Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS and Combofix freeze computer - now what???


  • This topic is locked This topic is locked
30 replies to this topic

#1 dansmail26

dansmail26

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 26 November 2013 - 03:45 PM

I know, I shouldn't have run combofix w/o permission but...

I have run malwarebytes, kaspersky security scan, ms security essentials, cccleaner, tdss killer, malwarebytes anti rootkit and superanti-spyware successfully.  Nothing was found on any of these scans.

Computer seems slow, DDS runs until about 7/8 (of the progrss bar) is done then freezes the computer, Combofix runs until the 'scanning files' message comes up then the computer freezes, and system restore keeps failing.

Here's the results of security check-

 

 

Mod Edit:  Removed content duplicated in merged post below - Hamluis.


Edited by hamluis, 29 November 2013 - 01:22 PM.


BC AdBot (Login to Remove)

 


#2 dansmail26

dansmail26
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 26 November 2013 - 09:03 PM

I ran hijackthis -

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:01:29 PM, on 11/26/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

FIREFOX: 25.0.1 (en-US)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [AgentMonitor] C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [KSS] "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Kaspersky Security Scan Service (KSS) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\pev.3XE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7052 bytes
 



#3 dansmail26

dansmail26
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 29 November 2013 - 11:12 AM

(I started an earlier thread but added a reply instead of an 'edit' with additional data, so I am doing it the correct way now.  Here's the original  http://www.bleepingcomputer.com/forums/t/515489/dds-and-combofix-freeze-computer-now-what/

 

I know, I shouldn't have run combofix w/o permission but...

I have run malwarebytes, kaspersky security scan, ms security essentials, cccleaner, tdss killer, malwarebytes anti rootkit and superanti-spyware successfully.  Nothing was found on any of these scans.

Computer seems slow, DDS runs until about 7/8 (of the progrss bar) is done then freezes the computer, Combofix runs until the 'scanning files' message comes up then the computer freezes, and system restore keeps failing.

Here's the results of security check-

 

 

Results of screen317's Security Check version 0.99.77  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
M
i
c
r
o
s
o
f
t
ECHO is off.
S
e
c
u
r
i
t
y
ECHO is off.
E
s
e
n
t
i
a
l
s
ECHO is off.
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Adobe Flash Player     11.9.900.117  
 Adobe Reader XI  
 Mozilla Firefox (25.0.1)
 Google Chrome 31.0.1650.48  
 Google Chrome 31.0.1650.57  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 34% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

Here's the results of farbar---

Farbar Service Scanner Version: 23-11-2013
Ran by owner (administrator) on 26-11-2013 at 15:40:49
Running from "C:\Documents and Settings\owner\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2012-08-17 20:57] - [2012-08-17 20:57] - 0361600 ____A (Microsoft Corporation) 51E41F16ACD80B8B39C0AE703A213F09

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2013-04-18 08:28] - [2012-08-17 20:58] - 0023064 ____A (Microsoft Corporation) 37E17DF31E2883F394FABFBC93AC3069

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000030000000900000005000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

 

 

Here's the result of mini tool box----------

MiniToolBox by Farbar  Version: 13-07-2013
Ran by owner (administrator) on 26-11-2013 at 15:44:42
Running from "C:\Documents and Settings\owner\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1       localhost

========================= IP Configuration: ================================

Dell Wireless 1370 WLAN Mini-PCI Card = Wireless Network Connection (Connected)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : owner-ed916ff3c

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

        Physical Address. . . . . . . . . : 00-12-3F-1F-48-0B



Ethernet adapter Wireless Network Connection:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Dell Wireless 1370 WLAN Mini-PCI Card

        Physical Address. . . . . . . . . : 00-14-A4-18-FE-6A

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.0.103

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.0.1

        DHCP Server . . . . . . . . . . . : 192.168.0.1

        DNS Servers . . . . . . . . . . . : 192.168.0.1

        Lease Obtained. . . . . . . . . . : Tuesday, November 26, 2013 3:19:36 PM

        Lease Expires . . . . . . . . . . : Tuesday, November 26, 2013 5:19:36 PM

Server:  UnKnown
Address:  192.168.0.1

Name:    google.com
Addresses:  74.125.225.142, 74.125.225.128, 74.125.225.129, 74.125.225.130
      74.125.225.131, 74.125.225.132, 74.125.225.133, 74.125.225.134, 74.125.225.135
      74.125.225.136, 74.125.225.137



Pinging google.com [74.125.225.72] with 32 bytes of data:



Reply from 74.125.225.72: bytes=32 time=27ms TTL=53

Reply from 74.125.225.72: bytes=32 time=29ms TTL=53



Ping statistics for 74.125.225.72:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 27ms, Maximum = 29ms, Average = 28ms

Server:  UnKnown
Address:  192.168.0.1

Name:    yahoo.com
Addresses:  206.190.36.45, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=56ms TTL=49

Reply from 98.139.183.24: bytes=32 time=132ms TTL=49



Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 56ms, Maximum = 132ms, Average = 94ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 12 3f 1f 48 0b ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
0x3 ...00 14 a4 18 fe 6a ...... Dell Wireless 1370 WLAN Mini-PCI Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1   192.168.0.103      25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.0.0    255.255.255.0    192.168.0.103   192.168.0.103      25
    192.168.0.103  255.255.255.255        127.0.0.1       127.0.0.1      25
    192.168.0.255  255.255.255.255    192.168.0.103   192.168.0.103      25
        224.0.0.0        240.0.0.0    192.168.0.103   192.168.0.103      25
  255.255.255.255  255.255.255.255    192.168.0.103               2      1
  255.255.255.255  255.255.255.255    192.168.0.103   192.168.0.103      1
Default Gateway:       192.168.0.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/26/2013 00:25:11 PM) (Source: UserInit) (User: )
Description: Could not execute the following script C:\Program Files\Bitdefender\Bitdefender 2013\support.exe. The system cannot find the file specified.
.

Error: (11/26/2013 00:15:46 PM) (Source: UserInit) (User: )
Description: Could not execute the following script C:\Program Files\Bitdefender\Bitdefender 2013\support.exe. The system cannot find the file specified.
.

Error: (11/26/2013 11:49:10 AM) (Source: UserInit) (User: )
Description: Could not execute the following script C:\Program Files\Bitdefender\Bitdefender 2013\support.exe. The system cannot find the file specified.
.

Error: (11/25/2013 02:55:06 PM) (Source: Application Error) (User: )
Description: Faulting application waol.exe, version 9.7.1.1, faulting module manager.dll, version 9.7.1.1, fault address 0x0006b630.
Processing media-specific event for [waol.exe!ws!]

Error: (11/24/2013 06:37:55 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 25.0.1.5064, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/24/2013 06:06:08 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (11/24/2013 04:32:31 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.4.304.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (11/24/2013 04:32:18 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.4.304.0, P3 timeout, P4 1.1.10100.0, P5 fixed, P6 1 _ 1024, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (11/23/2013 05:51:50 PM) (Source: UserInit) (User: )
Description: Could not execute the following script C:\Program Files\Bitdefender\Bitdefender 2013\support.exe. The system cannot find the file specified.
.

Error: (11/23/2013 05:18:27 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.4.304.0, P3 timeout, P4 1.1.10100.0, P5 fixed, P6 1 _ 1024, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.


System errors:
=============
Error: (11/26/2013 00:29:59 PM) (Source: DCOM) (User: OWNER-ED916FF3C)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (11/26/2013 00:28:42 PM) (Source: DCOM) (User: OWNER-ED916FF3C)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/26/2013 00:28:24 PM) (Source: DCOM) (User: OWNER-ED916FF3C)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/26/2013 00:28:22 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
EUDSKACS
EUFDDISK
Fips
intelppm
IPSec
MpFilter
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip
WS2IFSL

Error: (11/26/2013 00:28:22 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Error: (11/26/2013 00:28:22 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31

Error: (11/26/2013 00:28:22 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (11/26/2013 00:28:22 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31

Error: (11/26/2013 00:28:07 PM) (Source: DCOM) (User: OWNER-ED916FF3C)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (11/26/2013 00:28:05 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (11/26/2013 00:25:11 PM) (Source: UserInit)(User: )
Description: C:\Program Files\Bitdefender\Bitdefender 2013\support.exeThe system cannot find the file specified.

Error: (11/26/2013 00:15:46 PM) (Source: UserInit)(User: )
Description: C:\Program Files\Bitdefender\Bitdefender 2013\support.exeThe system cannot find the file specified.

Error: (11/26/2013 11:49:10 AM) (Source: UserInit)(User: )
Description: C:\Program Files\Bitdefender\Bitdefender 2013\support.exeThe system cannot find the file specified.

Error: (11/25/2013 02:55:06 PM) (Source: Application Error)(User: )
Description: waol.exe9.7.1.1manager.dll9.7.1.10006b630

Error: (11/24/2013 06:37:55 PM) (Source: Application Hang)(User: )
Description: firefox.exe25.0.1.5064hungapp0.0.0.000000000

Error: (11/24/2013 06:06:08 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (11/24/2013 04:32:31 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry2152759308unspecifiedscanfile4.4.304.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (11/24/2013 04:32:18 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.4.304.0timeout1.1.10100.0fixed1 _ 10245 _ not bootNILNILNIL

Error: (11/23/2013 05:51:50 PM) (Source: UserInit)(User: )
Description: C:\Program Files\Bitdefender\Bitdefender 2013\support.exeThe system cannot find the file specified.

Error: (11/23/2013 05:18:27 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.4.304.0timeout1.1.10100.0fixed1 _ 10245 _ not bootNILNILNIL


=========================== Installed Programs ============================

µTorrent (Version: 3.3.0.29677)
7-Zip 9.20
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Adobe Shockwave Player 12.0 (Version: 12.0.3.133)
ALPS Touch Pad Driver
AOL Uninstaller (Choose which Products to Remove)
AVEO UVC Like Driver (Version: 2.7.0.0)
Broadcom Gigabit Integrated Controller (Version: 7.53.02)
CCleaner (Version: 4.07)
C-Major Audio (Version: 42xx)
Conexant D110 MDC V.92 Modem
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Wireless WLAN Card
EaseUS Todo Backup Advanced Server 5.8 (Version: 5.8)
Google Chrome (Version: 31.0.1650.57)
Google Update Helper (Version: 1.3.21.165)
Intel® Graphics Media Accelerator Driver for Mobile
ISO Recorder (Version: 2.0.0)
Kaspersky Security Scan (Version: 12.0.1.340)
LeapFrog Connect (Version: 5.1.5.17469)
LeapFrog LeapPad Explorer Plugin (Version: 5.1.10.17623)
Learning Lodge™
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.7015.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
PDFCreator (Version: 1.7.0)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 6.10 (Version: 6.10.104)
SUPERAntiSpyware (Version: 5.6.1020)
swMSM (Version: 12.0.0.1)
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 2.00.0000)
TIPCI (Version: 2.00.0000)
Tixati
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
VLC media player 2.1.0 (Version: 2.1.0)
VTech Download Agent Library (Version: 1.00.0000)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Yahoo! Messenger

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 60%
Total physical RAM: 1015.36 MB
Available physical RAM: 398.76 MB
Total Pagefile: 2442.43 MB
Available Pagefile: 1704.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.7 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:37.26 GB) (Free:2.1 GB) NTFS

========================= Users: ========================================

User accounts for \\OWNER-ED916FF3C

Administrator            ASPNET                   Guest                    
HelpAssistant            owner                    SUPPORT_388945a0         


**** End of log ****

 

Mod Edit:  Removed duplicate data previously submitted (HJT log) - Hamluis.


Edited by hamluis, 29 November 2013 - 01:28 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:39 AM

Posted 01 December 2013 - 10:43 AM

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
==============

#5 dansmail26

dansmail26
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 01 December 2013 - 10:54 AM

Thanks for helping -

 

RogueKiller V8.7.9 [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : owner [Admin rights]
Mode : Remove -- Date : 12/01/2013 10:53:17
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK4032GAX +++++
--- User ---
[MBR] f594a13de5003b69bb7d9086cd816d31
[BSP] 463175cfdfd327166c24b54013f3357b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38154 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_12012013_105317.txt >>
RKreport[0]_S_12012013_105248.txt


 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:39 AM

Posted 02 December 2013 - 07:40 AM

Lets check further.

Download OTL to your desktop.
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.

OTL_Main_Tutorial.gif
  • Select All Users.
  • Under the Custom Scan box paste this text in bold in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT


Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs DO NOT ATTACH THEM.
===

#7 dansmail26

dansmail26
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 02 December 2013 - 09:34 AM

OTL logfile created on: 12/2/2013 9:39:32 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1015.36 Mb Total Physical Memory | 549.86 Mb Available Physical Memory | 54.15% Memory free
2.39 Gb Paging File | 1.83 Gb Available in Paging File | 76.68% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 2.31 Gb Free Space | 6.21% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-ED916FF3C | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/12/02 09:18:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
PRC - [2013/11/25 09:00:50 | 005,717,272 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/07/23 16:03:50 | 000,103,936 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2013/07/23 15:39:14 | 007,391,232 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2013/06/20 02:58:03 | 000,391,040 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
PRC - [2013/05/07 17:36:35 | 000,119,024 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/03/16 12:13:06 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
PRC - [2013/03/16 12:00:52 | 000,068,168 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
PRC - [2012/12/07 15:16:00 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
PRC - [2012/08/17 20:56:35 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/09/13 17:33:20 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/08/19 15:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/09 01:01:34 | 009,849,200 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtWebKit4.dll
MOD - [2013/06/20 02:58:03 | 000,391,040 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
MOD - [2013/03/16 11:36:30 | 000,069,192 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
MOD - [2013/03/16 11:36:30 | 000,050,248 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
MOD - [2013/03/16 11:36:28 | 000,096,840 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TBFireWall.dll
MOD - [2013/03/16 11:36:26 | 000,115,784 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\NASOperator.dll
MOD - [2013/03/16 11:36:22 | 000,578,632 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExImage.dll
MOD - [2013/03/16 11:36:22 | 000,468,040 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll
MOD - [2013/03/16 11:36:22 | 000,293,960 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSize.dll
MOD - [2013/03/16 11:36:22 | 000,068,680 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
MOD - [2013/03/16 11:36:20 | 000,192,584 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\EmailBrowser.dll
MOD - [2013/03/16 11:36:20 | 000,192,072 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\EmailBackupSize.dll
MOD - [2013/03/16 11:36:18 | 000,135,752 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\CloudOperator.dll
MOD - [2013/03/16 11:36:18 | 000,098,888 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll
MOD - [2013/03/16 11:36:18 | 000,090,696 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ActivationOnline.dll
MOD - [2013/03/16 11:36:18 | 000,037,960 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ActiveOnline.dll
MOD - [2013/03/16 11:36:18 | 000,029,768 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\CompressFile.dll
MOD - [2013/03/16 11:36:18 | 000,022,088 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\AccountManager.dll
MOD - [2012/12/07 15:15:16 | 007,422,392 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll
MOD - [2012/12/07 15:15:12 | 002,126,264 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll
MOD - [2012/12/07 15:15:12 | 001,270,200 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll
MOD - [2012/12/07 15:15:12 | 000,192,952 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll
MOD - [2012/12/07 15:15:10 | 002,453,944 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll
MOD - [2012/12/07 15:15:10 | 000,795,064 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll
MOD - [2010/11/11 04:24:31 | 000,028,160 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\DACommCenter.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/07/13 08:07:23 | 007,826,432 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtGui4.dll
MOD - [2010/07/05 04:19:39 | 000,116,736 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
MOD - [2010/06/23 20:16:19 | 002,150,400 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtCore4.dll
MOD - [2010/06/02 00:05:48 | 000,025,600 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\imageformats\qgif4.dll
MOD - [2010/06/02 00:05:40 | 000,119,808 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\imageformats\qjpeg4.dll
MOD - [2010/06/01 21:56:04 | 000,232,960 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\phonon4.dll
MOD - [2010/06/01 21:54:24 | 002,530,816 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtXmlPatterns4.dll
MOD - [2010/06/01 21:29:22 | 000,934,912 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtNetwork4.dll
MOD - [2010/06/01 21:28:00 | 000,335,360 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtXml4.dll
MOD - [2008/11/25 16:18:00 | 001,291,264 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\libxml2.dll
MOD - [2004/10/05 02:08:00 | 000,055,808 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\zlib1.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/11/17 08:50:58 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/10/13 15:01:17 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/23 15:39:14 | 007,391,232 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2013/05/07 17:36:35 | 000,119,024 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/03/16 12:13:06 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
SRV - [2013/03/16 12:00:52 | 000,068,168 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2012/12/07 15:16:00 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2012/09/20 12:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/26 01:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)
SRV - [2006/01/04 23:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013/12/01 21:12:21 | 000,040,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{796C7077-7965-4477-A6C2-6FDBF59E7F89}\MpKslbd5e504c.sys -- (MpKslbd5e504c)
DRV - [2013/03/16 11:50:16 | 000,185,672 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV - [2013/03/16 11:47:04 | 000,040,648 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\EUBKMON.sys -- (EUBKMON)
DRV - [2013/03/16 11:41:46 | 000,014,920 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2013/03/16 11:38:36 | 000,050,248 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2012/08/17 21:12:10 | 000,013,616 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mvxxmm.sys -- (mvxxmm)
DRV - [2012/08/17 21:12:10 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv64xxmm.sys -- (mv64xxmm)
DRV - [2012/08/17 21:12:09 | 000,013,616 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv61xxmm.sys -- (mv61xxmm)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/06 21:24:30 | 000,019,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2010/09/06 16:25:10 | 000,239,104 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVEOdcnt.sys -- (AVEO)
DRV - [2006/04/06 21:49:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2005/05/26 22:42:00 | 000,376,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/05/03 21:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 21:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 21:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 22:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/11/16 16:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/23 13:49:30 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1606980848-2139871995-2146872623-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1606980848-2139871995-2146872623-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1606980848-2139871995-2146872623-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 1F F9 19 60 59 CE 01  [binary data]
IE - HKU\S-1-5-21-1606980848-2139871995-2146872623-1003\..\SearchScopes,DefaultScope = {FAF97E76-58F9-475A-AE6F-16679FD2695E}
IE - HKU\S-1-5-21-1606980848-2139871995-2146872623-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-1606980848-2139871995-2146872623-1003\..\SearchScopes\{FAF97E76-58F9-475A-AE6F-16679FD2695E}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1606980848-2139871995-2146872623-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1384347356&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2013/04/26 10:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
 
[2013/04/26 10:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions
[2013/04/26 10:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2013/04/26 10:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner\Application Data\Mozilla\Sunbird\Profiles\skvet44a.default\extensions
[2013/11/17 08:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/17 08:51:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - Extension: Angry Birds = C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Docs = C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AgentMonitor] C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1606980848-2139871995-2146872623-1003..\Run: [KSS] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKU\S-1-5-21-1606980848-2139871995-2146872623-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606980848-2139871995-2146872623-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1606980848-2139871995-2146872623-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1606980848-2139871995-2146872623-1003\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FD8E40D-CB6E-4A40-ABA8-103C01566687}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/04/18 08:30:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/02 09:18:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
[2013/12/01 10:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Desktop\RK_Quarantine
[2013/12/01 10:50:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/11/29 10:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\KidZui
[2013/11/29 10:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kidzui
[2013/11/29 10:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\Kidzui
[2013/11/26 20:56:53 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\owner\Desktop\HijackThis.exe
[2013/11/26 15:36:09 | 000,760,937 | ---- | C] (Farbar) -- C:\Documents and Settings\owner\Desktop\MiniToolBox.exe
[2013/11/26 15:35:37 | 000,360,881 | ---- | C] (Farbar) -- C:\Documents and Settings\owner\Desktop\FSS.exe
[2013/11/26 12:30:33 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/11/25 10:04:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\owner\Recent
[2013/11/25 09:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2013/11/24 18:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/11/24 18:31:10 | 000,105,176 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2013/11/24 18:30:12 | 000,047,064 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/11/24 18:29:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Desktop\mbar
[2013/11/19 11:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Start Menu\Programs\Kaspersky Security Scan
[2013/11/19 11:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013/11/19 11:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2013/11/19 11:03:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/11/19 11:01:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/11/19 11:01:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/11/19 11:01:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/11/19 11:01:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/11/19 10:57:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/11/19 10:57:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\owner\My Documents\My Videos
[2013/11/19 10:57:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\owner\Start Menu\Programs\Administrative Tools
[2013/11/19 10:56:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/11/17 12:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\cache
[2013/11/17 12:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VTech
[2013/11/17 12:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\VTech
[2013/11/17 12:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VTech
[2013/11/17 08:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/16 09:06:42 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2013/11/16 09:06:42 | 000,046,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irbus.sys
[2013/11/15 14:00:20 | 000,036,864 | ---- | C] (AVEO) -- C:\WINDOWS\System32\AVEOcamintfc.ax
[2013/11/15 14:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\USB2.0 PC Camera
[2013/11/15 14:00:19 | 000,057,344 | ---- | C] (Xirlink, Inc.) -- C:\WINDOWS\System32\sx_cam_i420.dll
[2013/11/15 14:00:17 | 000,239,104 | ---- | C] (AVEO Corp) -- C:\WINDOWS\System32\drivers\AVEOdcnt.sys
[2013/11/15 14:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVEO UVC Like Driver
[2013/11/15 13:58:45 | 000,123,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2013/11/15 13:58:44 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2013/11/15 13:58:44 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2013/11/13 07:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Desktop\Old Firefox Data
[2013/11/07 17:52:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\vlc
[2013/11/07 17:51:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2013/11/07 17:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/11/07 17:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\dvdcss
[2013/11/07 17:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\ZJMedia
[2013/11/07 17:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\ZJMedia
[2013/11/07 17:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2012/02/11 17:27:56 | 019,500,915 | ---- | C] (Oleg N. Scherbakov) -- C:\Program Files\addins.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\owner\My Documents\*.tmp files -> C:\Documents and Settings\owner\My Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/02 09:18:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
[2013/12/02 09:18:07 | 000,496,086 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/12/02 09:18:06 | 000,084,508 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/12/02 09:12:33 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/02 09:12:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/02 09:12:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/01 22:59:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/01 21:12:49 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/01 10:50:31 | 003,687,936 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\RogueKiller.exe
[2013/11/29 10:10:13 | 000,001,540 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Kidzui Browser.lnk
[2013/11/29 10:10:13 | 000,001,522 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kidzui Browser.lnk
[2013/11/26 20:56:56 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\owner\Desktop\HijackThis.exe
[2013/11/26 15:36:32 | 000,760,937 | ---- | M] (Farbar) -- C:\Documents and Settings\owner\Desktop\MiniToolBox.exe
[2013/11/26 15:35:56 | 000,360,881 | ---- | M] (Farbar) -- C:\Documents and Settings\owner\Desktop\FSS.exe
[2013/11/26 15:35:42 | 000,891,200 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\SecurityCheck.exe
[2013/11/26 12:19:53 | 000,088,268 | ---- | M] () -- C:\VETlog.dmp
[2013/11/25 09:51:05 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/11/24 18:31:10 | 000,105,176 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2013/11/24 18:30:12 | 000,047,064 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/11/24 17:54:41 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/11/19 11:50:54 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Kaspersky Security Scan.lnk
[2013/11/19 11:03:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/11/19 05:21:30 | 000,230,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2013/11/17 16:44:12 | 000,921,654 | ---- | M] () -- C:\Documents and Settings\owner\My Documents\Still0001.bmp
[2013/11/17 16:43:55 | 000,921,654 | ---- | M] () -- C:\Documents and Settings\owner\My Documents\Still0000.bmp
[2013/11/17 16:26:39 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\cookies.ini
[2013/11/17 12:40:16 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Learning Lodge™.lnk
[2013/11/15 14:00:20 | 000,000,579 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CamApp.lnk
[2013/11/15 09:20:19 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/11/15 08:58:57 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/11/07 17:51:40 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\owner\My Documents\*.tmp files -> C:\Documents and Settings\owner\My Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/12/01 10:50:24 | 003,687,936 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\RogueKiller.exe
[2013/11/29 10:10:13 | 000,001,540 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Kidzui Browser.lnk
[2013/11/29 10:10:13 | 000,001,522 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kidzui Browser.lnk
[2013/11/26 15:35:00 | 000,891,200 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\SecurityCheck.exe
[2013/11/19 11:51:05 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Kaspersky Security Scan.lnk
[2013/11/19 11:03:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/11/19 11:03:33 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/11/19 11:01:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/11/19 11:01:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/11/19 11:01:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/11/19 11:01:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/11/19 11:01:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/11/17 16:44:12 | 000,921,654 | ---- | C] () -- C:\Documents and Settings\owner\My Documents\Still0001.bmp
[2013/11/17 16:43:55 | 000,921,654 | ---- | C] () -- C:\Documents and Settings\owner\My Documents\Still0000.bmp
[2013/11/17 12:43:40 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\cookies.ini
[2013/11/17 12:40:16 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Learning Lodge™.lnk
[2013/11/15 14:00:23 | 000,921,656 | ---- | C] () -- C:\WINDOWS\System32\newspaper_640_480.bmp
[2013/11/15 14:00:23 | 000,921,656 | ---- | C] () -- C:\WINDOWS\System32\aim_640_480.bmp
[2013/11/15 14:00:23 | 000,921,656 | ---- | C] () -- C:\WINDOWS\System32\4_640_480.bmp
[2013/11/15 14:00:23 | 000,921,654 | ---- | C] () -- C:\WINDOWS\System32\magnifier_640_480.bmp
[2013/11/15 14:00:23 | 000,230,456 | ---- | C] () -- C:\WINDOWS\System32\newspaper_320_240.bmp
[2013/11/15 14:00:23 | 000,230,456 | ---- | C] () -- C:\WINDOWS\System32\magnifier_320_240.bmp
[2013/11/15 14:00:23 | 000,230,456 | ---- | C] () -- C:\WINDOWS\System32\aim_320_240.bmp
[2013/11/15 14:00:22 | 000,921,656 | ---- | C] () -- C:\WINDOWS\System32\3_640_480.bmp
[2013/11/15 14:00:22 | 000,921,656 | ---- | C] () -- C:\WINDOWS\System32\2_640_480.bmp
[2013/11/15 14:00:22 | 000,230,456 | ---- | C] () -- C:\WINDOWS\System32\4_320_240.bmp
[2013/11/15 14:00:22 | 000,230,456 | ---- | C] () -- C:\WINDOWS\System32\3_320_240.bmp
[2013/11/15 14:00:22 | 000,230,456 | ---- | C] () -- C:\WINDOWS\System32\2_320_240.bmp
[2013/11/15 14:00:21 | 000,921,656 | ---- | C] () -- C:\WINDOWS\System32\1_640_480.bmp
[2013/11/15 14:00:21 | 000,230,456 | ---- | C] () -- C:\WINDOWS\System32\1_320_240.bmp
[2013/11/15 14:00:21 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\MFC_InstDrvDLL.dll
[2013/11/15 14:00:20 | 000,000,579 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CamApp.lnk
[2013/11/07 17:51:40 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2013/05/25 12:06:19 | 000,040,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2013/05/16 08:35:19 | 000,226,019 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1368711044.bdinstall.bin
[2013/05/16 08:25:14 | 000,119,307 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1368710575.bdinstall.bin
[2013/04/18 11:41:48 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2013/04/18 10:40:43 | 001,681,092 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1366296714.bdinstall.bin
[2013/04/18 08:49:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2013/04/18 08:49:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2013/04/18 08:46:56 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2013/04/18 08:34:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/04/18 08:26:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/04/18 04:19:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/04/18 04:17:31 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/17 20:59:44 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2012/08/17 20:59:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/08/17 20:59:28 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\FontReg.exe
 
========== ZeroAccess Check ==========
 
[2013/10/18 08:32:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/17 20:57:38 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/17 20:56:35 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/04/18 10:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2013/05/22 20:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\firebird
[2013/05/10 09:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2013/09/03 11:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2013/11/17 12:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VTech
[2013/04/18 10:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\QuickScan
[2013/04/18 08:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Infineon
[2013/11/29 10:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\KidZui
[2013/04/18 10:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\QuickScan
[2013/09/03 18:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\tixati
[2013/11/25 10:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\uTorrent
[2013/09/03 18:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Viewpoint
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV - [2008/04/14 07:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2012/08/17 20:58:16 | 000,023,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 07:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/08/17 20:56:27 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 07:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2012/08/17 20:56:32 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2012/08/17 20:56:33 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2012/08/17 20:57:37 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2012/08/17 20:57:49 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 07:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 07:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 07:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 07:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 07:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 07:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2012/08/17 20:57:20 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2012/08/17 20:57:37 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2012/08/17 20:57:49 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 07:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 07:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2012/08/17 20:57:35 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 07:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 07:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 07:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2012/08/17 20:57:50 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2012/08/17 20:57:49 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 07:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 07:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 07:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2012/08/17 20:57:54 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2012/08/17 20:57:55 | 000,296,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2012/08/17 20:57:49 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 07:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 07:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2012/08/17 20:56:41 | 000,330,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 07:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2012/08/17 20:57:03 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 07:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2012/08/17 20:56:23 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2012/08/17 20:56:34 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2012/08/17 21:04:28 | 000,483,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2012/08/17 20:58:05 | 000,134,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2012/08/17 20:56:35 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=2BB75B7F548D82A099125D0C5971DE7D -- C:\WINDOWS\explorer.exe
[2012/08/17 20:56:35 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=2BB75B7F548D82A099125D0C5971DE7D -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: SERVICES  >
[2008/04/14 07:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
 
< MD5 for: SERVICES.CFG  >
[2012/09/23 19:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/09/05 09:04:00 | 000,559,090 | ---- | M] () MD5=8ADD48E413D05BF2E7AEC00173DDFABC -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg
 
< MD5 for: SERVICES.DAT  >
[2013/08/28 22:17:14 | 000,002,469 | ---- | M] () MD5=63140BCBCDCFA5C738A68A53116AAA8D -- C:\Documents and Settings\owner\Local Settings\Temp\jrt\services.dat
 
< MD5 for: SERVICES.EXE  >
[2012/08/17 20:57:37 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=C519E15665CD89A91AD383FCE3CB556A -- C:\WINDOWS\system32\dllcache\services.exe
[2012/08/17 20:57:37 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=C519E15665CD89A91AD383FCE3CB556A -- C:\WINDOWS\system32\services.exe
 
< MD5 for: SERVICES.LNK  >
[2013/11/24 18:45:59 | 000,001,602 | ---- | M] () MD5=995585092D87A02FB5306759098F2FC8 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
 
< MD5 for: SERVICES.MSC  >
[2008/04/14 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc
 
< MD5 for: SVCHOST.EXE  >
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/08/17 20:58:04 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=53A8857723277B1D6D5EE60A9F85B117 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2012/08/17 20:58:04 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=53A8857723277B1D6D5EE60A9F85B117 -- C:\WINDOWS\system32\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WINSOCK.DLL  >
[2008/04/14 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2008/04/14 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

< End of report >

 

 

 

--I made a mistake and didn't have "all users" selected the 1st run.  When I went to re0run it I could never get the extras file to be created.  Here's i the original one though.

 

OTL Extras logfile created on: 12/2/2013 9:19:53 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1015.36 Mb Total Physical Memory | 454.36 Mb Available Physical Memory | 44.75% Memory free
2.39 Gb Paging File | 1.76 Gb Available in Paging File | 73.96% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 2.15 Gb Free Space | 5.76% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-ED916FF3C | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\acs\AOLDial.exe" = C:\Program Files\Common Files\AOL\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (America Online)
"C:\Program Files\Common Files\AOL\acs\AOLacsd.exe" = C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1366303881\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1366303881\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL Inc.)
"C:\Program Files\AOL Desktop 9.7\waol.exe" = C:\Program Files\AOL Desktop 9.7\waol.exe:*:Enabled:AOL -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL Inc.)
"C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe" = C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe:*:Enabled:AOL Browser -- (AOL Inc.)
"C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe" = C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe:*:Enabled:Agent.exe -- (CHENGDU YIWO Tech Development Co., Ltd)
"C:\Program Files\EaseUS\Todo Backup\bin\TbService.exe" = C:\Program Files\EaseUS\Todo Backup\bin\TbService.exe:*:Enabled:TbService.exe -- (CHENGDU YIWO Tech Development Co., Ltd)
"C:\Program Files\EaseUS\Todo Backup\bin\TBConsoleUI.exe" = C:\Program Files\EaseUS\Todo Backup\bin\TBConsoleUI.exe:*:Enabled:Local TBConsoleUI.exe -- (CHENGDU YIWO Tech Development Co., Ltd)
"C:\Program Files\tixati\tixati.exe" = C:\Program Files\tixati\tixati.exe:*:Enabled:Tixati -- (Tixati Software Inc.)
"C:\Documents and Settings\owner\Application Data\uTorrent\uTorrent.exe" = C:\Documents and Settings\owner\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe" = C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe:*:Disabled:Vtech local server -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = TIPCI
"{16AAD75A-9E2B-459D-949C-11AA1A2A6B9F}" = LeapFrog Connect
"{21A196EC-241B-4A79-970B-E9585F1CE90C}" = AVEO UVC Like Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7B8BA75D-17EE-4EEA-B8F0-578F9514F637}" = LeapFrog LeapPad Explorer Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{783B85A5-B56C-457C-BC65-7F2433DF811E}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"7-Zip" = 7-Zip 9.20
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"EaseUS Todo Backup Advanced Server 5.8_is1" = EaseUS Todo Backup Advanced Server 5.8
"Google Chrome" = Google Chrome
"InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"Kidzui" = Kidzui
"LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"tixati" = Tixati
"UPCShell" = LeapFrog Connect
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.1.0
"VTechDownloadManager" = Learning Lodge™
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Yahoo! Messenger" = Yahoo! Messenger
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/27/2013 9:03:17 PM | Computer Name = OWNER-ED916FF3C | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
 P4 4.4.304.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
 
Error - 11/27/2013 10:42:52 PM | Computer Name = OWNER-ED916FF3C | Source = UserInit | ID = 1000
Description = Could not execute the following script C:\Program Files\Bitdefender\Bitdefender
 2013\support.exe. The system cannot find the file specified.  .
 
Error - 11/28/2013 12:07:55 AM | Computer Name = OWNER-ED916FF3C | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P2 4.4.304.0, P3 timeout, P4 1.1.10100.0, P5 fixed, P6 1 _ 1024, P7 5 _ not boot,
 P8 NIL, P9 NIL, P10 NIL.
 
Error - 11/29/2013 4:55:45 AM | Computer Name = OWNER-ED916FF3C | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P2 4.4.304.0, P3 timeout, P4 1.1.10100.0, P5 fixed, P6 1 _ 1024, P7 5 _ not boot,
 P8 NIL, P9 NIL, P10 NIL.
 
Error - 11/29/2013 9:34:20 AM | Computer Name = OWNER-ED916FF3C | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P2 4.4.304.0, P3 timeout, P4 1.1.10100.0, P5 fixed, P6 1 _ 1024, P7 5 _ not boot,
 P8 NIL, P9 NIL, P10 NIL.
 
Error - 11/29/2013 9:34:22 AM | Computer Name = OWNER-ED916FF3C | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
 P4 4.4.304.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
 
Error - 11/30/2013 9:01:23 AM | Computer Name = OWNER-ED916FF3C | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P2 4.4.304.0, P3 timeout, P4 1.1.10100.0, P5 fixed, P6 1 _ 1024, P7 5 _ not boot,
 P8 NIL, P9 NIL, P10 NIL.
 
Error - 12/1/2013 11:46:45 AM | Computer Name = OWNER-ED916FF3C | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P2 4.4.304.0, P3 timeout, P4 1.1.10100.0, P5 fixed, P6 1 _ 1024, P7 5 _ not boot,
 P8 NIL, P9 NIL, P10 NIL.
 
Error - 12/1/2013 8:30:58 PM | Computer Name = OWNER-ED916FF3C | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P2 4.4.304.0, P3 timeout, P4 1.1.10100.0, P5 fixed, P6 1 _ 1024, P7 5 _ not boot,
 P8 NIL, P9 NIL, P10 NIL.
 
Error - 12/2/2013 7:59:58 AM | Computer Name = OWNER-ED916FF3C | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P2 4.4.304.0, P3 timeout, P4 1.1.10100.0, P5 fixed, P6 1 _ 1024, P7 5 _ not boot,
 P8 NIL, P9 NIL, P10 NIL.
 
[ System Events ]
Error - 11/29/2013 9:34:19 AM | Computer Name = OWNER-ED916FF3C | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.102 on
 the  Network Card with network address 0014A418FE6A.
 
Error - 11/29/2013 1:59:55 PM | Computer Name = OWNER-ED916FF3C | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.105 on
 the  Network Card with network address 0014A418FE6A.
 
Error - 11/29/2013 4:05:34 PM | Computer Name = OWNER-ED916FF3C | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the WZCSVC service.
 
Error - 11/29/2013 6:59:28 PM | Computer Name = OWNER-ED916FF3C | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.105 on
 the  Network Card with network address 0014A418FE6A.
 
Error - 11/29/2013 10:22:45 PM | Computer Name = OWNER-ED916FF3C | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.105 on
 the  Network Card with network address 0014A418FE6A.
 
Error - 11/30/2013 2:12:39 PM | Computer Name = OWNER-ED916FF3C | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.105 on
 the  Network Card with network address 0014A418FE6A.
 
Error - 11/30/2013 11:35:11 PM | Computer Name = OWNER-ED916FF3C | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.105 on
 the  Network Card with network address 0014A418FE6A.
 
Error - 12/1/2013 9:35:20 AM | Computer Name = OWNER-ED916FF3C | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.102 on
 the  Network Card with network address 0014A418FE6A.
 
Error - 12/1/2013 8:30:54 PM | Computer Name = OWNER-ED916FF3C | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.102 on
 the  Network Card with network address 0014A418FE6A.
 
Error - 12/2/2013 7:59:53 AM | Computer Name = OWNER-ED916FF3C | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.103 on
 the  Network Card with network address 0014A418FE6A.
 
 
< End of report >


 


Edited by dansmail26, 02 December 2013 - 10:05 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:39 AM

Posted 02 December 2013 - 02:20 PM

Run OTL - Double-click OTL.exe otlDesktopIcon.png to start it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
SRV - [2011/06/26 01:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll File not found
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1606980848-2139871995-2146872623-1003\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Run ComboFix again. You may be asked to update the program please do.

Post the log if you can.
How is it now?

#9 dansmail26

dansmail26
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 02 December 2013 - 03:15 PM

Combofix still wouldn't run, stops at the scanning files.

 

 

OTL logfile created on: 12/2/2013 2:53:36 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1015.36 Mb Total Physical Memory | 377.88 Mb Available Physical Memory | 37.22% Memory free
2.39 Gb Paging File | 1.84 Gb Available in Paging File | 77.30% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 2.19 Gb Free Space | 5.87% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-ED916FF3C | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/12/02 09:18:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
PRC - [2013/11/25 09:00:50 | 005,717,272 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe
PRC - [2013/07/23 16:03:50 | 000,103,936 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2013/07/23 15:39:14 | 007,391,232 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2013/06/20 02:58:03 | 000,391,040 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
PRC - [2013/05/07 17:36:35 | 000,119,024 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/03/16 12:13:06 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
PRC - [2013/03/16 12:00:52 | 000,068,168 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
PRC - [2012/12/07 15:16:00 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
PRC - [2012/08/17 20:56:35 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/09/13 17:33:20 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/08/19 15:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/09 01:01:34 | 009,849,200 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtWebKit4.dll
MOD - [2013/06/20 02:58:03 | 000,391,040 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
MOD - [2013/03/16 11:36:30 | 000,069,192 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
MOD - [2013/03/16 11:36:30 | 000,050,248 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
MOD - [2013/03/16 11:36:28 | 000,096,840 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TBFireWall.dll
MOD - [2013/03/16 11:36:26 | 000,115,784 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\NASOperator.dll
MOD - [2013/03/16 11:36:22 | 000,578,632 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExImage.dll
MOD - [2013/03/16 11:36:22 | 000,468,040 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll
MOD - [2013/03/16 11:36:22 | 000,293,960 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSize.dll
MOD - [2013/03/16 11:36:22 | 000,068,680 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
MOD - [2013/03/16 11:36:20 | 000,192,584 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\EmailBrowser.dll
MOD - [2013/03/16 11:36:20 | 000,192,072 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\EmailBackupSize.dll
MOD - [2013/03/16 11:36:18 | 000,135,752 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\CloudOperator.dll
MOD - [2013/03/16 11:36:18 | 000,098,888 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll
MOD - [2013/03/16 11:36:18 | 000,090,696 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ActivationOnline.dll
MOD - [2013/03/16 11:36:18 | 000,037,960 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ActiveOnline.dll
MOD - [2013/03/16 11:36:18 | 000,029,768 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\CompressFile.dll
MOD - [2013/03/16 11:36:18 | 000,022,088 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\AccountManager.dll
MOD - [2012/12/07 15:15:16 | 007,422,392 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll
MOD - [2012/12/07 15:15:12 | 002,126,264 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll
MOD - [2012/12/07 15:15:12 | 001,270,200 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll
MOD - [2012/12/07 15:15:12 | 000,192,952 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll
MOD - [2012/12/07 15:15:10 | 002,453,944 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll
MOD - [2012/12/07 15:15:10 | 000,795,064 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll
MOD - [2010/11/11 04:24:31 | 000,028,160 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\DACommCenter.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/07/13 08:07:23 | 007,826,432 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtGui4.dll
MOD - [2010/07/05 04:19:39 | 000,116,736 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
MOD - [2010/06/23 20:16:19 | 002,150,400 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtCore4.dll
MOD - [2010/06/02 00:05:48 | 000,025,600 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\imageformats\qgif4.dll
MOD - [2010/06/02 00:05:40 | 000,119,808 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\imageformats\qjpeg4.dll
MOD - [2010/06/01 21:56:04 | 000,232,960 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\phonon4.dll
MOD - [2010/06/01 21:54:24 | 002,530,816 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtXmlPatterns4.dll
MOD - [2010/06/01 21:29:22 | 000,934,912 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtNetwork4.dll
MOD - [2010/06/01 21:28:00 | 000,335,360 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtXml4.dll
MOD - [2008/11/25 16:18:00 | 001,291,264 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\libxml2.dll
MOD - [2004/10/05 02:08:00 | 000,055,808 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\zlib1.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/11/17 08:50:58 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/10/13 15:01:17 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/23 15:39:14 | 007,391,232 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2013/05/07 17:36:35 | 000,119,024 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/03/16 12:13:06 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
SRV - [2013/03/16 12:00:52 | 000,068,168 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2012/12/07 15:16:00 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2012/09/20 12:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)
SRV - [2006/01/04 23:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013/03/16 11:50:16 | 000,185,672 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV - [2013/03/16 11:47:04 | 000,040,648 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\EUBKMON.sys -- (EUBKMON)
DRV - [2013/03/16 11:41:46 | 000,014,920 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2013/03/16 11:38:36 | 000,050,248 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2012/08/17 21:12:10 | 000,013,616 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mvxxmm.sys -- (mvxxmm)
DRV - [2012/08/17 21:12:10 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv64xxmm.sys -- (mv64xxmm)
DRV - [2012/08/17 21:12:09 | 000,013,616 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv61xxmm.sys -- (mv61xxmm)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/06 21:24:30 | 000,019,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2010/09/06 16:25:10 | 000,239,104 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVEOdcnt.sys -- (AVEO)
DRV - [2006/04/06 21:49:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2005/05/26 22:42:00 | 000,376,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/05/03 21:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 21:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 21:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 22:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/11/16 16:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/23 13:49:30 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 1F F9 19 60 59 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {FAF97E76-58F9-475A-AE6F-16679FD2695E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\..\SearchScopes\{FAF97E76-58F9-475A-AE6F-16679FD2695E}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1384347356&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2013/04/26 10:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
 
[2013/04/26 10:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions
[2013/04/26 10:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2013/04/26 10:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner\Application Data\Mozilla\Sunbird\Profiles\skvet44a.default\extensions
[2013/11/17 08:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/17 08:51:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - Extension: Angry Birds = C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Docs = C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AgentMonitor] C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [KSS] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FD8E40D-CB6E-4A40-ABA8-103C01566687}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/04/18 08:30:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/02 14:49:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/02 09:18:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
[2013/12/01 10:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Desktop\RK_Quarantine
[2013/12/01 10:50:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/11/29 10:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\KidZui
[2013/11/29 10:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kidzui
[2013/11/29 10:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\Kidzui
[2013/11/26 20:56:53 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\owner\Desktop\HijackThis.exe
[2013/11/26 15:36:09 | 000,760,937 | ---- | C] (Farbar) -- C:\Documents and Settings\owner\Desktop\MiniToolBox.exe
[2013/11/26 15:35:37 | 000,360,881 | ---- | C] (Farbar) -- C:\Documents and Settings\owner\Desktop\FSS.exe
[2013/11/26 12:30:33 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/11/25 10:04:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\owner\Recent
[2013/11/25 09:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2013/11/24 18:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/11/24 18:31:10 | 000,105,176 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2013/11/24 18:30:12 | 000,047,064 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/11/24 18:29:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Desktop\mbar
[2013/11/19 11:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Start Menu\Programs\Kaspersky Security Scan
[2013/11/19 11:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013/11/19 11:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2013/11/19 11:03:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/11/19 11:01:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/11/19 11:01:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/11/19 11:01:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/11/19 11:01:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/11/19 10:57:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/11/19 10:57:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\owner\My Documents\My Videos
[2013/11/19 10:57:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\owner\Start Menu\Programs\Administrative Tools
[2013/11/19 10:56:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/11/17 12:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\cache
[2013/11/17 12:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VTech
[2013/11/17 12:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\VTech
[2013/11/17 12:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VTech
[2013/11/17 08:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/16 09:06:42 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2013/11/16 09:06:42 | 000,046,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irbus.sys
[2013/11/15 14:00:20 | 000,036,864 | ---- | C] (AVEO) -- C:\WINDOWS\System32\AVEOcamintfc.ax
[2013/11/15 14:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\USB2.0 PC Camera
[2013/11/15 14:00:19 | 000,057,344 | ---- | C] (Xirlink, Inc.) -- C:\WINDOWS\System32\sx_cam_i420.dll
[2013/11/15 14:00:17 | 000,239,104 | ---- | C] (AVEO Corp) -- C:\WINDOWS\System32\drivers\AVEOdcnt.sys
[2013/11/15 14:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVEO UVC Like Driver
[2013/11/15 13:58:45 | 000,123,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2013/11/15 13:58:44 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2013/11/15 13:58:44 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2013/11/13 07:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Desktop\Old Firefox Data
[2013/11/07 17:52:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\vlc
[2013/11/07 17:51:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2013/11/07 17:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/11/07 17:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\dvdcss
[2013/11/07 17:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\ZJMedia
[2013/11/07 17:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\ZJMedia
[2013/11/07 17:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2012/02/11 17:27:56 | 019,500,915 | ---- | C] (Oleg N. Scherbakov) -- C:\Program Files\addins.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\owner\My Documents\*.tmp files -> C:\Documents and Settings\owner\My Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/02 14:59:03 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/02 14:57:20 | 000,496,086 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/12/02 14:57:20 | 000,084,508 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/12/02 14:52:01 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/02 14:51:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/02 14:12:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/02 13:54:14 | 000,089,204 | ---- | M] () -- C:\VETlog.dmp
[2013/12/02 09:18:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
[2013/12/02 09:12:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/01 10:50:31 | 003,687,936 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\RogueKiller.exe
[2013/11/29 10:10:13 | 000,001,540 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Kidzui Browser.lnk
[2013/11/29 10:10:13 | 000,001,522 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kidzui Browser.lnk
[2013/11/26 20:56:56 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\owner\Desktop\HijackThis.exe
[2013/11/26 15:36:32 | 000,760,937 | ---- | M] (Farbar) -- C:\Documents and Settings\owner\Desktop\MiniToolBox.exe
[2013/11/26 15:35:56 | 000,360,881 | ---- | M] (Farbar) -- C:\Documents and Settings\owner\Desktop\FSS.exe
[2013/11/26 15:35:42 | 000,891,200 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\SecurityCheck.exe
[2013/11/25 09:51:05 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/11/24 18:31:10 | 000,105,176 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2013/11/24 18:30:12 | 000,047,064 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/11/24 17:54:41 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/11/19 11:50:54 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Kaspersky Security Scan.lnk
[2013/11/19 11:03:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/11/19 05:21:30 | 000,230,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2013/11/17 16:44:12 | 000,921,654 | ---- | M] () -- C:\Documents and Settings\owner\My Documents\Still0001.bmp
[2013/11/17 16:43:55 | 000,921,654 | ---- | M] () -- C:\Documents and Settings\owner\My Documents\Still0000.bmp
[2013/11/17 16:26:39 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\cookies.ini
[2013/11/17 12:40:16 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Learning Lodge™.lnk
[2013/11/15 14:00:20 | 000,000,579 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CamApp.lnk
[2013/11/15 09:20:19 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/11/15 08:58:57 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/11/07 17:51:40 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\owner\My Documents\*.tmp files -> C:\Documents and Settings\owner\My Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/12/01 10:50:24 | 003,687,936 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\RogueKiller.exe
[2013/11/29 10:10:13 | 000,001,540 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Kidzui Browser.lnk
[2013/11/29 10:10:13 | 000,001,522 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kidzui Browser.lnk
[2013/11/26 15:35:00 | 000,891,200 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\SecurityCheck.exe
[2013/11/19 11:51:05 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Kaspersky Security Scan.lnk
[2013/11/19 11:03:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/11/19 11:03:33 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/11/19 11:01:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/11/19 11:01:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/11/19 11:01:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/11/19 11:01:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/11/19 11:01:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/11/17 16:44:12 | 000,921,654 | ---- | C] () -- C:\Documents and Settings\owner\My Documents\Still0001.bmp
[2013/11/17 16:43:55 | 000,921,654 | ---- | C] () -- C:\Documents and Settings\owner\My Documents\Still0000.bmp
[2013/11/17 12:43:40 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\cookies.ini
[2013/11/17 12:40:16 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Learning Lodge™.lnk
[2013/11/15 14:00:23 | 000,921,656 | ---- | C] () -- C:\WINDOWS\System32\newspaper_640_480.bmp
[2013/11/15 14:00:23 | 000,921,656 | ---- | C] () -- C:\WINDOWS\System32\aim_640_480.bmp
[2013/11/15 14:00:23 | 000,921,656 | ---- | C] () -- C:\WINDOWS\System32\4_640_480.bmp
[2013/11/15 14:00:23 | 000,921,654 | ---- | C] () -- C:\WINDOWS\System32\magnifier_640_480.bmp
[2013/11/15 14:00:23 | 000,230,456 | ---- | C] () -- C:\WINDOWS\System32\newspaper_320_240.bmp
[2013/11/15 14:00:23 | 000,230,456 | ---- | C] () -- C:\WINDOWS\System32\magnifier_320_240.bmp
[2013/11/15 14:00:23 | 000,230,456 | ---- | C] () -- C:\WINDOWS\System32\aim_320_240.bmp
[2013/11/15 14:00:22 | 000,921,656 | ---- | C] () -- C:\WINDOWS\System32\3_640_480.bmp
[2013/11/15 14:00:22 | 000,921,656 | ---- | C] () -- C:\WINDOWS\System32\2_640_480.bmp
[2013/11/15 14:00:22 | 000,230,456 | ---- | C] () -- C:\WINDOWS\System32\4_320_240.bmp
[2013/11/15 14:00:22 | 000,230,456 | ---- | C] () -- C:\WINDOWS\System32\3_320_240.bmp
[2013/11/15 14:00:22 | 000,230,456 | ---- | C] () -- C:\WINDOWS\System32\2_320_240.bmp
[2013/11/15 14:00:21 | 000,921,656 | ---- | C] () -- C:\WINDOWS\System32\1_640_480.bmp
[2013/11/15 14:00:21 | 000,230,456 | ---- | C] () -- C:\WINDOWS\System32\1_320_240.bmp
[2013/11/15 14:00:21 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\MFC_InstDrvDLL.dll
[2013/11/15 14:00:20 | 000,000,579 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CamApp.lnk
[2013/11/07 17:51:40 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2013/05/25 12:06:19 | 000,040,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2013/05/16 08:35:19 | 000,226,019 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1368711044.bdinstall.bin
[2013/05/16 08:25:14 | 000,119,307 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1368710575.bdinstall.bin
[2013/04/18 11:41:48 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2013/04/18 10:40:43 | 001,681,092 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1366296714.bdinstall.bin
[2013/04/18 08:49:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2013/04/18 08:49:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2013/04/18 08:46:56 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2013/04/18 08:34:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/04/18 08:26:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/04/18 04:19:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/04/18 04:17:31 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/17 20:59:44 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2012/08/17 20:59:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/08/17 20:59:28 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\FontReg.exe
 
========== ZeroAccess Check ==========
 
[2013/10/18 08:32:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/17 20:57:38 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/17 20:56:35 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:39 AM

Posted 03 December 2013 - 08:33 AM

How to perform disk error checking in Windows XP
Run the Chkdsk tool as suggested in this article.
http://support.microsoft.com/kb/315265
===

Restart the computer normally.
Execute the following.

Total Fragmentation on Drive C:: 34% Defragment your hard drive soon! (Do NOT defrag if SSD!)

If you your hard disk is not a Solid State Drive please defrag you computer.

How to:
http://support.microsoft.com/kb/314848
===

Can you now run ComboFix.

#11 dansmail26

dansmail26
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 03 December 2013 - 12:45 PM

Errr - still won't run!   I then deleted all combofix references in the computer, redownloaded it and tried again - still no luck!



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:39 AM

Posted 03 December 2013 - 02:16 PM

I don't see anything with "ComboFix" on my desktop

.
You probably did not download the program to your desktop.



Download ComboFix from any of the links below but rename it to jaws239 before saving it to your desktop. <- Important.

Link 1
Link 2

Now you should have the ComboFix logo on the Desktop.
Run it as an Administrator.

Post the log.

#13 dansmail26

dansmail26
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 03 December 2013 - 05:06 PM

 

I don't see anything with "ComboFix" on my desktop

.
You probably did not download the program to your desktop.



Download ComboFix from any of the links below but rename it to jaws239 before saving it to your desktop. <- Important.

Link 1
Link 2

Now you should have the ComboFix logo on the Desktop.
Run it as an Administrator.

Post the log.

 

Don't know where this quote came from, I was able to download it and attempt to run it.

I did the follow tese directions and redownloaded it, then saved it under the jaws name.  It still would not run, just froze up again.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:39 AM

Posted 04 December 2013 - 08:47 AM

What are the current problems with this Computer at the moment.

#15 dansmail26

dansmail26
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 04 December 2013 - 09:07 AM

-Something is wrong, DDS and Combofix still freeze the computer up.

-While running DDS I noticed PEV.DAT kept showing up in task manager as a process, is that normal?

-Computer starts up very slow.

 

I am still worried I don't have a secure computer.

 

Thanks

Dan


Edited by dansmail26, 04 December 2013 - 09:08 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users