:25:33 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT1060933.LatestVersion", "2.7.2.0");
Line Deleted : user_pref("CT1060933.Locale", "en-us");
Line Deleted : user_pref("CT1060933.LoginCache", 4);
Line Deleted : user_pref("CT1060933.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT1060933.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT1060933.RadioIsPodcast", false);
Line Deleted : user_pref("CT1060933.RadioLastCheckTime", "Sun Oct 31 2010 20:25:40 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
Line Deleted : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");
Line Deleted : user_pref("CT1060933.RadioMediaID", "21504191");
Line Deleted : user_pref("CT1060933.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191");
Line Deleted : user_pref("CT1060933.RadioStationName", "KFOG");
Line Deleted : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM");
Line Deleted : user_pref("CT1060933.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT1060933.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT1060933&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q=");
Line Deleted : user_pref("CT1060933.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Sun Oct 31 2010 20:25:35 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT1060933.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT1060933.Server", "hxxp://users.conduit.com");
Line Deleted : user_pref("CT1060933.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT1060933.SettingsLastCheckTime", "Sun Oct 31 2010 20:25:30 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT1060933.SettingsLastUpdate", "1288517532");
Line Deleted : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Sun Oct 31 2010 20:25:30 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1260711446");
Line Deleted : user_pref("CT1060933.ToolbarAlignMode", "SYSTEM");
Line Deleted : user_pref("CT1060933.ToolbarName", "Freecorder");
Line Deleted : user_pref("CT1060933.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT1060933.UserID", "UN20081002175658615");
Line Deleted : user_pref("CT1060933.ValidationData_Toolbar", 0);
Line Deleted : user_pref("CT1060933.VusualLastUpdateTime", "1216898258");
Line Deleted : user_pref("CT1060933.alertChannelId", "15651");
Line Deleted : user_pref("CT1060933.clientLogIsEnabled", false);
Line Deleted : user_pref("CT1060933.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT1060933.myStuffEnabled", true);
Line Deleted : user_pref("CT1060933.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT1060933.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2790392..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2790392..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2790392..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2790392.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2790392.CTID", "CT2790392");
Line Deleted : user_pref("CT2790392.CurrentServerDate", "17-3-2011");
Line Deleted : user_pref("CT2790392.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2790392.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2790392.EMailNotifierPollDate", "Wed Mar 16 2011 16:09:48 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedLastCount129313977501788460", 183);
Line Deleted : user_pref("CT2790392.FeedPollDate129313974171006416", "Wed Mar 16 2011 16:09:49 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313975698350231", "Wed Mar 16 2011 16:09:49 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313976370850190", "Wed Mar 16 2011 16:09:49 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313976648818968", "Wed Mar 16 2011 16:09:49 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313977444757117", "Wed Mar 16 2011 16:09:50 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313980389131455", "Wed Mar 16 2011 16:09:50 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313980655381977", "Wed Mar 16 2011 16:09:50 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313980886163259", "Wed Mar 16 2011 16:09:50 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313981234756535", "Wed Mar 16 2011 16:09:50 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313983226631720", "Wed Mar 16 2011 16:09:50 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313983607725691", "Wed Mar 16 2011 16:09:51 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedTTL129313974171006416", 10);
Line Deleted : user_pref("CT2790392.FeedTTL129313977444757117", 15);
Line Deleted : user_pref("CT2790392.FeedTTL129313980655381977", 5);
Line Deleted : user_pref("CT2790392.FeedTTL129313981234756535", 5);
Line Deleted : user_pref("CT2790392.FirstServerDate", "17-3-2011");
Line Deleted : user_pref("CT2790392.FirstTime", true);
Line Deleted : user_pref("CT2790392.FirstTimeFF3", true);
Line Deleted : user_pref("CT2790392.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT2790392.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2790392.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2790392.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2790392.Initialize", true);
Line Deleted : user_pref("CT2790392.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2790392.InstallationAndCookieDataSentCount", 1);
Line Deleted : user_pref("CT2790392.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("CT2790392.InstalledDate", "Wed Mar 16 2011 16:09:49 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2790392.IsGrouping", false);
Line Deleted : user_pref("CT2790392.IsMulticommunity", false);
Line Deleted : user_pref("CT2790392.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2790392.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT2790392.LanguagePackLastCheckTime", "Wed Mar 16 2011 16:09:50 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2790392.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2790392.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2790392.LastLogin_3.2.5.2", "Wed Mar 16 2011 16:09:49 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2790392.LatestVersion", "3.2.5.2");
Line Deleted : user_pref("CT2790392.Locale", "en");
Line Deleted : user_pref("CT2790392.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2790392.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2790392.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2790392.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2790392.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=");
Line Deleted : user_pref("CT2790392.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2790392.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2790392.SearchInNewTabLastCheckTime", "Wed Mar 16 2011 16:09:49 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2790392.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2790392.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2790392.ServiceMapLastCheckTime", "Wed Mar 16 2011 16:09:39 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2790392.SettingsLastCheckTime", "Wed Mar 16 2011 16:09:45 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2790392.SettingsLastUpdate", "1298422515");
Line Deleted : user_pref("CT2790392.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2790392.ThirdPartyComponentsLastCheck", "Wed Mar 16 2011 16:09:39 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2790392.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT2790392.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2790392.Uninstall", true);
Line Deleted : user_pref("CT2790392.UserID", "UN66735986377470961");
Line Deleted : user_pref("CT2790392.WeatherNetwork", "");
Line Deleted : user_pref("CT2790392.WeatherPollDate", "Wed Mar 16 2011 16:09:50 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2790392.WeatherUnit", "F");
Line Deleted : user_pref("CT2790392.alertChannelId", "1182482");
Line Deleted : user_pref("CT2790392.myStuffEnabled", true);
Line Deleted : user_pref("CT2790392.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2790392.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2790392.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2790392.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2790392.testingCtid", "");
Line Deleted : user_pref("CT2790392.toolbarAppMetaDataLastCheckTime", "Wed Mar 16 2011 16:09:49 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2790392.toolbarContextMenuLastCheckTime", "Wed Mar 16 2011 16:09:50 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Translation.engine.conduit-services.com/?browser=FF&lut=5/12/2011 4:15:34 PM&locale=en-US", "\"ae81b8-fd-49ab363bd0c80\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1096870/1092574/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1182482/1178159/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.app.conduit-services.com/apps/TranslatedApps.ashx?productId=1&name=appContextMenu2.0&locale=en-US", "\"ae81b8-fd-49ab363bd0c80\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.engine.conduit-services.com/apps/TranslatedApps.ashx?productId=1&name=engineContextMenu2.0&locale=en-US", "\"ae81b8-fd-49ab363bd0c80\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "L+tncv4eqt6Qm5T3dzChdA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "QmycQXJXVyFVAzIiNllWhQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "SuMy8xgBA7+FodOxmk9aiQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634333631231730000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2790392/CT2790392", "\"1298422515\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634351849102130000\"");
Line Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://sc.donanza.com/affiliate/conduit/conduitapp?tbid=ConduitEngine", "133x32");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2790392");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "bittorrentbar");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1060933,ConduitEngine,CT2790392");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933,ConduitEngine,CT2790392");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Sep 28 2011 20:17:19 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Sep 28 2011 20:17:19 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "{9254277f-d3ad-47c0-848b-fafb3011a21b}");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Mar 16 2011 16:09:50 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("ConduitEngine.BrowserCompStateIsOpen_7508773237168461707", true);
Line Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Line Deleted : user_pref("ConduitEngine.FirstServerDate", "03/17/2011 00");
Line Deleted : user_pref("ConduitEngine.FirstTime", true);
Line Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Line Deleted : user_pref("ConduitEngine.FixPageNotFoundErrors", false);
Line Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", false);
Line Deleted : user_pref("ConduitEngine.Initialize", true);
Line Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line Deleted : user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("ConduitEngine.InstalledDate", "Wed Mar 16 2011 16:09:42 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Line Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", false);
Line Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Sep 28 2011 20:17:21 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Wed Sep 28 2011 20:17:21 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Line Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CTXXXX&q=");
Line Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Sep 28 2011 20:17:21 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("ConduitEngine.UserID", "UN56737571114296315");
Line Deleted : user_pref("ConduitEngine.backendstorage.hxxp://s4_donanza_com/affiliate/conduit.newindication", "6F6E");
Line Deleted : user_pref("ConduitEngine.backendstorage.hxxp://static_donanza_com/affiliate/conduit.newindication", "6F6E");
Line Deleted : user_pref("ConduitEngine.backendstorage.lastidg", "32303131303632303233");
Line Deleted : user_pref("ConduitEngine.backendstorage.prevlastidg", "32303131303331373139");
Line Deleted : user_pref("ConduitEngine.backendstorage.queryg", "66696E616E6369616C20616E616C79736973");
Line Deleted : user_pref("ConduitEngine.counterAppsAdded", 1);
Line Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Line Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Sep 28 2011 20:17:21 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("ConduitEngine.initDone", true);
Line Deleted : user_pref("ConduitEngine.usagesFlag", 2);
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=");
Line Deleted : user_pref("extensions.engine@conduit.com.install-event-fired", true);

[ File : C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\jttz8fde.default\prefs.js ]

Line Deleted : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT1060933.AllowNonPrivacy", false);
Line Deleted : user_pref("CT1060933.CTID", "CT1060933");
Line Deleted : user_pref("CT1060933.CTPBaseServerUrl", "hxxp://services.conduit.com/");
Line Deleted : user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Wed Jan 06 2010 13:21:23 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT1060933.CommunityChanged", true);
Line Deleted : user_pref("CT1060933.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT1060933.DownloadDomainsCheckInterval", "168");
Line Deleted : user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Wed Jan 06 2010 13:21:23 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201073583");
Line Deleted : user_pref("CT1060933.EMailNotifierPollDate", "Tue Oct 21 2008 14:25:07 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT1060933.EnableUsage", false);
Line Deleted : user_pref("CT1060933.FirstTime", true);
Line Deleted : user_pref("CT1060933.FirstTimeFF3", true);
Line Deleted : user_pref("CT1060933.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT1060933.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT1060933.Initialize", true);
Line Deleted : user_pref("CT1060933.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT1060933.InstalledDate", "Wed Jan 06 2010 13:21:24 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT1060933.InvalidateCache", false);
Line Deleted : user_pref("CT1060933.IsGrouping", false);
Line Deleted : user_pref("CT1060933.IsMulticommunity", true);
Line Deleted : user_pref("CT1060933.LanguagePackLastCheckTime", "Wed Jan 06 2010 13:21:24 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT1060933.LanguagePackReloadInterval", "24");
Line Deleted : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT1060933.LastLogin", "Wed Oct 22 2008 13:24:19 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT1060933.LastLogin_2.2.0.9", "Wed Jan 06 2010 13:21:23 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT1060933.LatestVersion", "2.1.0.18");
Line Deleted : user_pref("CT1060933.Locale", "en-us");
Line Deleted : user_pref("CT1060933.LoginCache", 4);
Line Deleted : user_pref("CT1060933.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT1060933.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT1060933.RadioIsPodcast", false);
Line Deleted : user_pref("CT1060933.RadioLastCheckTime", "Wed Jan 06 2010 13:21:24 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
Line Deleted : user_pref("CT1060933.RadioLastUpdateServer", "128929877726170000");
Line Deleted : user_pref("CT1060933.RadioMediaID", "5020427");
Line Deleted : user_pref("CT1060933.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT10609335020427");
Line Deleted : user_pref("CT1060933.RadioStationName", "Classic%20Rock");
Line Deleted : user_pref("CT1060933.RadioStationURL", "hxxp://tuner1.dc1.sonixtream.com/playlists/wmgk/wmgkWMGKFM.asx");
Line Deleted : user_pref("CT1060933.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q=");
Line Deleted : user_pref("CT1060933.Server", "hxxp://users.conduit.com");
Line Deleted : user_pref("CT1060933.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT1060933.SettingsLastCheckTime", "Wed Jan 06 2010 13:21:21 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT1060933.SettingsLastUpdate", "1260711446");
Line Deleted : user_pref("CT1060933.ThirdPartyComponentsInterval", 72);
Line Deleted : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Wed Jan 06 2010 13:21:21 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1260711446");
Line Deleted : user_pref("CT1060933.ToolbarAlignMode", "SYSTEM");
Line Deleted : user_pref("CT1060933.ToolbarName", "Freecorder");
Line Deleted : user_pref("CT1060933.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT1060933.UserID", "UN20081002175658615");
Line Deleted : user_pref("CT1060933.VusualLastUpdateTime", "1216898258");
Line Deleted : user_pref("CT1060933.clientLogIsEnabled", true);
Line Deleted : user_pref("CT1060933.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT1060933.myStuffEnabled", true);
Line Deleted : user_pref("CT1060933.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT1060933.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&SearchType=ToolbarComponents");
Line Deleted : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT1060933.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1060933");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jan 06 2010 13:21:24 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jan 06 2010 13:21:21 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1234796400");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "{9254277f-d3ad-47c0-848b-fafb3011a21b}");
Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=");
Line Deleted : user_pref("extensions.asktb.AviraIDW-TS", "1329013290020");
Line Deleted : user_pref("extensions.asktb.AviraIDW-XML", "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<button xmlns=\"hxxp://websearch.ask.com/widgets\">\n <widget_url>hxxps://aviratoolbar.idwatchdog.com/toolbar[...]
Line Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Line Deleted : user_pref("extensions.asktb.apn_dbr", "ff_3.6.25");
Line Deleted : user_pref("extensions.asktb.cbid", "JM");
Line Deleted : user_pref("extensions.asktb.config-updated", true);
Line Deleted : user_pref("extensions.asktb.crumb", "2012.01.31+15.12.08-toolbar019iad-US-QXJ2YWRhLENPLFVuaXRlZCBTdGF0ZXM%3D");
Line Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}&gct=bar");
Line Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYUS");
Line Deleted : user_pref("extensions.asktb.fresh-install", false);
Line Deleted : user_pref("extensions.asktb.guid", "f610f36f-9058-4b56-acac-7a02b61f730a");
Line Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxps://websearch.ask.com\", [...]
Line Deleted : user_pref("extensions.asktb.if", "first");
Line Deleted : user_pref("extensions.asktb.l", "dis");
Line Deleted : user_pref("extensions.asktb.last-config-req", "1329013275468");
Line Deleted : user_pref("extensions.asktb.locale", "en_US");
Line Deleted : user_pref("extensions.asktb.location", "Arvada,CO,United States");
Line Deleted : user_pref("extensions.asktb.notification-shown", true);
Line Deleted : user_pref("extensions.asktb.o", "100000080");
Line Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Line Deleted : user_pref("extensions.asktb.qsrc", "2871");
Line Deleted : user_pref("extensions.asktb.r", "3");
Line Deleted : user_pref("extensions.asktb.sa", "NO");
Line Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Line Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Line Deleted : user_pref("extensions.asktb.themeid", "");
Line Deleted : user_pref("extensions.asktb.timeinstalled", "1/31/2012 4:14:32 PM");
Line Deleted : user_pref("extensions.asktb.to", "");
Line Deleted : user_pref("extensions.asktb.v", "3.14.1.100010");
Line Deleted : user_pref("extensions.asktb.version", "5.14.1.20064");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q=");

-\\ Google Chrome v

[ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [38195 octets] - [16/10/2013 21:42:23]
AdwCleaner[S0].txt - [38949 octets] - [16/10/2013 21:44:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [39010 octets] ##########
JRT 1

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by Owner on Wed 10/16/2013 at 21:55:53.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish games"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\apn"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"



~~~ FireFox

Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\blekkotb.xml"
Successfully deleted the following from C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\8xpjm4e6.default\prefs.js

user_pref("avg.toolbar.buttons_icon", ",,chrome://avg/skin/safesurf.png,chrome://avg/skin/safesurf.png,chrome://avg/skin/safesearch.png,chrome://avg/skin/avglinks.png,chrome:/
user_pref("extensions.speeddial.thumbnail-225-url", "hxxp://www.doostang.com/search?search_query=&x=34&y=20&search_location=80027&search_radius=100&search_domain=jobsearch&sea
user_pref("extensions.speeddial.thumbnail-236-url", "hxxp://www.merrittresearch.com/about/merritt_data.htm");
user_pref("extensions.speeddial.thumbnail-291-label", "S&P | Criteria | Structured Finance | CMBS: U.S. CMBS Rating Methodology And Assumptions For Conduit/Fusion Pools | Amer
user_pref("extensions.speeddial.thumbnail-293-label", "Euromoney Institutional Investor - Search Results");
user_pref("extensions.speeddial.thumbnail-38-url", "hxxp://www.aptmarketresearch.com/GoodandBad.pdf");
user_pref("extensions.speeddial.thumbnail-473-label", "Search Results");
user_pref("extensions.speeddial.thumbnail-497-label", "bed bug heat treatment cost - Zapmeta Search Results");
user_pref("extensions.speeddial.thumbnail-520-label", "Search results in Mint.com");
user_pref("extensions.speeddial.thumbnail-524-label", "Search results for Bankrate.com");
user_pref("extensions.speeddial.thumbnail-93-label", "Job Search Results - oDesk");
user_pref("mapquest_toolbar.search.searchtype", "web");
Emptied folder: C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\8xpjm4e6.default\minidumps [3 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/16/2013 at 22:00:34.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

JRT 2

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by Owner on Thu 10/17/2013 at 17:51:15.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\blekkotb.xml"
Emptied folder: C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\8xpjm4e6.default\minidumps [3 files]
 
OTL will not run. It give this error message: Error signature: AppName: otl.exe AppVer: 3.2.69.0 ModName: kernel32.dll
ModVer: 5.1.2600.6293 Offset: 00012fd3
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Owner (administrator) on HOME on 18-10-2013 22:58:13
Running from Z:\Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
() C:\WINDOWS\tsnpstd3.exe
(Alcor Micro, Corp.) C:\Program Files\Digital Media Reader\readericon45G.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
() C:\WINDOWS\zHotkey.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
() C:\WINDOWS\vsnpstd3.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe
(Spotify Ltd) C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe
(Symantec Corporation) C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe
(Philips) C:\Program Files\Philips\SA32xx Device Manager\SA32xx_DeviceManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
(Zhorn Software) C:\Program Files\Stickies\stickies.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [tsnpstd3] - C:\WINDOWS\tsnpstd3.exe [270336 2007-03-10] ()
HKLM\...\Run: [readericon] - C:\Program Files\Digital Media Reader\readericon45G.exe [139264 2005-08-27] (Alcor Micro, Corp.)
HKLM\...\Run: [High Definition Audio Property Page Shortcut] - C:\Windows\system32\HDAShCut.exe [61952 2005-01-07] (Windows (R) Server 2003 DDK provider)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-22] (Google)
HKLM\...\Run: [CHotkey] - C:\Windows\zHotkey.exe [550912 2004-12-08] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1313640 1999-12-31] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-29] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [20143688 1999-12-31] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1982312 1999-12-31] ()
HKLM\...\Run: [DVD or CD Sharing] - C:\Program Files\DVD or CD Sharing\ODSAgent.exe [619832 2008-02-20] (Apple Inc.)
HKLM\...\Run: [snpstd3] - C:\WINDOWS\vsnpstd3.exe [827392 2006-09-19] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKCU\...\Run: [Norton SystemWorks] - C:\Program Files\Norton SystemWorks\cfgwiz.exe [132248 2004-09-09] (Symantec Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Spotify Web Helper] - C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-09-24] (Spotify Ltd)
HKCU\...\Run: [Google Update] - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-06-30] (Google Inc.)
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKCU\...\Policies\Explorer: [NoInstrumentation] 1
HKCU\...\Policies\Explorer: [NoWinKeys] 0x01000000
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton GoBack.lnk
ShortcutTarget: Norton GoBack.lnk -> C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe (Symantec Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Philips SA32XX Device Manager.lnk
ShortcutTarget: Philips SA32XX Device Manager.lnk -> C:\Program Files\Philips\SA32xx Device Manager\SA32xx_DeviceManager.exe (Philips)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Stickies.lnk
ShortcutTarget: Stickies.lnk -> C:\Program Files\Stickies\stickies.exe (Zhorn Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z192&install_date=20111101
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF00A2C3FEDC3CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {9B97950D-482C-1D79-568F-FC7B9D40C785} URL = http://www.bing.com/search?q={searc...install_date=20111101&iesrc={referrer:source}
SearchScopes: HKCU - {F2734E2E-F1C4-4D40-BBF1-3CF99F781234} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749&p={searchTerms}
BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL (ArcSoft, Inc.)
BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Data Toolbar Helper - {ea576c88-4993-4e97-9926-7c8379c29927} - C:\Program Files\DataTool Services\Data Toolbar 2.3.2\adxloader.dll ()
Toolbar: HKLM - No Name - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No File
Toolbar: HKLM - Data Toolbar - {3745aa22-808c-4b64-ae23-1151cef147d9} - C:\Program Files\DataTool Services\Data Toolbar 2.3.2\adxloader.dll ()
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} https://quickplace.udayton.edu/qp2.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} https://a248.e.akamai.net/f/248/147...ager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262723239101
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} https://www.nationalcreditors.com/W...bq7nTHfCBTmwz1RUJMIKTQq0&t=633888745160000000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8xpjm4e6.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Nexon.net/NxGame - C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF Plugin: @ogplanet.com/npOGPPlugin - C:\WINDOWS\system32\npOGPPlugin.dll (OGPlanet)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @xmlauthor.com/downloads - C:\WINDOWS\system32\npmirage.dll (XMLAuthor Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml
FF Extension: OutWit Hub - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8xpjm4e6.default\Extensions\outwit-hub-1110@outwit.com
FF Extension: OutWit Kernel - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8xpjm4e6.default\Extensions\outwit-kernel-1110@outwit.com
FF Extension: Screengrab - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8xpjm4e6.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF Extension: Toolbar Buttons - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8xpjm4e6.default\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
FF Extension: FireShot - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8xpjm4e6.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF Extension: EPUBReader - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8xpjm4e6.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8xpjm4e6.default\Extensions\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}-TRASH
FF Extension: HP Detect - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8xpjm4e6.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8xpjm4e6.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8xpjm4e6.default\Extensions\{239cc760-75a9-4276-b1fc-c0ceb963f373}.xpi
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8xpjm4e6.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8xpjm4e6.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox
FF Extension: Internet Video Downloader - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox

Chrome:
=======
CHR HomePage: hxxp://wsj.com/
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.69\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Screen Capture Plugin) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.6_0\plugins/screen_capture.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Nexon Game Controller) - C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (OGPlanet Game Plugin) - C:\WINDOWS\system32\npOGPPlugin.dll (OGPlanet)
CHR Plugin: (XMLAuthor Inc. npmirage) - C:\WINDOWS\system32\npmirage.dll (XMLAuthor Inc.)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.5_0
CHR Extension: (Lucidchart: Diagrams Online) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn\18_0
CHR Extension: (Search by Image (by Google)) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.5.0_0
CHR Extension: (Read Later Fast) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.6.0_0
CHR Extension: (Speed Dial) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.5.3_0
CHR Extension: (Photo Zoom for Facebook) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0
CHR Extension: (PDFescape Free PDF Editor) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\gdefoklganepljiopdnglodohlgfikkl\0.21_0
CHR Extension: (Yesware) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\gkjnkapjmjfpipfcccnjbjcbgdnahpjp\2.0.54_0
CHR Extension: (TinEye Reverse Image Search) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.3_0
CHR Extension: (Send Page) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\higemadklcnjhjpgcbnnbpgeeippjjcp\1.5_0
CHR Extension: (Insightly) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\hkopngnjabiaaibfkfgjhgdfpoholppn\6.2_0
CHR Extension: (Google Voice (by Google)) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.4.1_0
CHR Extension: (Zoom) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd\1.1.0.6_0
CHR Extension: (Scraper) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mbigbapnjcgaffohmbkdlecaccepngjd\1.6_0
CHR Extension: (Photo Zoom for Google+\u2122, Facebook etc.) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nbblefhfkhablnohejfhhagjaadfijel\0.0.0.7_0
CHR Extension: (Hover Zoom) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.21_0
CHR Extension: (SlideRocket) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\omeengfjefdmhnkojnfmncpfdbhnecea\2.0.2_0
CHR Extension: (Recently Closed Tabs) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\opefiliglgllmponlmoajkfbcaigocfc\1.2.7_0
CHR Extension: (Zoom.it) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\paghgafiacappiabohjancpojlphfpma\1.1_0
CHR Extension: (PhotoFit Me) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pdpbdnchfplfpdjbckgbmpnddnjdijjk\1.0.0.4_0
CHR Extension: (Google Reader) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0
CHR Extension: (Gmail) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-08-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-29] (Avira Operations GmbH & Co. KG)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [197992 2008-01-17] (Symantec Corporation)
S3 ccPwdSvc; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [79208 2008-01-17] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [181608 2008-01-17] (Symantec Corporation)
R2 GBPoll; C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe [763520 2004-12-21] (Symantec Corporation)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-22] (Google)
S3 NitroReaderDriverReadSpool2; C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [198136 2012-01-16] (Nitro PDF Software)
S3 npggsvc; C:\WINDOWS\system32\GameMon.des [4597024 2012-03-05] (INCA Internet Co., Ltd.)
R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [65536 2010-01-05] (New Boundary Technologies, Inc.)
R2 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [819352 2010-01-05] (Symantec Corporation)
S4 UltiDev Web Server Pro; C:\Program Files\UltiDev\Web Server\UltiDev.WebServer.Monitor.exe [64512 2011-12-04] (UltiDev LLC)
S3 UWS HiPriv Services; C:\Program Files\UltiDev\Web Server\UWS.HighPrivilegeUtilities.exe [48128 2011-12-04] (UltiDev LLC)
S3 UWS LoPriv Services; C:\Program Files\UltiDev\Web Server\UWS.LowPrivilegeUtilities.exe [44032 2011-12-04] (UltiDev LLC)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S2 vtigercrmMysql540; "C:\Program Files\vtigercrm-5.4.0\mysql\bin\mysqld-nt" "--defaults-file=C:\Program Files\vtigercrm-5.4.0\mysql\my.ini" vtigercrmMysql540

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 1999-12-31] (Creative)
R1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-08-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-01] (Avira Operations GmbH & Co. KG)
R1 BANTExt; C:\Windows\System32\Drivers\BANTExt.sys [3840 2011-08-09] ()
S3 DrvAgent32; C:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2012-02-24] (Phoenix Technologies)
S3 FreshIO; C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [2410 2004-10-26] ()
R0 GBDevice; C:\Windows\System32\Drivers\GBDevice.sys [4093 2004-12-21] (Symantec Corporation)
R2 GBFSHook; C:\Windows\System32\Drivers\GBFSHook.sys [16196 2004-12-21] (Symantec Corporation)
R0 GoBack2K; C:\Windows\System32\Drivers\GoBack2K.sys [170718 2004-12-21] (Symantec Corporation)
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows (R) Server 2003 DDK provider)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [1033600 2005-03-17] (Conexant Systems, Inc.)
R1 HWiNFO32; C:\Program Files\HWiNFO32\HWiNFO32.SYS [21752 2012-02-07] (REALiX(tm))
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 1999-12-31] (Creative Technology Ltd.)
S3 mxnic; C:\Windows\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd. )
R2 NBSPortDriver; C:\Windows\System32\DRIVERS\NBSPortDriver.sys [17912 2007-05-21] (Neurobehavioral Systems (www.neurobs.com))
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R0 ntcdrdrv; C:\Windows\System32\DRIVERS\ntcdrdrv.sys [13440 2007-05-16] (NoteBurn Software)
R0 nvata; C:\Windows\System32\DRIVERS\nvata.sys [98432 2005-08-12] (NVIDIA Corporation)
R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [70912 1999-12-31] (NVIDIA Corporation)
R0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [168040 1999-12-31] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [13824 1999-12-31] (NVIDIA Corporation)
S1 P3; C:\Windows\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
R3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10252544 2007-03-26] (Sonix Co. Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-01] (Avira GmbH)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2013-07-30] ()
S3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [124016 2006-09-15] (Symantec Corporation)
R2 symlcbrd; C:\WINDOWS\system32\drivers\symlcbrd.sys [4608 2010-01-05] (Symantec Corporation)
S3 BVRPMPR5; \??\D:\INSTAL~E\Core\BVRPMPR5.SYS [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [x]
S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [x]
U4 intelppm;
S2 MCSTRM; No ImagePath
S3 PROCEXP151; \??\C:\WINDOWS\system32\Drivers\PROCEXP151.SYS [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr;
U3 TrueSight; \??\C:\WINDOWS\system32\TrueSight.sys [x]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]
S3 XDva385; \??\C:\WINDOWS\system32\XDva385.sys [x]
S3 XDva391; \??\C:\WINDOWS\system32\XDva391.sys [x]
 
==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-18 22:58 - 2013-10-18 22:58 - 00000000 ____D C:\FRST
2013-10-18 17:41 - 2013-10-18 17:41 - 101890677 _____ C:\WINDOWS\system32\�L
2013-10-17 23:27 - 2013-10-17 23:27 - 101748955 _____ C:\WINDOWS\system32\≥.L
2013-10-17 19:51 - 2013-10-17 19:51 - 00001606 _____ C:\Documents and Settings\Owner\Desktop\RKreport[0]_D_10172013_195158.txt
2013-10-17 19:50 - 2013-10-17 19:50 - 00001565 _____ C:\Documents and Settings\Owner\Desktop\RKreport[0]_S_10172013_195047.txt
2013-10-17 17:56 - 2013-10-17 17:56 - 00000826 _____ C:\Documents and Settings\Owner\Desktop\JRT 2.txt
2013-10-17 17:50 - 2013-10-17 17:50 - 00002793 _____ C:\Documents and Settings\Owner\Desktop\JRT 1.txt
2013-10-16 21:55 - 2013-10-16 21:55 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-16 21:41 - 2013-10-16 21:45 - 00000000 ____D C:\AdwCleaner
2013-10-16 17:25 - 2013-10-16 17:25 - 101413064 _____ C:\WINDOWS\system32\㘌곢L
2013-10-16 11:26 - 2013-10-16 11:26 - 101406750 _____ C:\WINDOWS\system32\㕧萷L
2013-10-14 22:18 - 2013-10-14 22:18 - 00024898 _____ C:\ComboFix.txt
2013-10-14 17:25 - 2013-10-14 17:25 - 101076544 _____ C:\WINDOWS\system32\肅큕L
2013-10-14 05:25 - 2013-10-14 11:24 - 100910526 _____ C:\WINDOWS\system32\䚮嗢L
2013-10-13 23:27 - 2013-10-13 23:27 - 100838232 _____ C:\WINDOWS\system32\✠髝L
2013-10-13 23:26 - 2013-10-13 23:31 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\RK Reports
2013-10-13 19:11 - 2013-10-13 19:11 - 00105176 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2013-10-13 19:08 - 2013-10-13 23:14 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\mbar
2013-10-13 16:54 - 2013-10-13 19:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-10-13 16:54 - 2013-10-13 16:54 - 00105176 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2013-10-13 16:52 - 2013-10-13 19:09 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-10-13 16:13 - 2013-10-17 19:51 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\RK_Quarantine
2013-10-12 16:53 - 2013-10-12 16:53 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\tdsskiller
2013-10-12 16:51 - 2013-10-12 16:51 - 04101172 _____ C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
2013-10-12 14:53 - 2013-10-12 14:53 - 00029892 _____ C:\Documents and Settings\Owner\Desktop\attach.txt
2013-10-12 14:53 - 2013-10-12 14:53 - 00021904 _____ C:\Documents and Settings\Owner\Desktop\dds.txt
2013-10-11 18:51 - 2013-10-11 18:51 - 00090112 _____ C:\WINDOWS\Minidump\Mini101113-01.dmp
2013-10-11 17:20 - 2013-10-11 17:20 - 100595853 _____ C:\WINDOWS\system32\钁੔L
2013-10-10 19:52 - 2013-10-10 19:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-10 19:50 - 2013-10-10 19:51 - 00130549 _____ C:\WINDOWS\KB2862335.log
2013-10-10 19:50 - 2013-10-10 19:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-10 15:59 - 2013-10-10 15:59 - 100332977 _____ C:\WINDOWS\system32\痟㼅L
2013-10-10 15:40 - 2013-10-10 15:39 - 00090112 _____ C:\WINDOWS\Minidump\Mini101013-01.dmp
2013-10-09 15:48 - 2013-10-10 19:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-09 15:47 - 2013-10-10 19:32 - 00022420 _____ C:\WINDOWS\KB2868038.log
2013-10-09 15:40 - 2013-10-10 19:52 - 00005689 _____ C:\WINDOWS\updspapi.log
2013-10-09 15:39 - 2013-10-10 19:29 - 00043496 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-09 15:38 - 2013-10-10 19:52 - 00061833 _____ C:\WINDOWS\FaxSetup.log
2013-10-09 15:38 - 2013-10-10 19:52 - 00029560 _____ C:\WINDOWS\ocgen.log
2013-10-09 15:38 - 2013-10-10 19:52 - 00023595 _____ C:\WINDOWS\tsoc.log
2013-10-09 15:38 - 2013-10-10 19:52 - 00020498 _____ C:\WINDOWS\comsetup.log
2013-10-09 15:38 - 2013-10-10 19:52 - 00012439 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-09 15:38 - 2013-10-10 19:52 - 00009933 _____ C:\WINDOWS\iis6.log
2013-10-09 15:38 - 2013-10-10 19:52 - 00003420 _____ C:\WINDOWS\ocmsn.log
2013-10-09 15:38 - 2013-10-10 19:52 - 00003090 _____ C:\WINDOWS\msgsocm.log
2013-10-09 15:38 - 2013-10-10 19:52 - 00001393 _____ C:\WINDOWS\imsins.log
2013-10-09 15:38 - 2013-10-10 19:51 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-10-09 15:38 - 2013-10-10 19:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-09 15:38 - 2013-10-10 19:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-09 15:38 - 2013-10-09 15:38 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-10-09 15:38 - 2013-10-09 15:38 - 00000000 _____ C:\WINDOWS\setupact.log
2013-10-09 15:37 - 2013-10-10 19:52 - 00024216 _____ C:\WINDOWS\setupapi.log
2013-10-09 11:30 - 2013-10-09 11:30 - 100163860 _____ C:\WINDOWS\system32\⁡剡L
2013-10-09 05:12 - 2013-10-10 19:52 - 00135550 _____ C:\WINDOWS\KB2847311.log
2013-10-08 21:27 - 2013-10-18 17:36 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-08 21:27 - 2013-10-18 17:36 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-08 21:27 - 2013-10-08 21:27 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2013-10-08 21:26 - 2013-10-18 17:36 - 00032642 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-08 21:26 - 2013-10-08 21:26 - 00090112 _____ C:\WINDOWS\Minidump\Mini100813-01.dmp
2013-10-08 19:38 - 2013-10-08 19:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-10-08 19:27 - 2013-10-17 20:04 - 00003514 _____ C:\Documents and Settings\Owner\Desktop\Rkill.txt
2013-10-07 17:29 - 2013-10-08 05:27 - 99859239 _____ C:\WINDOWS\system32\㽇蔘L
2013-10-06 23:27 - 2013-10-07 11:08 - 99717279 _____ C:\WINDOWS\system32\픱踝L
2013-10-03 04:58 - 2013-10-06 10:59 - 99477982 _____ C:\WINDOWS\system32\羥∮咼6
2013-10-02 04:58 - 2013-10-02 16:58 - 98878632 _____ C:\WINDOWS\system32\땿�咼6
2013-10-01 16:58 - 2013-10-01 16:58 - 98689490 _____ C:\WINDOWS\system32\聪頦咼6
2013-10-01 16:23 - 2013-10-01 16:23 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-01 16:23 - 2013-10-01 16:23 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-01 16:23 - 2013-10-01 16:23 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-01 16:23 - 2013-10-01 16:23 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-01 16:23 - 2013-10-01 16:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-09-30 04:58 - 2013-09-30 16:58 - 98602865 _____ C:\WINDOWS\system32\㖼ꇗ咼6
2013-09-29 16:45 - 2013-10-02 16:45 - 00000292 _____ C:\WINDOWS\Tasks\ExpressBurnReminder.job
2013-09-28 04:57 - 2013-09-29 10:57 - 98466785 _____ C:\WINDOWS\system32\촤⥊咼6
2013-09-27 16:57 - 2013-09-27 16:57 - 98372650 _____ C:\WINDOWS\system32\᪑⵲咼6
2013-09-26 16:56 - 2013-09-26 16:56 - 98009570 _____ C:\WINDOWS\system32\பꧦ咼6
2013-09-26 04:57 - 2013-09-26 10:56 - 97961477 _____ C:\WINDOWS\system32\㫃隿咼6
2013-09-25 22:09 - 2013-09-25 22:09 - 97892804 _____ C:\WINDOWS\system32\룽궑咼6
2013-09-25 16:00 - 2013-09-25 16:00 - 97858179 _____ C:\WINDOWS\system32\㥤寄咼6
2013-09-24 22:01 - 2013-09-25 10:00 - 97787360 _____ C:\WINDOWS\system32\咼6
2013-09-23 17:12 - 2013-09-23 17:12 - 98798431 _____ C:\WINDOWS\system32\薅羴咼6
2013-09-22 16:28 - 2013-09-22 16:28 - 00000817 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Express Burn.lnk
2013-09-22 16:28 - 2013-09-22 16:28 - 00000811 _____ C:\Documents and Settings\All Users\Desktop\Express Burn.lnk
2013-09-22 16:28 - 2013-09-22 16:28 - 00000777 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Prism Video File Converter.lnk
2013-09-22 16:28 - 2013-09-22 16:28 - 00000771 _____ C:\Documents and Settings\All Users\Desktop\Prism Video File Converter.lnk
2013-09-22 16:27 - 2013-09-22 16:27 - 00000751 _____ C:\Documents and Settings\All Users\Start Menu\Programs\MixPad.lnk
2013-09-22 16:27 - 2013-09-22 16:27 - 00000745 _____ C:\Documents and Settings\All Users\Desktop\MixPad.lnk
2013-09-22 16:26 - 2013-09-27 22:48 - 00000789 _____ C:\Documents and Settings\All Users\Start Menu\Programs\WavePad Sound Editor.lnk
2013-09-22 16:26 - 2013-09-27 22:48 - 00000783 _____ C:\Documents and Settings\All Users\Desktop\WavePad Sound Editor.lnk
2013-09-22 16:25 - 2013-09-29 16:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NCH Software
2013-09-22 16:24 - 2013-09-29 16:28 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\NCH Software
2013-09-22 16:24 - 2013-09-28 21:31 - 00000000 ____D C:\Program Files\NCH Software
2013-09-22 16:24 - 2013-09-22 16:24 - 00000793 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Switch Sound File Converter.lnk
2013-09-22 16:24 - 2013-09-22 16:24 - 00000787 _____ C:\Documents and Settings\All Users\Desktop\Switch Sound File Converter.lnk
2013-09-22 15:14 - 2013-09-24 16:13 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Spotify
2013-09-22 15:14 - 2013-09-22 15:14 - 00001860 _____ C:\Documents and Settings\Owner\Start Menu\Programs\Spotify.lnk
2013-09-22 15:14 - 2013-09-22 15:14 - 00001854 _____ C:\Documents and Settings\Owner\Desktop\Spotify.lnk
2013-09-22 15:13 - 2013-09-25 15:26 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Spotify
2013-09-22 12:26 - 2013-10-18 17:36 - 00000274 _____ C:\WINDOWS\Tasks\JetCleanLoginCheckUpdate.job
2013-09-22 12:26 - 2013-09-22 12:26 - 00000000 ____D C:\Program Files\BlueSprig
2013-09-22 12:26 - 2013-09-22 12:26 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\BlueSprig
2013-09-22 12:26 - 2013-09-22 12:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\JetClean
2013-09-22 05:10 - 2013-09-22 11:10 - 98597466 _____ C:\WINDOWS\system32\뷻Ể咼6
2013-09-19 17:10 - 2013-09-19 17:10 - 98428185 _____ C:\WINDOWS\system32\崮咼6
2013-09-18 19:13 - 2013-09-18 22:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-18 17:42 - 2013-09-18 17:42 - 98201083 _____ C:\WINDOWS\system32\䅑궺咼6
2013-09-18 05:42 - 2013-09-18 11:42 - 98159724 _____ C:\WINDOWS\system32\�咼6

==================== One Month Modified Files and Folders =======

2013-10-18 22:58 - 2013-10-18 22:58 - 00000000 ____D C:\FRST
2013-10-18 22:47 - 2012-01-26 18:39 - 00000978 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1049826726-1173585048-3043808071-1006UA.job
2013-10-18 22:32 - 2010-02-04 20:14 - 00000978 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1049826726-1173585048-3043808071-1003UA.job
2013-10-18 22:27 - 2012-04-04 16:06 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-18 22:09 - 2010-06-14 20:39 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-18 20:37 - 2004-08-26 12:02 - 01669150 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-18 20:32 - 2010-02-04 20:14 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1049826726-1173585048-3043808071-1003Core.job
2013-10-18 18:47 - 2012-01-26 18:39 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1049826726-1173585048-3043808071-1006Core.job
2013-10-18 18:41 - 2012-06-30 15:56 - 00002284 _____ C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
2013-10-18 17:41 - 2013-10-18 17:41 - 101890677 _____ C:\WINDOWS\system32\�L
2013-10-18 17:40 - 2012-02-16 15:51 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Dropbox
2013-10-18 17:39 - 2011-08-01 11:09 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\stickies
2013-10-18 17:36 - 2013-10-08 21:27 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-18 17:36 - 2013-10-08 21:27 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-18 17:36 - 2013-10-08 21:26 - 00032642 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-18 17:36 - 2013-09-22 12:26 - 00000274 _____ C:\WINDOWS\Tasks\JetCleanLoginCheckUpdate.job
2013-10-18 17:36 - 2010-06-14 20:39 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-18 17:36 - 2004-08-26 12:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-18 00:03 - 2004-08-26 12:09 - 00000278 ___SH C:\Documents and Settings\Owner\ntuser.ini
2013-10-18 00:03 - 2004-08-26 12:09 - 00000000 ____D C:\Documents and Settings\Owner
2013-10-18 00:00 - 2010-01-05 17:11 - 00000308 _____ C:\WINDOWS\Tasks\Symantec Drmc.job
2013-10-17 23:27 - 2013-10-17 23:27 - 101748955 _____ C:\WINDOWS\system32\≥.L
2013-10-17 20:04 - 2013-10-08 19:27 - 00003514 _____ C:\Documents and Settings\Owner\Desktop\Rkill.txt
2013-10-17 19:51 - 2013-10-17 19:51 - 00001606 _____ C:\Documents and Settings\Owner\Desktop\RKreport[0]_D_10172013_195158.txt
2013-10-17 19:51 - 2013-10-13 16:13 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\RK_Quarantine
2013-10-17 19:50 - 2013-10-17 19:50 - 00001565 _____ C:\Documents and Settings\Owner\Desktop\RKreport[0]_S_10172013_195047.txt
2013-10-17 18:54 - 2012-02-12 23:38 - 00000000 ____D C:\Qoobox
2013-10-17 17:56 - 2013-10-17 17:56 - 00000826 _____ C:\Documents and Settings\Owner\Desktop\JRT 2.txt
2013-10-17 17:50 - 2013-10-17 17:50 - 00002793 _____ C:\Documents and Settings\Owner\Desktop\JRT 1.txt
2013-10-17 03:08 - 2010-01-05 13:28 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-16 21:55 - 2013-10-16 21:55 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-16 21:45 - 2013-10-16 21:41 - 00000000 ____D C:\AdwCleaner
2013-10-16 17:25 - 2013-10-16 17:25 - 101413064 _____ C:\WINDOWS\system32\㘌곢L
2013-10-16 11:26 - 2013-10-16 11:26 - 101406750 _____ C:\WINDOWS\system32\㕧萷L
2013-10-16 01:36 - 2011-01-06 12:11 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-10-16 01:23 - 2004-08-26 12:01 - 00000000 ____D C:\WINDOWS\Registration
2013-10-14 22:42 - 2004-08-26 12:08 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-10-14 22:18 - 2013-10-14 22:18 - 00024898 _____ C:\ComboFix.txt
2013-10-14 22:18 - 2004-08-26 12:08 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-10-14 22:04 - 2004-08-26 10:12 - 00000227 _____ C:\WINDOWS\system.ini
2013-10-14 17:25 - 2013-10-14 17:25 - 101076544 _____ C:\WINDOWS\system32\肅큕L
2013-10-14 11:24 - 2013-10-14 05:25 - 100910526 _____ C:\WINDOWS\system32\䚮嗢L
2013-10-14 01:27 - 2010-09-06 16:29 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\vlc
2013-10-13 23:31 - 2013-10-13 23:26 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\RK Reports
2013-10-13 23:27 - 2013-10-13 23:27 - 100838232 _____ C:\WINDOWS\system32\✠髝L
2013-10-13 23:14 - 2013-10-13 19:08 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\mbar
2013-10-13 19:11 - 2013-10-13 19:11 - 00105176 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2013-10-13 19:09 - 2013-10-13 16:52 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-10-13 19:07 - 2013-10-13 16:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-10-13 16:54 - 2013-10-13 16:54 - 00105176 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2013-10-12 23:41 - 2010-02-11 23:30 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\BitTorrent
2013-10-12 23:05 - 2010-01-08 18:50 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-10-12 16:53 - 2013-10-12 16:53 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\tdsskiller
2013-10-12 16:51 - 2013-10-12 16:51 - 04101172 _____ C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
2013-10-12 14:53 - 2013-10-12 14:53 - 00029892 _____ C:\Documents and Settings\Owner\Desktop\attach.txt
2013-10-12 14:53 - 2013-10-12 14:53 - 00021904 _____ C:\Documents and Settings\Owner\Desktop\dds.txt
2013-10-11 19:00 - 2012-02-16 15:54 - 00001008 _____ C:\Documents and Settings\Owner\Desktop\Dropbox.lnk
2013-10-11 19:00 - 2012-02-16 15:52 - 00000000 ____D C:\Documents and Settings\Owner\Start Menu\Programs\Dropbox
2013-10-11 18:51 - 2013-10-11 18:51 - 00090112 _____ C:\WINDOWS\Minidump\Mini101113-01.dmp
2013-10-11 18:51 - 2011-12-29 11:32 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-11 17:20 - 2013-10-11 17:20 - 100595853 _____ C:\WINDOWS\system32\钁੔L
2013-10-10 21:48 - 2010-01-25 17:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 21:48 - 2004-08-26 04:54 - 00298848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-10 19:59 - 2010-01-06 11:56 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-10-10 19:56 - 2012-02-29 09:55 - 00000134 _____ C:\WINDOWS\system32\PerfStringBackup.TMP
2013-10-10 19:52 - 2013-10-10 19:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-10 19:52 - 2013-10-09 15:40 - 00005689 _____ C:\WINDOWS\updspapi.log
2013-10-10 19:52 - 2013-10-09 15:38 - 00061833 _____ C:\WINDOWS\FaxSetup.log
2013-10-10 19:52 - 2013-10-09 15:38 - 00029560 _____ C:\WINDOWS\ocgen.log
2013-10-10 19:52 - 2013-10-09 15:38 - 00023595 _____ C:\WINDOWS\tsoc.log
2013-10-10 19:52 - 2013-10-09 15:38 - 00020498 _____ C:\WINDOWS\comsetup.log
2013-10-10 19:52 - 2013-10-09 15:38 - 00012439 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-10 19:52 - 2013-10-09 15:38 - 00009933 _____ C:\WINDOWS\iis6.log
2013-10-10 19:52 - 2013-10-09 15:38 - 00003420 _____ C:\WINDOWS\ocmsn.log
2013-10-10 19:52 - 2013-10-09 15:38 - 00003090 _____ C:\WINDOWS\msgsocm.log
2013-10-10 19:52 - 2013-10-09 15:38 - 00001393 _____ C:\WINDOWS\imsins.log
2013-10-10 19:52 - 2013-10-09 15:37 - 00024216 _____ C:\WINDOWS\setupapi.log
2013-10-10 19:52 - 2013-10-09 05:12 - 00135550 _____ C:\WINDOWS\KB2847311.log
2013-10-10 19:51 - 2013-10-10 19:50 - 00130549 _____ C:\WINDOWS\KB2862335.log
2013-10-10 19:51 - 2013-10-09 15:38 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-10-10 19:50 - 2013-10-10 19:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-10 19:46 - 2013-08-21 03:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-10 19:36 - 2010-01-05 16:27 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-10 19:35 - 2010-06-04 09:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2013-10-10 19:32 - 2013-10-09 15:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-10 19:32 - 2013-10-09 15:47 - 00022420 _____ C:\WINDOWS\KB2868038.log
2013-10-10 19:29 - 2013-10-09 15:39 - 00043496 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-10 19:28 - 2013-10-09 15:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-10 19:27 - 2013-10-09 15:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-10 18:27 - 2012-04-04 16:06 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-10 18:27 - 2011-06-01 12:55 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-10 17:11 - 2012-11-10 12:37 - 00000000 ____D C:\Documents and Settings\Guest
2013-10-10 17:11 - 2012-01-26 08:36 - 00000000 ____D C:\Documents and Settings\Administrator
2013-10-10 17:11 - 2010-01-05 13:11 - 00000000 ____D C:\Documents and Settings\Admin
2013-10-10 17:07 - 2010-01-05 17:41 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Mozilla
2013-10-10 15:59 - 2013-10-10 15:59 - 100332977 _____ C:\WINDOWS\system32\痟㼅L
2013-10-10 15:41 - 2004-08-26 10:12 - 00001170 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-10 15:39 - 2013-10-10 15:40 - 00090112 _____ C:\WINDOWS\Minidump\Mini101013-01.dmp
2013-10-09 15:40 - 2010-01-05 16:38 - 00000000 ____D C:\WINDOWS\ie8updates
2013-10-09 15:38 - 2013-10-09 15:38 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-10-09 15:38 - 2013-10-09 15:38 - 00000000 _____ C:\WINDOWS\setupact.log
2013-10-09 11:30 - 2013-10-09 11:30 - 100163860 _____ C:\WINDOWS\system32\⁡剡L
2013-10-08 21:27 - 2013-10-08 21:27 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2013-10-08 21:26 - 2013-10-08 21:26 - 00090112 _____ C:\WINDOWS\Minidump\Mini100813-01.dmp
2013-10-08 19:39 - 2013-10-08 19:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-10-08 05:27 - 2013-10-07 17:29 - 99859239 _____ C:\WINDOWS\system32\㽇蔘L
2013-10-07 11:08 - 2013-10-06 23:27 - 99717279 _____ C:\WINDOWS\system32\픱踝L
2013-10-06 19:46 - 2010-12-08 23:41 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Nitro PDF
2013-10-06 10:59 - 2013-10-03 04:58 - 99477982 _____ C:\WINDOWS\system32\羥∮咼6
2013-10-03 19:45 - 2004-08-26 12:04 - 00000047 _____ C:\AUTOEXEC.BAT
2013-10-02 16:58 - 2013-10-02 04:58 - 98878632 _____ C:\WINDOWS\system32\땿�咼6
2013-10-02 16:45 - 2013-09-29 16:45 - 00000292 _____ C:\WINDOWS\Tasks\ExpressBurnReminder.job
2013-10-01 16:58 - 2013-10-01 16:58 - 98689490 _____ C:\WINDOWS\system32\聪頦咼6
2013-10-01 16:23 - 2013-10-01 16:23 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-01 16:23 - 2013-10-01 16:23 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-01 16:23 - 2013-10-01 16:23 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-01 16:23 - 2013-10-01 16:23 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-01 16:23 - 2013-10-01 16:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-01 16:23 - 2012-07-30 17:43 - 00868264 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-10-01 16:23 - 2012-02-27 10:22 - 00144896 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-10-01 16:23 - 2011-10-25 09:58 - 00000000 ____D C:\Program Files\Java
2013-10-01 16:23 - 2010-04-15 17:05 - 00790440 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-10-01 16:20 - 2012-02-24 13:06 - 00000366 _____ C:\WINDOWS\Tasks\jucheck.job
2013-09-30 16:58 - 2013-09-30 04:58 - 98602865 _____ C:\WINDOWS\system32\㖼ꇗ咼6
2013-09-29 16:49 - 2010-01-05 14:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB960803_0$
2013-09-29 16:28 - 2013-09-22 16:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NCH Software
2013-09-29 16:28 - 2013-09-22 16:24 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\NCH Software
2013-09-29 10:57 - 2013-09-28 04:57 - 98466785 _____ C:\WINDOWS\system32\촤⥊咼6
2013-09-29 00:01 - 2012-02-14 15:24 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-29 00:01 - 2012-02-14 15:24 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-29 00:01 - 2012-02-14 15:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-09-28 21:31 - 2013-09-22 16:24 - 00000000 ____D C:\Program Files\NCH Software
2013-09-27 22:48 - 2013-09-22 16:26 - 00000789 _____ C:\Documents and Settings\All Users\Start Menu\Programs\WavePad Sound Editor.lnk
2013-09-27 22:48 - 2013-09-22 16:26 - 00000783 _____ C:\Documents and Settings\All Users\Desktop\WavePad Sound Editor.lnk
2013-09-27 16:57 - 2013-09-27 16:57 - 98372650 _____ C:\WINDOWS\system32\᪑⵲咼6
2013-09-26 16:56 - 2013-09-26 16:56 - 98009570 _____ C:\WINDOWS\system32\பꧦ咼6
2013-09-26 10:56 - 2013-09-26 04:57 - 97961477 _____ C:\WINDOWS\system32\㫃隿咼6
2013-09-25 22:09 - 2013-09-25 22:09 - 97892804 _____ C:\WINDOWS\system32\룽궑咼6
2013-09-25 16:00 - 2013-09-25 16:00 - 97858179 _____ C:\WINDOWS\system32\㥤寄咼6
2013-09-25 15:26 - 2013-09-22 15:13 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Spotify
2013-09-25 10:00 - 2013-09-24 22:01 - 97787360 _____ C:\WINDOWS\system32\咼6
2013-09-24 16:13 - 2013-09-22 15:14 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Spotify
2013-09-23 23:36 - 2010-01-05 12:53 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-09-23 23:36 - 2010-01-05 12:53 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2013-09-23 17:12 - 2013-09-23 17:12 - 98798431 _____ C:\WINDOWS\system32\薅羴咼6
2013-09-23 15:24 - 2010-01-19 21:11 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Skype
2013-09-23 12:33 - 2012-06-13 01:39 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2013-09-23 12:33 - 2012-02-15 01:29 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2013-09-23 12:33 - 2012-02-15 01:29 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2013-09-23 12:33 - 2012-02-15 01:29 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2013-09-23 12:33 - 2012-02-15 01:29 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2013-09-23 12:33 - 2012-02-15 01:29 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2013-09-23 12:33 - 2012-02-15 01:29 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2013-09-23 12:33 - 2011-12-18 15:46 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2013-09-23 12:33 - 2010-01-05 12:56 - 01215488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2013-09-23 12:33 - 2010-01-05 12:56 - 01215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-09-23 12:33 - 2010-01-05 12:56 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2013-09-23 12:33 - 2010-01-05 12:56 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-09-23 12:33 - 2010-01-05 12:56 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2013-09-23 12:33 - 2010-01-05 12:56 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2013-09-23 12:33 - 2010-01-05 12:56 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2013-09-23 12:33 - 2010-01-05 12:55 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2013-09-23 12:33 - 2010-01-05 12:55 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2013-09-23 12:33 - 2010-01-05 12:54 - 06017536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2013-09-23 12:33 - 2010-01-05 12:54 - 06017536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-09-23 12:33 - 2010-01-05 12:54 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2013-09-23 12:33 - 2010-01-05 12:54 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2013-09-23 12:33 - 2010-01-05 12:54 - 00067072 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2013-09-23 12:33 - 2010-01-05 12:54 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2013-09-23 12:33 - 2010-01-05 12:54 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2013-09-23 12:33 - 2010-01-05 12:54 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2013-09-23 12:33 - 2010-01-05 12:53 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-09-23 12:33 - 2010-01-05 12:53 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2013-09-23 12:33 - 2010-01-05 12:53 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2013-09-23 12:33 - 2010-01-05 12:53 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2013-09-23 12:33 - 2010-01-05 12:53 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2013-09-23 12:33 - 2010-01-05 12:53 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2013-09-23 12:33 - 2010-01-05 12:53 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-09-23 12:33 - 2010-01-05 12:53 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2013-09-23 12:33 - 2010-01-05 12:52 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2013-09-23 12:33 - 2010-01-05 12:52 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2013-09-23 12:33 - 2009-03-08 05:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-09-23 12:33 - 2009-03-08 05:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-09-23 12:33 - 2009-03-08 05:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-09-23 12:33 - 2009-03-08 05:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2013-09-23 12:06 - 2010-01-05 12:53 - 00385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2013-09-22 21:13 - 2010-01-19 21:06 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2013-09-22 16:28 - 2013-09-22 16:28 - 00000817 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Express Burn.lnk
2013-09-22 16:28 - 2013-09-22 16:28 - 00000811 _____ C:\Documents and Settings\All Users\Desktop\Express Burn.lnk
2013-09-22 16:28 - 2013-09-22 16:28 - 00000777 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Prism Video File Converter.lnk
2013-09-22 16:28 - 2013-09-22 16:28 - 00000771 _____ C:\Documents and Settings\All Users\Desktop\Prism Video File Converter.lnk
2013-09-22 16:27 - 2013-09-22 16:27 - 00000751 _____ C:\Documents and Settings\All Users\Start Menu\Programs\MixPad.lnk
2013-09-22 16:27 - 2013-09-22 16:27 - 00000745 _____ C:\Documents and Settings\All Users\Desktop\MixPad.lnk
2013-09-22 16:24 - 2013-09-22 16:24 - 00000793 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Switch Sound File Converter.lnk
2013-09-22 16:24 - 2013-09-22 16:24 - 00000787 _____ C:\Documents and Settings\All Users\Desktop\Switch Sound File Converter.lnk
2013-09-22 15:14 - 2013-09-22 15:14 - 00001860 _____ C:\Documents and Settings\Owner\Start Menu\Programs\Spotify.lnk
2013-09-22 15:14 - 2013-09-22 15:14 - 00001854 _____ C:\Documents and Settings\Owner\Desktop\Spotify.lnk
2013-09-22 12:26 - 2013-09-22 12:26 - 00000000 ____D C:\Program Files\BlueSprig
2013-09-22 12:26 - 2013-09-22 12:26 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\BlueSprig
2013-09-22 12:26 - 2013-09-22 12:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\JetClean
2013-09-22 11:10 - 2013-09-22 05:10 - 98597466 _____ C:\WINDOWS\system32\뷻Ể咼6
2013-09-19 17:10 - 2013-09-19 17:10 - 98428185 _____ C:\WINDOWS\system32\崮咼6
2013-09-19 05:06 - 2012-06-17 14:30 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-18 22:11 - 2013-09-18 19:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-18 17:42 - 2013-09-18 17:42 - 98201083 _____ C:\WINDOWS\system32\䅑궺咼6
2013-09-18 11:42 - 2013-09-18 05:42 - 98159724 _____ C:\WINDOWS\system32\�咼6

Files to move or delete:
====================
C:\Documents and Settings\Admin\ConfigSQLPorts.bat
C:\Documents and Settings\Admin\SetupSqlServerPort.bat


Some content of TEMP:
====================
C:\Documents and Settings\Admin\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Owner\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\Owner\Local Settings\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Owner at 2013-10-18 23:01:15
Running from Z:\Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

7-Zip 9.20
Acer System Information (Version: 1.0.0)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Adobe Shockwave Player 11.6 (Version: 11.6.6.636)
Advanced IP Scanner (Version: 2.1.200)
Akamai NetSession Interface
Amazon MP3 Downloader 1.0.12 (Version: 1.0.12)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Application Verifier (Version: 4.1.1078)
ArcSoft Software Suite
ASAP Utilities (Version: 4.8.0)
Audacity 1.2.6
Auslogics Disk Defrag (Version: version 3.4)
Auslogics Duplicate File Finder (Version: version 2.2)
Avira Free Antivirus (Version: 13.0.0.4052)
BackRex Internet Explorer Backup (Version: 2.8)
Belarc Advisor 8.3 (Version: 8.3.2.0)
Beyond Compare Version 2.5.2
Big Fish Games: Game Manager (Version: 3.0.1.60)
BitTorrent (Version: 7.6.1)
Bonjour (Version: 3.0.0.10)
Brain Workshop 4.8.1 (Version: 4.8.1)
Build-a-lot
ccCommon (Version: 103.0.2.10)
ContextConsole Shell Extension (x86-32) (Version: 2.1.0.1)
ConvertHelper 2.2
CPUID CPU-Z 1.58
CrystalDiskInfo 4.2.0a (Version: 4.2.0a)
CutePDF Writer 2.8
Data Toolbar 2.3.2 (Version: 2.3.2)
Debugging Tools for Windows (x86) (Version: 6.12.2.633)
Digital Media Reader (Version: 1.13)
Dropbox (HKCU Version: 2.4.2)
DVD or CD Sharing (Version: 1.0.1.4)
DVD Solution
DzSoft Favorites Search 2.1 (Version: 2.1)
Express Burn
FastStone Capture 7.3 (Version: 7.3)
FastStone Image Viewer 4.2 (Version: 4.2)
File Shredder 2.0
FileOpenPatcher
FileWizard
FreshDiagnose
GE98067 98756 and 98046 MiniCam Pro (Version: 5.18.0.105)
Google Chrome (HKCU Version: 30.0.1599.101)
Google Desktop (Version: 5.9.1005.12335)
Google Talk Plugin (Version: 4.7.0.15362)
Google Update Helper (Version: 1.3.21.165)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HP Product Detection (Version: 10.7.8.0)
HP Product Detection (Version: 11.15.0007)
HWiNFO32 Version 3.93 (Version: 3.93)
HxD Hex Editor version 1.7.7.0 (Version: 1.7.7.0)
Image Resizer Powertoy Clone for Windows (Version: 2.1)
Index.dat Analyzer v2.5 (Version: 2.5)
Internet Explorer (Enable DEP)
iTunes (Version: 11.0.4.4)
Java 7 Update 40 (Version: 7.0.400)
Java Auto Updater (Version: 2.1.9.8)
Java(TM) 6 Update 31 (Version: 6.0.310)
JavaFX 2.1.1 (Version: 2.1.1)
JetClean (Version: 1.5.0)
Karen's Directory Printer (Version: 5.3.0.2)
Karen's Registry Pruner
LAME v3.98.3 for Audacity
LiveReg (Symantec Corporation) (Version: 3.0.0)
LiveUpdate 2.5 (Symantec Corporation) (Version: 2.5.55.0)
Local Port Scanner v1.2.2
Log Parser 2.2 (Version: 2.2.10)
Magical Jelly Bean KeyFinder (Version: 2.0.8.2)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Media Converter for Philips (Version: 2.5.2.200)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Bootvis (Version: 1.3.37)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft IntelliPoint 7.1 (Version: 7.10.344.0)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Office 2003 Primary Interop Assemblies (Version: 11.0.6553.0)
Microsoft Office 2003 Resource Kit (Version: 11.0.5614.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access database engine 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Converter Pack (Version: 11.0.0.0)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Communications Server 2005 SP1 Resource Kit (Version: 2.0.5740.140)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Outlook Personal Folders Backup (Version: 1.10.0.0)
Microsoft Report Viewer Redistributable 2005
Microsoft Report Viewer Redistributable 2005 (Version: 8.0.50727.42)
Microsoft Report Viewer Redistributable 2005 (Version: 8.0.56405)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2008 R2 Native Client (Version: 10.52.4000.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic PowerPacks 1.2 (Version: 9.0.30729)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Windows Performance Toolkit (Version: 4.8.0)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.7600.0.30514)
Microsoft Windows SDK for Windows 7 Common Utilities (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Samples (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) (Version: 7.1.30514)
Microsoft Windows SDK Intellisense and Reference Assemblies (30514) (Version: 7.1.30514)
Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514) (Version: 7.1.30514)
MixPad (Version: 3.43)
Module for JSON Format (Version: 1.0)
Morefunc
MozBackup 1.4.10
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MRU-Blaster v1.5 (Database 3/28/2004) (Version: 1.5)
MSRedist (Version: 1.0.0.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Multimedia Keyboard Driver
NirSoft BlueScreenView
Nitro Reader 2 (Version: 2.1.1.4)
Norton GoBack 4.02 (Symantec Corporation) (Version: 4.02.309)
Norton SystemWorks (Version: 1.0.0)
Norton SystemWorks 2005 (Symantec Corporation) (Version: 8.00.99)
Norton SystemWorks 2005 (Version: 8.02.6)
NSW_DRM_COLLECTION (Version: 1.0.0)
NVIDIA Control Panel 307.83 (Version: 307.83)
NVIDIA Drivers (Version: 1.10.57.35)
NVIDIA Graphics Driver 307.83 (Version: 307.83)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA nView 136.53 (Version: 136.53)
NVIDIA nView Desktop Manager (Version: 6.14.10.00)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OGPlanet Game Launcher (Version: 1.0.0)
Outlook Times Addin 1.1
OutlookTools 2 (Version: 2.3.0)
OutWit Hub 3.0.4.31 (x86 en-US) (Version: 3.0.4.31)
Pale Moon 12.2 (x86 en-US) (Version: 12.2)
Pando Media Booster (Version: 2.6.0.6)
PandoraRecovery (Remove Only)
PDFill FREE PDF Tools (Version: 9.0)
Power2Go 4.0
PowerDVD
PowerISO (Version: 4.7)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
Prism Video File Converter (Version: 2.01)
QuickTime (Version: 7.69.80.9)
Real Estate Finance and Investments
Realtek High Definition Audio Driver (Version: 5.10.0.6873)
RegToy 0.7.4.1 (HKCU Version: 0.7.4.1)
Revo Uninstaller 1.94 (Version: 1.94)
SA32xx Device Manager (Version: 01.01.02.1030)
SIW version 2011.05.26 (Version: 2011.05.26)
Skype web features (Version: 1.0.3971)
Skype™ 6.6 (Version: 6.6.106)
SlimDrivers (Version: 2.2.30877)
Spotify (HKCU Version: 0.9.4.169.gc0399df6)
Stickies 7.1a
Switch Sound File Converter (Version: 4.50)
swMSM (Version: 12.0.0.1)
System Requirements Lab
Tiny Time Tracker
TreeSize Free V2.5 (Version: 2.5)
Tweak UI
TweakGDS version 1.1.3
Twebst Automation Studio (Version: 2.7)
UltiDev Web Server Pro (Version: 2.0.14)
Uninstall Startup Inspector
Universal Extractor 1.6.1 (Version: 1.6.1)
Universal Viewer
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB953356) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
V CAST Music with Rhapsody
VirtualLab Client 5.7.5
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.30729)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (Version: 1)
VLC media player 2.0.8 (Version: 2.0.8)
W Photo Studio (Version: 1.0.0.143)
WavePad Sound Editor (Version: 5.55)
WebFldrs XP (Version: 9.50.7523)
What's Running 3.0 (Version: 3.0)
Windows Backup Utility (Version: 5.1)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows SDK IntellisenseNFX (Version: 7.1.30514)
Windows XP Service Pack 3 (Version: 20080414.031525)
Yu-Gi-Oh! ONLINE 3 (Version: 1.00.3000)

==================== Restore Points =========================

12-09-2013 21:32:18 Software Distribution Service 3.0
12-09-2013 21:42:13 Software Distribution Service 3.0
12-09-2013 22:34:30 Software Distribution Service 3.0
12-09-2013 23:02:14 Software Distribution Service 3.0
13-09-2013 09:01:12 Software Distribution Service 3.0
14-09-2013 09:01:13 Software Distribution Service 3.0
15-09-2013 09:51:42 System Checkpoint
16-09-2013 09:53:40 System Checkpoint
17-09-2013 10:53:35 System Checkpoint
18-09-2013 11:10:30 System Checkpoint
19-09-2013 12:09:42 System Checkpoint
20-09-2013 12:38:09 System Checkpoint
21-09-2013 13:23:38 System Checkpoint
22-09-2013 14:23:41 System Checkpoint
23-09-2013 14:57:35 System Checkpoint
25-09-2013 04:33:56 System Checkpoint
26-09-2013 17:42:21 System Checkpoint
27-09-2013 18:10:58 System Checkpoint
28-09-2013 18:15:59 System Checkpoint
29-09-2013 18:25:59 System Checkpoint
30-09-2013 18:33:10 System Checkpoint
01-10-2013 19:33:13 System Checkpoint
01-10-2013 22:22:55 Removed Java 7 Update 25
02-10-2013 23:33:21 System Checkpoint
03-10-2013 23:41:39 System Checkpoint
05-10-2013 00:28:47 System Checkpoint
06-10-2013 00:33:30 System Checkpoint
07-10-2013 02:53:23 System Checkpoint
08-10-2013 06:45:10 System Checkpoint
09-10-2013 21:18:32 Software Distribution Service 3.0
10-10-2013 22:12:08 Software Distribution Service 3.0
10-10-2013 22:21:48 Restore Operation
10-10-2013 22:56:43 Restore Operation
12-10-2013 11:00:18 System Checkpoint
13-10-2013 09:00:31 Software Distribution Service 3.0
13-10-2013 22:21:23 Before mbam
13-10-2013 22:50:42 before mbar
14-10-2013 23:04:15 System Checkpoint
15-10-2013 02:15:09 Before combofix
16-10-2013 02:55:48 System Checkpoint
17-10-2013 03:10:43 System Checkpoint
17-10-2013 09:00:19 Software Distribution Service 3.0
19-10-2013 02:54:49 System Checkpoint

==================== Hosts content: ==========================

2010-01-05 12:53 - 2013-10-13 16:49 - 00000741 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\ExpressBurnReminder.job => C:\Program Files\NCH Software\ExpressBurn\expressburn.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1049826726-1173585048-3043808071-1003Core.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1049826726-1173585048-3043808071-1003UA.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1049826726-1173585048-3043808071-1006Core.job => C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1049826726-1173585048-3043808071-1006UA.job => C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\JetCleanLoginCheckUpdate.job => C:\Program Files\BlueSprig\JetClean\AutoUpdate.exe
Task: C:\WINDOWS\Tasks\jucheck.job => C:\Program Files\Common Files\Java\Java Update\jucheck.exe
Task: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job => C:\Program Files\Microsoft IntelliPoint\ipoint.exe
Task: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job => C:\Program Files\Microsoft IntelliType Pro\itype.exe
Task: C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job => C:\Program Files\Norton SystemWorks\OBC.exe
Task: C:\WINDOWS\Tasks\Symantec Drmc.job => C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe
Task: C:\WINDOWS\Tasks\Symantec NetDetect.job => C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

==================== Loaded Modules (whitelisted) =============

2012-01-04 18:19 - 2009-11-05 09:39 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2010-12-01 11:09 - 2009-12-20 19:42 - 00176235 _____ () C:\WINDOWS\system32\Primomonnt.dll
2013-04-01 17:22 - 2013-04-01 17:12 - 00397704 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2011-11-17 14:30 - 2009-02-17 05:15 - 00090624 _____ () C:\Program Files\RegToy\KyNam.Interop.dll
2011-11-17 14:30 - 2009-02-17 05:15 - 00466944 _____ () C:\Program Files\RegToy\KyNam.dll
2011-05-19 22:15 - 1999-12-31 18:00 - 00357224 ____C () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-05 12:52 - 2008-04-13 18:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2010-01-05 12:54 - 2008-04-13 18:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2010-01-20 13:33 - 2010-06-22 15:54 - 00034816 _____ () C:\Program Files\Google\Google Desktop Search\gzlib.dll
2010-01-05 13:43 - 2003-05-16 21:09 - 00011776 _____ () C:\WINDOWS\HIDMNT.dll
2010-01-05 13:43 - 2001-07-02 21:36 - 00024576 _____ () C:\WINDOWS\HKNTDLL.dll
2013-04-28 21:57 - 2009-12-15 11:27 - 00135168 _____ () C:\Program Files\Philips\SA32xx Device Manager\Scsi_nt.dll
2013-03-13 14:48 - 2013-03-13 14:48 - 24978944 _____ () C:\Documents and Settings\Owner\Application Data\Dropbox\bin\libcef.dll
2011-08-01 11:09 - 2011-08-17 18:05 - 00049152 _____ () C:\Program Files\Stickies\shook70.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/18/2013 00:03:03 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator.


DETAIL - Insufficient system resources exist to complete the requested service.

Error: (10/17/2013 10:40:06 PM) (Source: Application Error) (User: )
Description: Faulting application otl.exe, version 3.2.69.0, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x00012fd3.
Processing media-specific event for [otl.exe!ws!]

Error: (10/17/2013 08:05:47 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator.


DETAIL - Insufficient system resources exist to complete the requested service.

Error: (10/17/2013 08:05:40 PM) (Source: Application Error) (User: )
Description: Faulting application otl.exe, version 3.2.69.0, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x00012fd3.
Processing media-specific event for [otl.exe!ws!]

Error: (10/17/2013 08:05:27 PM) (Source: Application Error) (User: )
Description: Faulting application otl(1).exe, version 3.2.69.0, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x00012fd3.
Processing media-specific event for [otl(1).exe!ws!]

Error: (10/17/2013 07:52:58 PM) (Source: Application Error) (User: )
Description: Faulting application otl.exe, version 3.2.69.0, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x00012fd3.
Processing media-specific event for [otl.exe!ws!]

Error: (10/17/2013 07:52:47 PM) (Source: Application Error) (User: )
Description: Faulting application otl.exe, version 3.2.69.0, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x00012fd3.
Processing media-specific event for [otl.exe!ws!]

Error: (10/17/2013 07:48:15 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (10/17/2013 07:48:15 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (10/17/2013 07:48:15 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (10/18/2013 05:36:43 PM) (Source: Service Control Manager) (User: )
Description: The vtigercrmMysql540 service failed to start due to the following error:
%%3

Error: (10/18/2013 05:36:43 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (10/17/2013 08:08:28 PM) (Source: Service Control Manager) (User: )
Description: The vtigercrmMysql540 service failed to start due to the following error:
%%3

Error: (10/17/2013 08:08:28 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (10/17/2013 08:05:37 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/17/2013 08:05:36 PM) (Source: Service Control Manager) (User: )
Description: The Symantec Core LC service terminated unexpectedly. It has done this 1 time(s).

Error: (10/17/2013 08:05:36 PM) (Source: Service Control Manager) (User: )
Description: The PrismXL service terminated unexpectedly. It has done this 1 time(s).

Error: (10/17/2013 08:05:36 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

Error: (10/17/2013 08:05:36 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/17/2013 08:05:36 PM) (Source: Service Control Manager) (User: )
Description: The GoBack Polling Service service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (07/05/2013 03:55:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 88 seconds with 60 seconds of active time. This session ended with a crash.

Error: (09/13/2012 09:33:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 897 seconds with 300 seconds of active time. This session ended with a crash.

Error: (02/05/2012 10:15:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 989 seconds with 60 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 52%
Total physical RAM: 1407.3 MB
Available physical RAM: 665.12 MB
Total Pagefile: 5482.03 MB
Available Pagefile: 4677.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1949.92 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:49.1 GB) (Free:6.36 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive I: (GoBack) (Fixed) (Total:26.06 GB) (Free:13.32 GB) NTFS
Drive z: (Docs) (Fixed) (Total:73.88 GB) (Free:22.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 0 byte) (Disk ID: 4B36BDEA)
Partition 1: (Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=OF Extended)

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    1.2 KB · Views: 1
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-10-2013
Ran by Owner at 2013-10-19 20:21:18 Run:1
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Toolbar: HKLM - No Name - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Applica
CHR Plugin: (Screen Capture Plugin) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.6_0\plugins/screen_capture.dll No File
CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Nexon Game Controller) - C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
C:\Documents and Settings\Admin\ConfigSQLPorts.bat
C:\Documents and Settings\Admin\SetupSqlServerPort.bat

*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} => Value deleted successfully.
HKCR\CLSID\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Applica not found.
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.6_0\plugins/screen_capture.dll not found.
C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll not found.
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll not found.
C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll not found.
C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found.
C:\Documents and Settings\Admin\ConfigSQLPorts.bat => Moved successfully.
C:\Documents and Settings\Admin\SetupSqlServerPort.bat => Moved successfully.

==== End of Fixlog ====
 
Good.

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Results of screen317's Security Check version 0.99.74
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Free Antivirus
ESET Online Scanner v3
Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
JavaFX 2.1.1
Java(TM) 6 Update 31
Java 7 Update 40
Adobe Flash Player 11.9.900.117
Adobe Reader 10.1.8 Adobe Reader out of Date!
Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 22% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 20-10-2013
Ran by Owner (administrator) on 20-10-2013 at 17:13:21
Running from "C:\Documents and Settings\Owner\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0C0000000400000001000000020000000300000008000000090000000C0000000500000006000000070000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****

ESET Threat Found
C:\Documents and Settings\Owner\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\17\16d7f191-6c4fe498 Java/Exploit.CVE-2012-0507.DI trojan cleaned by deleting - quarantined
 
1. Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

=================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/
Windows 8: http://www.bleepingcomputer.com/tutorials/windows-8-system-restore-guide/#disable

2. Make sure Windows Updates are current.

3. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

12. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

13. Please, let me know, how your computer is doing.
 
You must log in or register to reply here.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
Nicki
Solved Must have picked up something... some COVID computer variant???
Replies
9
Views
3K
Broni
Broni
R
Solved Data Hijacking, Help Please
2
Replies
37
Views
5K
Broni
Broni

Latest posts

Back