Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please check RogueKiller scan


  • This topic is locked This topic is locked
18 replies to this topic

#1 pcblues

pcblues

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:53 PM

Posted 15 February 2014 - 02:29 AM

Hello..
 
I have no idea if these entries present any real danger or harm and i'm not aware of any issues. Running MSE , also regulrary scan with Eset online scanner & for spyware, malware  etc and  all recent scans came up clean..
Thanks in advance :)

RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Restricted rights]
Mode : Scan -- Date : 02/13/2014 11:13:57
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] StartupMonitor.exe -- C:\WINDOWS\StartupMonitor.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 8 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (0.0.0.0:80 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{12037513-B6D4-4D38-8316-D65F17AD8C11} : NameServer (8.26.56.26,156.154.70.22 [UNITED STATES (US) - PHILIPPINES (PH)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{12037513-B6D4-4D38-8316-D65F17AD8C11} : NameServer (8.26.56.26,156.154.70.22 [UNITED STATES (US) - PHILIPPINES (PH)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{12037513-B6D4-4D38-8316-D65F17AD8C11} : NameServer (8.26.56.26,156.154.70.22 [UNITED STATES (US) - PHILIPPINES (PH)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS003\[...]\{12037513-B6D4-4D38-8316-D65F17AD8C11} : NameServer (8.26.56.26,156.154.70.22 [UNITED STATES (US) - PHILIPPINES (PH)]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x2] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

Finished : << RKreport[0]_S_02132014_111357.txt >>

Attached Files


Edited by Oh My, 20 February 2014 - 09:52 AM.
Log Posted


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 AM

Posted 20 February 2014 - 02:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/524372 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:53 AM

Posted 20 February 2014 - 09:57 AM

Greetings pcblues and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

It is less than ideal to come to any conclusions based on one report. While I review what you have posted please run this program for me so we can inspect another snapshot of your computer.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 pcblues

pcblues
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:53 PM

Posted 20 February 2014 - 10:09 PM

Hello Gary :) 

 

Thank you for the friendly response , it was worth the wait !

I truly appreciate the time and effort it takes to help everyone here.

I have run the Farbar tool as requested with the firewall shut down & disconnected from the net.

Hope there are no major issues and looking forward to your reply !

 

Thanks in advance !

 

Regards, Maggie

 

 

 

FRST log: 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-02-2014
Ran by Owner (administrator) on OWNER-44FFE017E on 21-02-2014 12:22:26
Running from C:\Documents and Settings\Owner\My Documents
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAcat.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\WINDOWS\StartupMonitor.exe
(Maxtor Corporation) C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Run StartupMonitor] - C:\WINDOWS\StartupMonitor.exe [86016 2000-05-20] ()
HKLM\...\Run: [basicsmssmenu] - C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [169328 2007-10-09] (Maxtor Corporation)
HKLM\...\Run: [@OnlineArmor GUI] - C:\Program Files\Online Armor\oaui.exe [7558464 2013-10-15] (Emsisoft GmbH)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [19722344 2010-11-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [RunNarrator] - C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled ()

==================== Internet (Whitelisted) ====================

ProxyServer: 0.0.0.0:80
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: KeyScramblerBHO Class - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks:  - {57B86673-276A-48B2-BAE7-C6DBB3020EB8} -  No File [ ]
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-15] (Emsisoft GmbH)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Tcpip\..\Interfaces\{12037513-B6D4-4D38-8316-D65F17AD8C11}: [NameServer]8.26.56.26,156.154.70.22

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\labmfapn.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\DOCUME~1\Owner\APPLIC~1\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Owner\Application Data\mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Owner\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Owner\Application Data\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Owner\Application Data\mozilla\plugins\npo1d.dll (Google)
FF Extension: Flash Video Downloader - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\labmfapn.default\Extensions\artur.dubovoy@gmail.com [2014-01-23]
FF Extension: NoScript - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\labmfapn.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2) [2010-11-26]
FF Extension: WOT - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\labmfapn.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: WOT - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\labmfapn.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2) [2012-03-03]
FF Extension: MEGA - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\labmfapn.default\Extensions\firefox@mega.co.nz.xpi [2014-01-18]
FF Extension: NoScript - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\labmfapn.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-07-06]
FF Extension: Adblock Plus - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\labmfapn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-08] (SUPERAntiSpyware.com)
R2 Basics Service; C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC)
S3 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96334 2009-09-08] (Canon Inc.)
S3 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
S3 gupdate1c9eed8d4f11bcc; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-06-17] (Google Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-15] (Emsisoft GmbH)
S4 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-15] (Emsisoft GmbH)

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1992864 2011-08-31] (Atheros Communications, Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc.              )
S3 FETNDISB; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [42496 2004-04-15] (VIA Technologies, Inc.              )
S3 ivusb; C:\WINDOWS\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [173880 2011-12-15] (QFX Software Corporation)
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [61552 2010-06-25] (Atheros Communications, Inc.)
S1 lusbaudio; C:\WINDOWS\System32\drivers\lvsound2.sys [34816 2002-06-10] (Logitech Inc.)
S3 LVBulk; C:\WINDOWS\System32\DRIVERS\LVBulk.sys [10254 2002-06-10] (Logitech Inc.)
S3 LVVI500A; C:\WINDOWS\System32\DRIVERS\lvvi500a.sys [188592 2002-06-10] (Logitech Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 OADevice; C:\WINDOWS\system32\drivers\OADriver.sys [210360 2013-10-15] ()
S1 oahlpXX; C:\WINDOWS\system32\drivers\oahlp32.sys [44984 2013-10-15] ()
R1 OAmon; C:\WINDOWS\system32\drivers\OAmon.sys [34856 2013-10-15] (Emsisoft)
R1 OAnet; C:\WINDOWS\system32\drivers\OAnet.sys [31912 2013-10-15] (Emsisoft)
S4 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
S3 S3GIGP; C:\WINDOWS\System32\DRIVERS\S3gIGPm.sys [634880 2006-11-15] (S3 Graphics Co., Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [33512 2012-11-09] (AnchorFree Inc)
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9216 2006-10-17] (VIA Technologies, Inc.)
R0 xfilt; C:\WINDOWS\System32\DRIVERS\xfilt.sys [17920 2006-10-18] (VIA Technologies,Inc)
S3 catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys [X]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; No ImagePath
S4 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S3 NTACCESS; \??\D:\NTACCESS.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 SetupNTGLM7X; \??\D:\NTGLM7X.sys [X]
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 WDC_SAM; system32\DRIVERS\wdcsam.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-21 12:22 - 2014-02-21 12:22 - 00014069 _____ () C:\Documents and Settings\Owner\My Documents\FRST.txt
2014-02-21 12:22 - 2014-02-21 12:22 - 00000208 _____ () C:\WINDOWS\pfirewall.log
2014-02-21 12:22 - 2014-02-21 12:22 - 00000000 ____D () C:\FRST
2014-02-21 12:07 - 2014-02-21 12:07 - 01142784 _____ (Farbar) C:\Documents and Settings\Owner\My Documents\FRST.exe
2014-02-16 13:03 - 2014-02-16 13:03 - 00004344 _____ () C:\Documents and Settings\Owner\My Documents\Conexant issues.txt
2014-02-16 10:34 - 2014-02-16 10:34 - 00124743 _____ () C:\Documents and Settings\Owner\My Documents\Win 7 upgrade test.mht
2014-02-16 10:34 - 2014-02-16 10:34 - 00124743 _____ () C:\Documents and Settings\Owner\My Documents\win 7 programs.mht
2014-02-16 10:26 - 2014-02-16 10:26 - 00001868 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2014-02-16 10:26 - 2014-02-16 10:26 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2014-02-16 10:04 - 2014-02-16 10:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-15 17:34 - 2014-02-15 17:48 - 108956093 _____ (Realtek Semiconductor Corp.) C:\Documents and Settings\Owner\My Documents\64bit_Win7_Win8_Win81_R273.exe
2014-02-14 11:46 - 2013-11-17 19:25 - 14639228 _____ () C:\Documents and Settings\Owner\My Documents\MusicBeeSetup_2_2.exe
2014-02-13 15:33 - 2014-02-13 15:36 - 06651675 _____ () C:\Documents and Settings\Owner\My Documents\How to get Stereo Mix in Windows 8.1 (Low).flv
2014-02-13 11:26 - 2014-02-13 11:26 - 00000861 _____ () C:\Documents and Settings\Owner\My Documents\aswMBR.txt
2014-02-13 11:20 - 2014-02-13 11:20 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Owner\My Documents\aswMBR.exe
2014-02-13 11:20 - 2014-02-13 11:20 - 04122976 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Owner\My Documents\tdsskiller.exe
2014-02-13 11:13 - 2014-02-13 11:13 - 00002109 _____ () C:\Documents and Settings\Owner\Desktop\RKreport[0]_S_02132014_111357.txt
2014-02-13 11:05 - 2014-02-13 11:21 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\RK_Quarantine
2014-02-13 10:51 - 2014-02-13 10:52 - 03813376 _____ () C:\Documents and Settings\Owner\My Documents\RogueKiller.exe
2014-02-12 22:00 - 2014-02-12 22:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-10 12:02 - 2014-02-10 12:02 - 00005505 _____ () C:\Documents and Settings\Owner\My Documents\Chicago blues.txt
2014-02-08 10:36 - 2014-02-08 10:37 - 10620264 _____ (McAfee Inc) C:\Documents and Settings\Owner\My Documents\stinger32.exe
2014-02-08 10:34 - 2014-02-08 10:34 - 00150782 _____ () C:\Documents and Settings\Owner\My Documents\Isis-Charter Hall Article Brisbane Courier - 7 Feb 14-pdf.axx
2014-01-27 12:23 - 2014-01-27 12:23 - 00000257 _____ () C:\Documents and Settings\Owner\Desktop\Shortcut to New Folder.lnk

==================== One Month Modified Files and Folders =======

2014-02-21 12:22 - 2014-02-21 12:22 - 00014069 _____ () C:\Documents and Settings\Owner\My Documents\FRST.txt
2014-02-21 12:22 - 2014-02-21 12:22 - 00000208 _____ () C:\WINDOWS\pfirewall.log
2014-02-21 12:22 - 2014-02-21 12:22 - 00000000 ____D () C:\FRST
2014-02-21 12:21 - 2012-02-17 15:13 - 00000000 ____D () C:\Program Files\Online Armor
2014-02-21 12:19 - 2012-04-24 20:33 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{563D7C44-1F81-46EE-A1E6-9D76FEB20CD1}.job
2014-02-21 12:07 - 2014-02-21 12:07 - 01142784 _____ (Farbar) C:\Documents and Settings\Owner\My Documents\FRST.exe
2014-02-21 11:29 - 2009-08-12 21:52 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-790525478-839522115-1003UA.job
2014-02-21 10:29 - 2012-03-09 07:08 - 00032354 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-21 07:40 - 2007-07-24 21:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-02-21 06:55 - 2012-03-08 20:16 - 01942312 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-21 06:47 - 2003-03-31 22:00 - 00012598 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-21 06:46 - 2012-03-09 07:08 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-02-21 06:46 - 2012-03-09 07:08 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-02-21 06:46 - 2007-07-24 20:20 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-21 01:29 - 2007-07-24 20:12 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-02-20 23:36 - 2007-07-26 09:20 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Skype
2014-02-20 20:59 - 2007-07-24 20:12 - 00000000 ____D () C:\Documents and Settings\Owner
2014-02-20 17:29 - 2009-08-12 21:52 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-790525478-839522115-1003Core.job
2014-02-20 14:25 - 2007-07-25 15:43 - 00001659 _____ () C:\WINDOWS\pstudio.ini
2014-02-20 12:06 - 2014-01-08 09:22 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Remember
2014-02-19 12:44 - 2007-08-03 08:24 - 00002497 _____ () C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
2014-02-17 09:08 - 2012-05-06 13:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-16 13:03 - 2014-02-16 13:03 - 00004344 _____ () C:\Documents and Settings\Owner\My Documents\Conexant issues.txt
2014-02-16 10:34 - 2014-02-16 10:34 - 00124743 _____ () C:\Documents and Settings\Owner\My Documents\Win 7 upgrade test.mht
2014-02-16 10:34 - 2014-02-16 10:34 - 00124743 _____ () C:\Documents and Settings\Owner\My Documents\win 7 programs.mht
2014-02-16 10:26 - 2014-02-16 10:26 - 00001868 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2014-02-16 10:26 - 2014-02-16 10:26 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2014-02-16 10:06 - 2014-02-16 10:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-15 17:48 - 2014-02-15 17:34 - 108956093 _____ (Realtek Semiconductor Corp.) C:\Documents and Settings\Owner\My Documents\64bit_Win7_Win8_Win81_R273.exe
2014-02-14 14:36 - 2012-11-16 21:56 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2014-02-14 13:44 - 2010-01-11 11:30 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\vlc
2014-02-13 15:36 - 2014-02-13 15:33 - 06651675 _____ () C:\Documents and Settings\Owner\My Documents\How to get Stereo Mix in Windows 8.1 (Low).flv
2014-02-13 12:23 - 2007-07-24 21:00 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-13 11:26 - 2014-02-13 11:26 - 00000861 _____ () C:\Documents and Settings\Owner\My Documents\aswMBR.txt
2014-02-13 11:21 - 2014-02-13 11:05 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\RK_Quarantine
2014-02-13 11:20 - 2014-02-13 11:20 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Owner\My Documents\aswMBR.exe
2014-02-13 11:20 - 2014-02-13 11:20 - 04122976 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Owner\My Documents\tdsskiller.exe
2014-02-13 11:13 - 2014-02-13 11:13 - 00002109 _____ () C:\Documents and Settings\Owner\Desktop\RKreport[0]_S_02132014_111357.txt
2014-02-13 10:52 - 2014-02-13 10:51 - 03813376 _____ () C:\Documents and Settings\Owner\My Documents\RogueKiller.exe
2014-02-12 22:00 - 2014-02-12 22:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-12 21:52 - 2007-07-25 03:42 - 00622582 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-12 21:45 - 2013-07-21 09:42 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-12 21:39 - 2007-07-24 21:17 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-12 21:30 - 2009-05-03 09:52 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-02-10 12:02 - 2014-02-10 12:02 - 00005505 _____ () C:\Documents and Settings\Owner\My Documents\Chicago blues.txt
2014-02-08 23:25 - 2013-06-12 10:35 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\25 nov playlist
2014-02-08 23:21 - 2012-08-17 21:25 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Best  Ballads
2014-02-08 23:14 - 2012-06-24 20:50 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\My Received Files
2014-02-08 14:02 - 2013-04-12 07:49 - 00000000 ____D () C:\Program Files\stinger
2014-02-08 10:37 - 2014-02-08 10:36 - 10620264 _____ (McAfee Inc) C:\Documents and Settings\Owner\My Documents\stinger32.exe
2014-02-08 10:34 - 2014-02-08 10:34 - 00150782 _____ () C:\Documents and Settings\Owner\My Documents\Isis-Charter Hall Article Brisbane Courier - 7 Feb 14-pdf.axx
2014-02-07 07:50 - 2007-07-24 21:30 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
2014-02-07 07:49 - 2013-02-12 11:02 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-07 07:49 - 2011-05-18 10:22 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-06 09:26 - 2012-06-13 12:34 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-06 09:26 - 2010-06-11 12:57 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-06 09:26 - 2009-06-11 16:39 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-06 09:26 - 2009-06-11 16:39 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-06 09:26 - 2009-03-08 04:33 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-06 09:26 - 2007-07-24 19:57 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-06 09:26 - 2007-04-25 18:41 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-06 09:26 - 2007-04-25 18:41 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-06 09:26 - 2007-04-25 18:41 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-06 09:26 - 2007-04-25 18:41 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-06 09:26 - 2006-11-07 21:03 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-06 09:26 - 2006-11-07 21:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-06 09:26 - 2006-11-07 21:03 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-06 09:26 - 2006-10-17 11:57 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-06 09:26 - 2004-08-04 00:56 - 06021120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-06 09:26 - 2004-08-04 00:56 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-06 09:26 - 2004-08-04 00:56 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-06 09:26 - 2004-08-04 00:56 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-06 09:26 - 2004-08-04 00:56 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-06 09:26 - 2004-08-04 00:56 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-06 09:26 - 2004-08-04 00:56 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-06 09:26 - 2004-08-04 00:56 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-06 09:26 - 2004-08-04 00:56 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-06 09:26 - 2004-08-04 00:56 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-06 09:26 - 2004-08-04 00:56 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-06 09:26 - 2004-08-04 00:56 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-06 09:26 - 2004-08-04 00:56 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-06 09:26 - 2004-08-04 00:56 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-06 09:26 - 2004-08-04 00:56 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-06 09:26 - 2004-08-04 00:56 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-06 09:26 - 2004-08-04 00:56 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-06 09:26 - 2004-08-04 00:56 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-06 09:26 - 2004-08-04 00:56 - 00067072 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-06 09:26 - 2004-08-04 00:56 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-06 09:26 - 2004-08-04 00:56 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-06 09:26 - 2004-08-04 00:56 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-06 09:26 - 2004-08-04 00:56 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-06 09:26 - 2004-08-04 00:56 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-06 09:26 - 2004-08-04 00:56 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-06 08:24 - 2004-08-03 22:59 - 00385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-02-06 03:54 - 2004-08-04 00:56 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-06 03:54 - 2004-08-04 00:56 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-05 09:50 - 2011-09-29 17:02 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-02-04 15:27 - 2007-07-27 18:32 - 00166400 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-27 12:23 - 2014-01-27 12:23 - 00000257 _____ () C:\Documents and Settings\Owner\Desktop\Shortcut to New Folder.lnk
2014-01-22 00:20 - 2013-05-10 11:35 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\OZ

Some content of TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\temp\ntdll_dump.dll


==================== Bamital & volsnap Check

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-02-2014
Ran by Owner at 2014-02-21 12:24:23
Running from C:\Documents and Settings\Owner\My Documents
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Online Armor Firewall (Disabled) {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

==================== Installed Programs ======================

ABC Now Uninstall (HKCU Version:  - Australian Broadcasting Corporation)
Adobe Flash Player 10 ActiveX (Version: 10.2.159.1 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe® Photoshop® Album Starter Edition 3.2 (Version: 3.2.0 - Adobe Systems, Inc.) Hidden
Adobe® Photoshop® Album Starter Edition 3.2 (Version: 3.2.0 - http://www.adobe.com)
ArcSoft PhotoBase (Version:  - )
ArcSoft PhotoStudio 2000 (Version:  - )
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.43 - Atheros Communications Inc.)
Audacity 1.2.6 (Version:  - )
AxCrypt 1.7.2126.0 (Version: 1.7.2126.0 - Axantum Software AB)
Canon Camera Access Library (Version: 8.5.0.2 - Canon Inc.)
Canon DIGITAL CAMERA Solution Disk Software Guide (Version: 1.1.0.2 - Canon Inc.)
Canon PowerShot A495 and PowerShot A490 Camera User Guide (Version: 1.0.0.2 - Canon Inc.)
Canon Solution Menu EX (Version:  - )
Canon Utilities CameraWindow (Version: 7.4.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (Version: 8.1.0.11 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (Version: 1.0.0.11 - Canon Inc.)
Canon Utilities MyCamera (Version: 7.3.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (Version: 6.5.0.14 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.3.0.4 - Canon Inc.)
CCleaner (Version: 4.02 - Piriform)
CD-LabelPrint (Version:  - )
Critical Update for Windows Media Player 11 (KB959772) (Version:  - Microsoft Corporation)
Download Navigator (Version: 1.1.0 - SEIKO EPSON CORPORATION)
Drive Manager (Version: 1.00.0012 - Seagate Technology)
Drive Manager (Version: 1.00.0012 - Seagate Technology) Hidden
Epson Easy Photo Print 2 (Version: 2.3.2.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
EPSON Scan (Version:  - Seiko Epson Corporation)
EPSON XP-100 Series Printer Uninstall (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (Version:  - )
FileASSASSIN (Version: 1.06 - Malwarebytes)
Flatcast Viewer Plugin 5.3.0.784 (Version:  - 1 mal 1 Software GmbH)
Google Earth (Version: 5.0.11733.9347 - Google)
Google Talk Plugin (Version: 5.1.4.17398 - Google)
Google Update Helper (Version: 1.3.21.123 - Google Inc.) Hidden
Gtk+ Runtime Environment 2.10.11-1 (Version: 2.10.11-1 - )
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000 - Microsoft Corporation)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.5215 - Intel Corporation)
IrfanView (remove only) (Version:  - )
Java 7 Update 25 (Version: 7.0.250 - Oracle)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 6.9.0 (Version: 6.9.0 - )
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
ManyCam 2.6.60 (remove only) (Version: 2.6.60 - ManyCam LLC)
Microsoft .NET Framework 1.1 (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (Version:  - Microsoft Corporation)
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft IntelliPoint 5.3 (Version: 5.30.606.0 - Microsoft)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version:  - Microsoft Corporation)
Microsoft Visual C Runtime (Version: 8.0.0 - Microsoft) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (Version: 27.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0 - Microsoft Corporation)
MusicBee 2.1 (Version: 2.1 - Steven Mayall)
Nero 7 Ultra Edition (Version: 7.02.6387 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Object Fix Zip (Version: 1.7 - Regall, LLC.)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OmniPage Pro 9.0 (Version:  - )
Online Armor 5.5 (Version: 5.5 - Emsi Software GmbH)
Open Ports Scanner 1.2 (Version:  - )
Paltalk Messenger  10.4 (Version: 10.4.0 - AVM Software Inc.)
Platform (Version: 1.22 - VIA Technologies, Inc.) Hidden
Qlock Lite (Version:  - )
QuickCam Drivers (Version:  - )
Realtek High Definition Audio Driver (Version: 5.10.0.6251 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 2.5.9 (Version: 2.5.9 - VS Revo Group, Ltd.)
SanDiskSecureAccess_Manager.exe (HKCU Version: 1.1.19269 - Gemalto N.V.)
SeaTools for Windows (Version: 1.2.0.4 - Seagate Technology)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 5.0 (Version: 5.0.0 - BrightFort LLC)
StartupMonitor (Version: 1.0.2.0 - Mike Lin)
SUPERAntiSpyware (Version: 5.0.1144 - SUPERAntiSpyware.com)
Switch (Version:  - NCH Swift Sound)
TP-LINK Wireless Client Utility (Version: 7.0 - TP-LINK) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
User's Guide EPSON XP-100 Series (Version:  - )
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VIA Platform Device Manager (Version: 1.22 - VIA Technologies, Inc.)
VIA/S3G Display Driver 6.14.10.0078 (Version:  - )
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player 1.0.3 (Version: 1.0.3 - VideoLAN Team)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows 7 Upgrade Advisor (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (Version: 3.0.0.0 - Microsoft Corporation)
Windows Installer Clean Up (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20061107.210142 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Format SDK Hotfix - KB891122 (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
Windows Search 4.0 (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (Version:  - )
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

==================== Restore Points  =========================

23-11-2013 02:25:11 System Checkpoint
23-11-2013 23:44:04 Software Distribution Service 3.0
25-11-2013 00:53:10 System Checkpoint
25-11-2013 22:39:05 Software Distribution Service 3.0
26-11-2013 23:02:33 System Checkpoint
27-11-2013 01:58:58 Software Distribution Service 3.0
28-11-2013 06:58:08 System Checkpoint
29-11-2013 00:05:32 Software Distribution Service 3.0
30-11-2013 00:08:59 Software Distribution Service 3.0
01-12-2013 00:34:17 System Checkpoint
02-12-2013 01:01:13 Software Distribution Service 3.0
03-12-2013 02:08:57 System Checkpoint
03-12-2013 11:40:27 Software Distribution Service 3.0
04-12-2013 19:05:47 Software Distribution Service 3.0
05-12-2013 22:12:52 Software Distribution Service 3.0
06-12-2013 22:21:41 System Checkpoint
07-12-2013 21:40:56 Software Distribution Service 3.0
08-12-2013 23:57:12 Software Distribution Service 3.0
10-12-2013 03:02:27 Software Distribution Service 3.0
11-12-2013 03:07:58 System Checkpoint
11-12-2013 04:11:35 Software Distribution Service 3.0
11-12-2013 04:40:12 Software Distribution Service 3.0
12-12-2013 08:02:28 System Checkpoint
12-12-2013 22:47:49 Software Distribution Service 3.0
12-12-2013 22:55:42 Software Distribution Service 3.0
14-12-2013 00:05:43 System Checkpoint
14-12-2013 23:26:51 Software Distribution Service 3.0
16-12-2013 00:04:05 System Checkpoint
17-12-2013 00:18:16 Software Distribution Service 3.0
18-12-2013 03:10:28 System Checkpoint
18-12-2013 04:22:11 Software Distribution Service 3.0
19-12-2013 04:47:13 System Checkpoint
20-12-2013 06:33:14 Software Distribution Service 3.0
21-12-2013 06:58:32 System Checkpoint
22-12-2013 00:10:05 Software Distribution Service 3.0
23-12-2013 05:46:04 Software Distribution Service 3.0
24-12-2013 06:09:11 System Checkpoint
24-12-2013 21:59:25 Software Distribution Service 3.0
25-12-2013 23:46:30 Software Distribution Service 3.0
27-12-2013 00:12:52 System Checkpoint
28-12-2013 03:52:44 System Checkpoint
29-12-2013 00:47:34 Software Distribution Service 3.0
30-12-2013 00:48:37 System Checkpoint
30-12-2013 22:54:01 Software Distribution Service 3.0
31-12-2013 23:31:21 Software Distribution Service 3.0
01-01-2014 23:44:52 Software Distribution Service 3.0
03-01-2014 06:57:59 Software Distribution Service 3.0
04-01-2014 07:58:34 Software Distribution Service 3.0
05-01-2014 08:53:45 System Checkpoint
05-01-2014 22:46:08 Software Distribution Service 3.0
06-01-2014 23:55:58 Software Distribution Service 3.0
08-01-2014 00:20:06 System Checkpoint
09-01-2014 00:05:07 Software Distribution Service 3.0
10-01-2014 00:18:08 Software Distribution Service 3.0
11-01-2014 00:27:29 Software Distribution Service 3.0
12-01-2014 00:28:56 System Checkpoint
12-01-2014 23:56:32 Software Distribution Service 3.0
14-01-2014 00:28:02 System Checkpoint
15-01-2014 00:53:58 Software Distribution Service 3.0
15-01-2014 05:49:36 Software Distribution Service 3.0
16-01-2014 01:23:09 Software Distribution Service 3.0
17-01-2014 03:03:28 System Checkpoint
17-01-2014 23:08:31 Software Distribution Service 3.0
18-01-2014 23:40:02 Software Distribution Service 3.0
20-01-2014 00:49:33 System Checkpoint
21-01-2014 02:02:34 System Checkpoint
21-01-2014 23:42:51 Software Distribution Service 3.0
23-01-2014 02:21:29 System Checkpoint
23-01-2014 22:29:25 Software Distribution Service 3.0
24-01-2014 23:40:17 Software Distribution Service 3.0
26-01-2014 00:05:54 Software Distribution Service 3.0
27-01-2014 00:38:32 Software Distribution Service 3.0
28-01-2014 04:03:26 System Checkpoint
29-01-2014 01:55:39 Software Distribution Service 3.0
30-01-2014 03:43:14 System Checkpoint
30-01-2014 20:21:48 Software Distribution Service 3.0
01-02-2014 00:02:52 Software Distribution Service 3.0
02-02-2014 02:03:10 Software Distribution Service 3.0
03-02-2014 02:53:14 System Checkpoint
03-02-2014 22:29:06 Software Distribution Service 3.0
04-02-2014 23:29:08 System Checkpoint
05-02-2014 21:37:54 Software Distribution Service 3.0
07-02-2014 02:01:20 System Checkpoint
07-02-2014 22:05:58 Software Distribution Service 3.0
08-02-2014 23:39:39 Software Distribution Service 3.0
10-02-2014 00:46:17 System Checkpoint
10-02-2014 21:05:54 Software Distribution Service 3.0
12-02-2014 00:43:43 Software Distribution Service 3.0
12-02-2014 11:21:08 Software Distribution Service 3.0
13-02-2014 21:05:33 Software Distribution Service 3.0
14-02-2014 22:00:43 Software Distribution Service 3.0
15-02-2014 22:30:20 Software Distribution Service 3.0
16-02-2014 00:26:54 Installed Windows 7 Upgrade Advisor
16-02-2014 23:19:46 Software Distribution Service 3.0
17-02-2014 23:48:32 System Checkpoint
18-02-2014 11:30:05 Software Distribution Service 3.0
19-02-2014 21:33:34 Software Distribution Service 3.0
20-02-2014 21:57:37 System Checkpoint

==================== Hosts content: ==========================

2003-03-31 22:00 - 2013-07-11 17:16 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1ca545faa06ed8c.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-790525478-839522115-1003Core.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-790525478-839522115-1003UA.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{563D7C44-1F81-46EE-A1E6-9D76FEB20CD1}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2008-10-09 21:50 - 2007-09-20 18:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2000-05-20 17:23 - 2000-05-20 17:23 - 00086016 _____ () C:\WINDOWS\StartupMonitor.exe
2014-02-16 10:04 - 2014-02-16 10:04 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2004-08-04 00:56 - 2013-01-02 16:49 - 01292288 ____N () C:\WINDOWS\system32\quartz.dll
2004-08-04 00:56 - 2008-04-14 10:11 - 00014336 ____N () C:\WINDOWS\system32\msdmo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: LogitechImageStudioTray => C:\Program Files\Logitech\ImageStudio\LogiTray.exe
MSCONFIG\startupreg: MimBoot => C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
MSCONFIG\startupreg: MMTray => "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2014 00:20:12 PM) (Source: Application Hang) (User: )
Description: Hanging application FRST.exe, version 3.3.10.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/12/2014 10:36:03 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\NEW FOLDER.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (02/12/2014 10:36:03 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\NEW FOLDER.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (02/12/2014 10:36:03 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\NEW FOLDER.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (02/12/2014 10:36:03 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\NEW FOLDER.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (02/12/2014 10:36:03 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\A CODES.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (02/12/2014 10:36:03 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\A CODES.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (02/12/2014 10:36:00 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (02/12/2014 10:35:59 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\REMEMBER.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (02/12/2014 10:35:59 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\REMEMBER.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============
Error: (02/21/2014 11:49:50 AM) (Source: Dhcp) (User: )
Description: The IP address lease 10.1.1.2 for the Network Card with network address 14DAE98FD408 has been
denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/21/2014 06:46:26 AM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (02/20/2014 10:47:28 PM) (Source: Dhcp) (User: )
Description: The IP address lease 10.1.1.2 for the Network Card with network address 14DAE98FD408 has been
denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/20/2014 08:32:35 PM) (Source: Dhcp) (User: )
Description: The IP address lease 10.1.1.2 for the Network Card with network address 14DAE98FD408 has been
denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/20/2014 06:01:03 PM) (Source: Dhcp) (User: )
Description: The IP address lease 10.1.1.2 for the Network Card with network address 14DAE98FD408 has been
denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/20/2014 11:07:48 AM) (Source: Dhcp) (User: )
Description: The IP address lease 10.1.1.2 for the Network Card with network address 14DAE98FD408 has been
denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/20/2014 07:22:01 AM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (02/19/2014 09:04:19 PM) (Source: Dhcp) (User: )
Description: The IP address lease 10.1.1.2 for the Network Card with network address 14DAE98FD408 has been
denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/19/2014 04:43:47 PM) (Source: Dhcp) (User: )
Description: The IP address lease 10.1.1.2 for the Network Card with network address 14DAE98FD408 has been
denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/19/2014 00:16:42 PM) (Source: Dhcp) (User: )
Description: The IP address lease 10.1.1.2 for the Network Card with network address 14DAE98FD408 has been
denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).


Microsoft Office Sessions:
=========================
Error: (02/21/2014 00:20:12 PM) (Source: Application Hang)(User: )
Description: FRST.exe3.3.10.2hungapp0.0.0.000000000

Error: (02/12/2014 10:36:03 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\NEW FOLDER.LNK

Error: (02/12/2014 10:36:03 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\NEW FOLDER.LNK

Error: (02/12/2014 10:36:03 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\NEW FOLDER.LNK

Error: (02/12/2014 10:36:03 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\NEW FOLDER.LNK

Error: (02/12/2014 10:36:03 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\A CODES.LNK

Error: (02/12/2014 10:36:03 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\A CODES.LNK

Error: (02/12/2014 10:36:00 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (02/12/2014 10:35:59 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\REMEMBER.LNK

Error: (02/12/2014 10:35:59 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\REMEMBER.LNK


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 2013.04 MB
Available physical RAM: 1100.51 MB
Total Pagefile: 3300 MB
Available Pagefile: 2560.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1927.25 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:140.42 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: () (Fixed) (Total:97.39 GB) (Free:41.17 GB) FAT32 ==>[Drive with boot components (Windows XP)]
Drive f: (SYSTEM_SAV) (Fixed) (Total:51.63 GB) (Free:44.68 GB) FAT32
Drive h: (Elements) (Fixed) (Total:2328.76 GB) (Free:245.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: A9F62E3A)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 375CB4AD)
Partition 1: (Active) - (Size=97 GB) - (Type=0C)
Partition 2: (Not Active) - (Size=52 GB) - (Type=OF Extended)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 2.

==================== End Of Log ============================



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:53 AM

Posted 21 February 2014 - 12:47 PM

Hi Maggie,

Nice to meet you. It appears you are quite diligent in your computer habits. :thumbsup2:

These IP addresses appear to be legitimate but I would like you to click on each link to see if the companies are familiar to you:

8.26.56.26
156.154.70.22

I would like to clean up some entries, including resetting the ProxyServer.

Please consider and do this for me.

===================================================

Spybot S&D No Longer Recommended

--------------------

MVPS.org is no longer recommending Spybot S&D due to poor testing results. (scroll down on the web site and read under Freeware Antispyware Products)

I strongly recommend uninstalling Spybot Search & Destroy. The presence of this program can make cleaning your computer more difficult.

If you choose to uninstall please go to Start, Control Panel, Add/Remove Programs (or Programs and Features) and uninstall the program.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
ProxyServer: 0.0.0.0:80
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
ShellExecuteHooks:  - {57B86673-276A-48B2-BAE7-C6DBB3020EB8} -  No File [ ]
S4 IntelIde; No ImagePath
C:\Documents and Settings\Owner\Local Settings\temp\ntdll_dump.dll
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 pcblues

pcblues
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:53 PM

Posted 21 February 2014 - 09:03 PM

Hi Gary :)

 

Thanks for your response..nice to meet you too !

 

I shall start at the beginning..clicked on the ip addresses in your post and i have no idea whatsoever

who or what they are..and i am puzzled why would they appear in my computer..

Also , I have never intentionally used or set up a ProxyServer, though a few years back for a short time

i used a free vpn called Hotspot but discarded it after a short period.

I am as you say  ( trying to be ) "quite diligent" in my computer habits and i'd like to find the explanation for these issues.

 

Uninstalled Spybot S&D & i assume MWB Ok to use.

 

Computer seems to be running ok..no obvious signs of problems and i hope no nasty surprises lurking in the backround.

 

Ran FRST as suggested ( in normal mode )

 

Regards,

Maggie

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-02-2014
Ran by Owner at 2014-02-22 11:16:28 Run:1
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
ProxyServer: 0.0.0.0:80
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
ShellExecuteHooks:  - {57B86673-276A-48B2-BAE7-C6DBB3020EB8} -  No File [ ]
S4 IntelIde; No ImagePath
C:\Documents and Settings\Owner\Local Settings\temp\ntdll_dump.dll
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Value deleted successfully.
HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => Value deleted successfully.
HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} => Value deleted successfully.
HKCR\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} => Key not found.
IntelIde => Service deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\ntdll_dump.dll => Moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":5C321E34" ADS removed successfully.

==== End of Fixlog ====



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:53 AM

Posted 21 February 2014 - 09:49 PM

Hi Maggie,

Malwarebytes is fine to use.

I can't give you an explanation as to how those entries found their way onto your computer. Since the IP's are legitimate businesses I wouldn't be too concerned, although we can delete them. Please do this for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Tcpip\..\Interfaces\{12037513-B6D4-4D38-8316-D65F17AD8C11}: [NameServer]8.26.56.26,156.154.70.22
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Are you concerned about any other issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 pcblues

pcblues
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:53 PM

Posted 21 February 2014 - 11:21 PM

Hi Gary

 

Thanks for the fast response !

Regarding those entries..even if they are legit businesses I prefer not to have stuff in my pc that i did not

acquire/install on purpose..any way of finding out what they actually do or programs associated with them.

I am always very careful not to get lured into getting third party stuff etc..and i don't like unexplained events.

Curious minds & all..lol ( I am happy to do the research if you point me in the right direction )

 

Computer is running OK.. since you haven't mentioned it in your reply, I would like to know what you make of the Roguekiller log in my first post.

 

New FRST log below..

 

Regards :)  Maggie

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-02-2014
Ran by Owner at 2014-02-22 13:58:12 Run:2
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Tcpip\..\Interfaces\{12037513-B6D4-4D38-8316-D65F17AD8C11}: [NameServer]8.26.56.26,156.154.70.22
*****************

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{12037513-B6D4-4D38-8316-D65F17AD8C11}\\NameServer => Value deleted successfully.

==== End of Fixlog ====



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:53 AM

Posted 21 February 2014 - 11:39 PM

Sorry I didn't address all of the entries in RogueKiller. I focused on the ones we just dealt with.

RogueKiller automatically checks for certain entries regardless of whether or not they are malicious. These are 3 of those entries and they are legitimate.
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
----------

This entry I am assuming you are aware of and wanted it on your computer. This is just a flag letting us know to check it, not a determination it is bad. If you are unaware of the program then we need to deal with it.
[SUSP PATH] StartupMonitor.exe -- C:\WINDOWS\StartupMonitor.exe [-] -> KILLED [TermProc]

Edited by Oh My, 21 February 2014 - 11:46 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 pcblues

pcblues
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:53 PM

Posted 22 February 2014 - 02:21 AM

Many thanks for clearing that up Gary.. it was the first time i used Roguekiller i ages,

as a rule i try different tools at times  just to see if anything slipped by my standard scans.

Yes i am aware of StartupMonitor..is it Ok to keep ?

Truly appreciate your assistance , luckily it wasn't anything major.

 

Goodnite & have a lovely weekend !

 

Regards :) Maggie



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:53 AM

Posted 22 February 2014 - 01:47 PM

Hi Maggie,

StartupMonitor is perfectly fine. You are doing quite well on maintaining your computer security. Keep up the good work!

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean

--------------

Your machine appears to be clean. You can remove any of the programs or logs on your system as a result of our efforts together. Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a couple of days in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 pcblues

pcblues
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:53 PM

Posted 22 February 2014 - 07:28 PM

Hi Gary

 

Excellent news :dance: many thanks for your patience and the friendly manner you provide assistance !

I will peruse the suggested readings :busy:  I know there's always room for improvement and one

has to be vigilant to stop the "bugs" taking over !

 

Appreciate leaving the topic open in case anything crops up.

 

Regards :)

 

Maggie



#13 pcblues

pcblues
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:53 PM

Posted 23 February 2014 - 09:02 PM

Hi Gary :)

 

After my last post it occured to me that I still don't know how or why i had the ProxyServer in my computer..

I have never used or set up a ProxyServer and have no idea or if it was active and how it functioned.

Did it enable someone to monitor my activities ?

Anyway I decided to run the Roguekiller again , those IP addresses back again, but no mention of the ProxyServer.

Please let me know what you think..

 

Many thanks in advance..

 

Cheers , Maggie

 

 

RogueKiller V8.8.8 [Feb 19 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Restricted rights]
Mode : Scan -- Date : 02/24/2014 11:29:49
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] StartupMonitor.exe -- C:\WINDOWS\StartupMonitor.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[DNS][PUM] HKLM\[...]\CS002\[...]\{12037513-B6D4-4D38-8316-D65F17AD8C11} : NameServer (8.26.56.26,156.154.70.22 [UNITED STATES (US) - PHILIPPINES (PH)]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x2] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

Finished : << RKreport[0]_S_02242014_112949.txt >>
RKreport[0]_S_02242014_112605.txt;RKreport[0]_S_02242014_112745.txt;RKreport[0]_S_02242014_112844.txt



 

 

 

 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:53 AM

Posted 24 February 2014 - 09:42 AM

Hi Maggie,

I will tell you at the start there is no reason to be concerned.

That Proxy Server can simply be the aftermath of malware on your computer. Since the IP address is 0.0.0.0 that basically leads to nowhere. Often times malware inserts that configuration, including Port 80, in order to prevent access to the internet. If you type ping 0.0.0.0 from a command prompt it will give you a general error since it leads to nowhere. I can't tell you how that got on your computer but that is the best explanation I can offer.

Regarding the IP address that came up again. That is pretty much my fault. Your computer has several copies of the registry, some of which serve as backups in case something goes haywire. For example, if you boot into the Advanced Boot Options and select Last Known Good Configuration, that causes the computer to boot with a backup copy of your registry. The entry that came up in the latest RogueKiller report is one of those backup copies. So it has not been loaded and it is not active but in theory given the right set of circumstances it could become active. Simply select that item for deletion after your rerun RogueKiller.

Let me know how it goes.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 pcblues

pcblues
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:53 PM

Posted 24 February 2014 - 10:14 AM

Hi Gary...

 

Thanks for getting back to me on this & setting my mind @ ease..

I did some searchin' and it seems one of the IP addresses belong to Comodo..

used their firewall for a while a few years back..

I should  also know that everything is replicated..and as a rule I always reset

System Restore and flush out any remnants hiding in there.. this time i didnt. :lmao:

I will run Roguekiller again..( hope i didnt sound too neurotic.).

 

Thanks for your patience & support !

 

Cheers. :) Maggie

 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users