Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Thread for DDS Check


  • This topic is locked This topic is locked
53 replies to this topic

#1 faye raye

faye raye

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:28 PM

Posted 09 March 2014 - 01:29 AM

Hello. I was asked in this thread: http://www.bleepingcomputer.com/forums/t/526230/help-please-theres-a-new-account-i-did-not-make-on-my-start-up/#entry3309207 to make a new one, and post my DDS results. Here they are:
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Dashel R at 21:35:06 on 2014-03-08
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.510.130 [GMT -8:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
uDefault_Search_URL = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
dURLSearchHooks: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - <orphaned>
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: SpeedBit Link Verification Helper: {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - c:\program files\dap\LinkVerifier.dll
TB: AIM Search: {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - c:\program files\aim toolbar\AIMBar.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: <No Name>: ITBarLayout - LocalServer32 - <no file>
TB: AIM Search: {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - c:\program files\aim toolbar\AIMBar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: FreshDownload Bar: {ED0E8CA5-42FB-4B18-997B-769E0408E79D} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [pcreg] c:\program files\pcreg\service.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [tscuninstall] c:\windows\system32\tscupgrd.exe
dRunOnce: [RunNarrator] Narrator.exe
mExplorerRun: [SysLogger32] rundll32.exe "c:\windows\security\syslogs\core32_176.dll",z
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: &Verify with DAP - c:\program files\dap\dapverify.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {413D68F3-BF21-4E7B-ACA6-50C6394304BC} - c:\program files\freshdevices\freshdownload\fd.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - <orphaned>
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\\DownloadPDF.exe
LSP: c:\program files\speedbit video accelerator\sblsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1351444110390
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348869713890
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll
Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\windows\system32\AppInitHook321.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dashel r\application data\mozilla\firefox\profiles\abg9ebcp.default\
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_70.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 193552]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\vmlaunch\BuddyVM.sys [2004-10-5 15872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys --> c:\windows\system32\drivers\anvsnddrv.sys [?]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys --> c:\windows\system32\drivers\cccp106.sys [?]
S3 cpuz136;cpuz136;\??\c:\docume~1\dashel~1\locals~1\temp\cpuz136\cpuz136_x32.sys --> c:\docume~1\dashel~1\locals~1\temp\cpuz136\cpuz136_x32.sys [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-3-1 35144]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-2-18 40776]
S3 mfeavfk06;McAfee Inc.;\Device\mfeavfk06.sys --> \Device\mfeavfk06.sys [?]
S3 mfebopk26;McAfee Inc.;\Device\mfebopk26.sys --> \Device\mfebopk26.sys [?]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-2-6 133392]
S3 SBUpdd;SpeedBit UpdateD;\??\c:\program files\common files\speedbit\sbupdate\sbw.sys --> c:\program files\common files\speedbit\sbupdate\sbw.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-3-7 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-3-7 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-3-7 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-3-7 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-3-7 25704]
S4 0096561348771546mcinstcleanup;McAfee Application Installer Cleanup (0096561348771546);c:\docume~1\dashel~1\locals~1\temp\009656~1.exe -cleanup -nolog --> c:\docume~1\dashel~1\locals~1\temp\009656~1.EXE -cleanup -nolog [?]
S4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2011-5-4 25824]
S4 pcregservice;pcregservice Service;c:\program files\pcreg\pcreg.exe --> c:\program files\pcreg\pcreg.exe [?]
S4 SBUpd;SpeedBit Update;c:\program files\common files\speedbit\sbupdate\sbu.exe /service --> c:\program files\common files\speedbit\sbupdate\sbu.exe  [?]
S4 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088]
S4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
S4 WefiEngSvc;WeFi Engine Service;c:\program files\wefi\WefiEngSvc.exe [2010-11-3 120152]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\WORDPAD.EXE="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]
ShellExec: Documents.exe: open=c:\documents and settings\dashel r\my documents\downloads\PSXGameEdit.exe "%1"
.
=============== Created Last 30 ================
.
2014-03-08 16:24:57    7947048    ----a-w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f9213592-80fd-4b42-90a7-4a6fbcd6458f}\mpengine.dll
2014-03-08 04:52:09    --------    d-----w-    c:\documents and settings\all users\application data\Viewpoint
2014-03-08 04:52:04    --------    d-----w-    c:\program files\Viewpoint
2014-03-07 15:47:35    13312    -c----w-    c:\windows\system32\dllcache\xp_eos.exe
2014-03-07 15:47:35    13312    ------w-    c:\windows\system32\xp_eos.exe
2014-03-07 03:44:50    --------    d-----w-    c:\windows\ERUNT
2014-03-06 06:34:35    --------    d-----w-    c:\documents and settings\dashel r\local settings\application data\JiveshwarWiFiHotSpotMaker
2014-03-06 04:34:31    --------    d-----w-    c:\program files\JiveshwarSharma.com
2014-03-06 01:59:06    7947048    ------w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-03-04 19:16:13    --------    d-----w-    c:\documents and settings\dashel r\New Folder
2014-03-01 23:04:50    --------    d-----w-    c:\documents and settings\dashel r\local settings\application data\SpeedBIT
2014-03-01 23:04:50    --------    d-----w-    c:\documents and settings\dashel r\application data\SpeedBit
2014-03-01 23:04:24    --------    d-----w-    c:\program files\DAP
2014-03-01 22:15:47    --------    d-----w-    c:\program files\common files\SpeedBit
2014-02-26 22:11:20    --------    d-----w-    c:\program files\WIFi Locator
2014-02-25 03:41:10    --------    d-----w-    c:\program files\WeFi
2014-02-23 16:41:34    --------    d-----w-    C:\AdwCleaner
2014-02-22 22:55:38    17858952    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2014-02-20 01:55:10    --------    d-----w-    c:\program files\iTunes
2014-02-20 01:55:10    --------    d-----w-    c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-20 01:50:44    --------    d-----w-    c:\program files\Bonjour
2014-02-18 18:07:04    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2014-02-17 08:38:43    --------    dc-h--w-    c:\windows\ie8
2014-02-15 06:02:02    93808    ----a-w-    c:\program files\mozilla firefox\webapprt-stub.exe
2014-02-15 06:02:02    22776944    ----a-w-    c:\program files\mozilla firefox\xul.dll
2014-02-15 06:02:00    170960    ----a-w-    c:\program files\mozilla firefox\webapp-uninstaller.exe
2014-02-15 06:00:57    194560    ----a-w-    c:\program files\mozilla firefox\maintenanceservice_installer.exe
2014-02-15 06:00:25    118896    ----a-w-    c:\program files\mozilla firefox\maintenanceservice.exe
2014-02-15 06:00:24    647280    ----a-w-    c:\program files\mozilla firefox\libGLESv2.dll
2014-02-15 06:00:24    53360    ----a-w-    c:\program files\mozilla firefox\libEGL.dll
2014-02-15 06:00:23    3494512    ----a-w-    c:\program files\mozilla firefox\gkmedias.dll
2014-02-15 06:00:23    307824    ----a-w-    c:\program files\mozilla firefox\freebl3.dll
2014-02-15 06:00:23    275568    ----a-w-    c:\program files\mozilla firefox\firefox.exe
2014-02-15 06:00:22    2106216    ----a-w-    c:\program files\mozilla firefox\D3DCompiler_43.dll
2014-02-15 06:00:22    117360    ----a-w-    c:\program files\mozilla firefox\crashreporter.exe
2014-02-15 06:00:19    272496    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-02-15 06:00:17    75376    ----a-w-    c:\program files\mozilla firefox\breakpadinjector.dll
2014-02-15 06:00:16    20080    ----a-w-    c:\program files\mozilla firefox\AccessibleMarshal.dll
2014-02-11 20:51:40    --------    d-----w-    C:\New Folder
.
==================== Find3M  ====================
.
2014-02-22 22:56:42    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-02-22 22:56:41    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 23:26:52    920064    ----a-w-    c:\windows\system32\wininet.dll
2014-02-05 23:26:43    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2014-02-05 23:26:42    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-02-05 23:26:37    18944    ----a-w-    c:\windows\system32\corpol.dll
2014-02-05 22:24:05    385024    ----a-w-    c:\windows\system32\html.iec
2014-01-19 07:32:23    231584    ------w-    c:\windows\system32\MpSigStub.exe
2014-01-04 03:13:05    420864    ----a-w-    c:\windows\system32\vbscript.dll
2005-06-01 18:14:41    823296    -c--a-w-    c:\program files\winmx353.exe
2005-05-20 09:16:07    4354084    -c--a-w-    c:\program files\spybotsd13.exe
2005-05-20 09:04:26    37700    -c--a-w-    c:\program files\PopUpStopperFree.exe
2005-05-12 21:47:20    3149616    -c--a-w-    c:\program files\dap74.exe
2005-05-04 01:59:07    6179507    -c--a-w-    c:\program files\4UWMAMP3Converter.exe
2004-12-30 20:08:33    7741336    -c--a-w-    c:\program files\DivX521XP2K.exe
.
============= FINISH: 21:38:28.79 ===============



BC AdBot (Login to Remove)

 


#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 PM

Posted 09 March 2014 - 01:46 AM

This ones I have used almost 10 years ago.They were good once upon a time.

Ad-Aware SE Personal
Spybot - Search & Destroy 1.3

I suggest to uninstall them.Why you need this speedbit video accelerator?



#3 faye raye

faye raye
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:28 PM

Posted 09 March 2014 - 10:24 AM

I wasn't able to put the Attach file when I mistakenly posted this thread in the other section so here that is.

 

Should I uninstall or update them? And as for Speedbit, that was something downloaded recently because I thought it would help the loading of Youtube and other video sites, but it didn't really work. I had uninstalled it, but I guess there was some left behind, or, it got re-installled as a sidebar to another program.

Attached Files


Edited by faye raye, 09 March 2014 - 10:29 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:28 PM

Posted 11 March 2014 - 09:13 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#5 faye raye

faye raye
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:28 PM

Posted 11 March 2014 - 01:05 PM

When I tried to run RogueKiller, the Pre-Sacn caused a Blue Error Screen.

 

ADWCleaner:

 

# AdwCleaner v3.021 - Report created 11/03/2014 at 09:59:24
# Updated 10/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Dashel R - NO1
# Running from : C:\Documents and Settings\Dashel R\My Documents\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[x] Not Deleted : C:\Documents and Settings\All Users\Application Data\NCH Software
[x] Not Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
[x] Not Deleted : C:\Program Files\NCH Software
[x] Not Deleted : C:\Program Files\Viewpoint
[x] Not Deleted : C:\Program Files\Freecorder
[x] Not Deleted : C:\Documents and Settings\Dashel R\Local Settings\Application Data\Freecorder
[x] Not Deleted : C:\Documents and Settings\Dashel R\Application Data\NCH Software
[x] Not Deleted : C:\Documents and Settings\Dashel R\Start Menu\Programs\Freecorder

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[x] Not Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\Freecorder
Key Deleted : HKLM\Software\MetaStream
[x] Not Deleted : HKLM\Software\Viewpoint
[x] Not Deleted : HKLM\Software\Freecorder
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Freecorder Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\prefs.js ]

Line Deleted : user_pref("extensions.daplinkchecker@speedbit.com.install-event-fired", true);

*************************

AdwCleaner[R0].txt - [23930 octets] - [23/02/2014 09:41:40]
AdwCleaner[R1].txt - [24524 octets] - [06/03/2014 18:56:18]
AdwCleaner[R2].txt - [2904 octets] - [11/03/2014 09:55:55]
AdwCleaner[S0].txt - [24451 octets] - [06/03/2014 20:01:12]
AdwCleaner[S1].txt - [2923 octets] - [11/03/2014 09:59:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2983 octets] ##########

 

 

JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by Dashel R on Tue 03/11/2014 at 10:10:07.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\viewpoint"
Successfully deleted: [Folder] "C:\Program Files\viewpoint"



~~~ FireFox

Emptied folder: C:\Documents and Settings\Dashel R\Application Data\mozilla\firefox\profiles\abg9ebcp.default\minidumps [10 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/11/2014 at 10:20:44.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Farbar:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2014
Ran by Dashel R (administrator) on NO1 on 11-03-2014 10:25:04
Running from C:\Documents and Settings\Dashel R\My Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(America Online, Inc.) C:\WINDOWS\wanmpsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe
(CyberLink Corp.) C:\Program Files\Dell\Media Experience\PCMService.exe
(Intel Corporation) C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
() C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Speedbit Ltd.) C:\Program Files\DAP\DAP.EXE
() C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [PCMService] - C:\Program Files\Dell\Media Experience\PCMService.exe [290816 2004-04-11] (CyberLink Corp.)
HKLM\...\Run: [IntelMeM] - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [221184 2003-09-03] (Intel Corporation)
HKLM\...\Run: [IMJPMIG8.1] - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [IMEKRMIG6.1] - C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [44032 2004-08-12] (Microsoft Corporation)
HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\tfswctrl.exe [127035 2004-11-16] (Sonic Solutions)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [1388544 2004-06-30] (Analog Devices, Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [947176 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [Freecorder FLV Service] - C:\Program Files\Freecorder\FLVSrvc.exe [167936 2010-06-26] (Applian Technologies, Inc.)
HKLM\...\Run: [Dell Photo AIO Printer 922] - C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe [290816 2004-06-18] ()
HKLM\...\Run: [MSConfig] - C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [169984 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [pcreg] - C:\Program Files\pcreg\service.exe
HKLM\...\Policies\Explorer\Run: [SysLogger32] - C:\Windows\security\Syslogs\core32_176.dll [1448960 2013-08-22] ( ())
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-25] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [RunNarrator] - C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-329806685-2581723038-1583669757-1007\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-329806685-2581723038-1583669757-1007\...\Run: [DownloadAccelerator] - C:\Program Files\DAP\DAP.EXE [4110992 2014-03-01] (Speedbit Ltd.)
HKU\S-1-5-21-329806685-2581723038-1583669757-1007\...\Policies\Explorer: [HideSCAHealth] 1
AppInit_DLLs: C:\WINDOWS\system32\AppInitHook321.dll => C:\WINDOWS\system32\AppInitHook321.dll [297984 2013-08-22] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x501A9490F22FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {1C0A9D8F-DBDD-D292-72D5-646CEFA495BB} URL =
SearchScopes: HKCU - {3752E508-E868-40e0-BF0F-FE6D37499D75} URL = http://www.ask.com/web?&o=13795&l=dis&q={searchTerms}
SearchScopes: HKCU - {C1D477AE-060A-42D1-B03B-18D7E14CABB3} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20121249,16646,0,6,0
BHO: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
BHO: SpeedBit Link Verification Helper - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll (Speedbit Ltd.)
Toolbar: HKLM - AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
Toolbar: HKLM - FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - AIM Search - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1351444110390
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\SpeedBit Video Accelerator\sblsp.dll [177320] (SPEEDbit)
Winsock: Catalog9 02 C:\Program Files\SpeedBit Video Accelerator\sblsp.dll [177320] (SPEEDbit)
Winsock: Catalog9 20 C:\Program Files\SpeedBit Video Accelerator\sblsp.dll [177320] (SPEEDbit)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2027 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2088 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1040 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: ArcadeParlor - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [2013-11-14]
FF Extension: SelectionLinks - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{148F8DC8-9EA9-456C-A170-A8789FEA0E06} [2013-06-12]
FF Extension: Flashblock - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-11-06]
FF Extension: WOT - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Ghostery - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\firefox@ghostery.com.xpi [2013-08-02]
FF Extension: 1-Click YouTube Video Downloader - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2013-12-31]
FF Extension: NoScript - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-01-18]
FF Extension: Procon Latte Content Filter - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}.xpi [2013-05-09]
FF Extension: Menu Editor - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2013-05-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files\DAP\daplinkchecker [2014-03-01]
FF HKCU\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Documents and Settings\Dashel R\Local Settings\Application Data\XDM\xdmff
FF Extension: XDM Helper - C:\Documents and Settings\Dashel R\Local Settings\Application Data\XDM\xdmff [2013-12-15]
FF HKCU\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files\DAP\DAPFireFox
FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files\DAP\DAPFireFox [2014-03-01]

========================== Services (Whitelisted) =================

S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2005-04-26] ()
S4 AOL ACS; C:\Program Files\Common Files\AOL\ACS\acsd.exe [42312 2010-07-13] (AOL Inc.)
S4 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [100016 2004-10-15] (America Online, Inc)
S3 dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [421888 2004-03-16] (Dell)
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
S4 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2011-05-04] (Memeo)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20472 2012-09-12] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel® Corporation)
S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [74512 2012-02-06] (SANDBOXIE L.T.D)
S4 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2011-06-01] (Memeo)
R2 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2003-01-10] (America Online, Inc.)
S4 WefiEngSvc; C:\Program Files\WeFi\WefiEngSvc.exe [120152 2010-11-03] (WeFi)
S4 0096561348771546mcinstcleanup; C:\DOCUME~1\DASHEL~1\LOCALS~1\Temp\009656~1.EXE -cleanup -nolog [X]
S4 pcregservice; C:\Program Files\pcreg\pcreg.exe [X]
S4 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe /service [X]
S4 VideoAcceleratorService; C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [X]

==================== Drivers (Whitelisted) ====================

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-12] (Microsoft Corporation)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 ASPI32; C:\WINDOWS\system32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2003-08-28] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions)
R3 IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [1233525 2004-03-05] (Intel Corporation)
R3 IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [647929 2004-03-05] (Intel Corporation)
R3 IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [61157 2004-06-15] (Intel Corporation)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [35144 2013-03-01] ()
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2014-02-18] (Malwarebytes Corporation)
R3 mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [37048 2004-03-05] (Intel Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation)
S3 MR97310_USB_DUAL_CAMERA; C:\WINDOWS\System32\DRIVERS\mr97310c.sys [129875 2002-12-13] (Mars Semiconductor Corp.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0x01000000 papycpu2; C:\WINDOWS\System32\DRIVERS\papycpu2.sys [1984 2003-01-17] ()
R0x01000000 papyjoy; C:\WINDOWS\System32\DRIVERS\papyjoy.sys [1856 2003-01-17] ()
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [133392 2012-02-06] (SANDBOXIE L.T.D)
R3 senfilt; C:\WINDOWS\System32\drivers\senfilt.sys [381056 2004-04-26] (Sensaura)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)
S3 tbhsd; C:\WINDOWS\System32\drivers\tbhsd.sys [39048 2013-12-04] (RapidSolution Software AG)
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25883 2004-11-16] (Sonic Solutions)
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34843 2004-11-16] (Sonic Solutions)
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4123 2004-11-16] (Sonic Solutions)
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2239 2004-11-16] (Sonic Solutions)
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86554 2004-11-16] (Sonic Solutions)
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15227 2004-11-16] (Sonic Solutions)
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6363 2004-11-16] (Sonic Solutions)
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98714 2004-11-16] (Sonic Solutions)
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100603 2004-11-16] (Sonic Solutions)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 WsAudio_DeviceS(1); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(1).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(2); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(2).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(3); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(3).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(4); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(4).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(5); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(5).sys [25704 2010-12-24] (Wondershare)
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E}; C:\Program Files\VMLaunch\BuddyVM.sys [15872 2004-10-05] (Interlex Inc.)
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CCCP106; system32\DRIVERS\cccp106.sys [X]
S3 cpuz136; \??\C:\DOCUME~1\DASHEL~1\LOCALS~1\Temp\cpuz136\cpuz136_x32.sys [X]
S3 mcdbus; system32\DRIVERS\mcdbus.sys [X]
S3 mfeavfk06; \Device\mfeavfk06.sys [X]
S3 mfebopk26; \Device\mfebopk26.sys [X]
U3 Pcsimgrsii; No ImagePath
S3 pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys [X]
S3 SBUpdd; \??\C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys [X]
S2 StarOpen; No ImagePath
U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-11 10:23 - 2014-03-11 10:25 - 00000000 ____D () C:\FRST
2014-03-11 10:20 - 2014-03-11 10:20 - 00000905 _____ () C:\Documents and Settings\Dashel R\Desktop\JRT.txt
2014-03-11 09:50 - 2014-03-11 09:50 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031114-01.dmp
2014-03-11 09:44 - 2014-03-11 09:44 - 00026624 _____ () C:\WINDOWS\system32\TrueSight.sys
2014-03-11 09:42 - 2014-03-11 09:42 - 00000000 ____D () C:\Documents and Settings\Dashel R\Desktop\RK_Quarantine
2014-03-10 15:14 - 2014-03-10 15:51 - 00008192 _____ () C:\Documents and Settings\Dashel R\Final_Fantasy_III_(J)_[T+Eng2.00] GG.sav
2014-03-10 15:02 - 2014-03-10 15:12 - 00008192 _____ () C:\Documents and Settings\Dashel R\Final_Fantasy_III_(J)_[T+Eng2.00].sav
2014-03-10 14:46 - 2014-03-10 14:46 - 00000000 _____ () C:\Documents and Settings\Dashel R\Desktop\tempo.txt
2014-03-07 21:47 - 2014-03-11 10:03 - 00000228 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-07 21:47 - 2014-03-08 22:06 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-07 16:07 - 2014-03-07 16:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-07 16:03 - 2014-03-07 16:07 - 00005845 _____ () C:\WINDOWS\KB2934207.log
2014-03-07 08:47 - 2014-02-25 18:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-03-07 08:47 - 2014-02-25 18:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-03-07 08:33 - 2014-03-07 08:33 - 00007759 _____ () C:\ESETScan.txt
2014-03-06 20:55 - 2014-03-06 20:55 - 00003707 _____ () C:\JRT.txt
2014-03-06 20:44 - 2014-03-06 20:44 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-06 18:05 - 2014-03-06 18:05 - 00021963 _____ () C:\Result.txt
2014-03-05 23:34 - 2014-03-05 23:34 - 00000000 ____D () C:\Documents and Settings\Dashel R\Local Settings\Application Data\JiveshwarWiFiHotSpotMaker
2014-03-05 21:34 - 2014-03-05 21:34 - 00002024 _____ () C:\Documents and Settings\All Users\Desktop\Launch Jiveshwar Wi-Fi Hotspot Maker.lnk
2014-03-05 21:34 - 2014-03-05 21:34 - 00000000 ____D () C:\Program Files\JiveshwarSharma.com
2014-03-05 21:34 - 2014-03-05 21:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\JiveshwarSharma.com
2014-03-05 20:30 - 2014-03-05 20:47 - 00008192 _____ () C:\Documents and Settings\Dashel R\Final Fantasy III GG GG.sav
2014-03-05 20:26 - 2014-03-05 20:26 - 00000988 _____ () C:\Documents and Settings\Dashel R\My Documents\FFGH.nsp
2014-03-05 20:24 - 2014-03-05 20:24 - 00031373 _____ () C:\Documents and Settings\Dashel R\My Documents\Final Fantasy III GG.ns1
2014-03-05 20:18 - 2014-03-05 21:59 - 00008192 _____ () C:\Documents and Settings\Dashel R\Final Fantasy III GG.sav
2014-03-05 20:04 - 2005-11-13 01:57 - 00000730 _____ () C:\Documents and Settings\Dashel R\Downloads\readme.html
2014-03-05 20:04 - 2000-03-19 16:38 - 00131088 _____ () C:\Documents and Settings\Dashel R\My Documents\Gilligan's Island.nes
2014-03-05 20:02 - 2014-03-05 20:03 - 00068957 _____ () C:\Documents and Settings\Dashel R\Downloads\Gilligan's Island.zip
2014-03-04 15:56 - 2014-03-04 15:56 - 00031373 _____ () C:\Documents and Settings\Dashel R\My Documents\Final Fantasy III.ns1
2014-03-04 12:36 - 2014-03-04 12:40 - 00031361 _____ () C:\Documents and Settings\Dashel R\My Documents\FFIII.nst
2014-03-04 12:31 - 2014-03-05 20:26 - 00031373 _____ () C:\Documents and Settings\Dashel R\My Documents\HOJO.nst
2014-03-04 12:31 - 2014-03-04 12:31 - 00000681 _____ () C:\Documents and Settings\Dashel R\My Documents\Final Fantasy III.nsp
2014-03-04 12:30 - 2014-03-04 12:30 - 00031361 _____ () C:\Documents and Settings\Dashel R\Final Fantasy III.ns1
2014-03-04 12:16 - 2014-03-04 12:16 - 00000000 ____D () C:\Documents and Settings\Dashel R\New Folder
2014-03-01 18:15 - 2014-03-01 18:15 - 00000620 _____ () C:\Documents and Settings\Dashel R\Desktop\Download Accelerator Plus (DAP).lnk
2014-03-01 16:53 - 2014-03-10 21:17 - 00000354 _____ () C:\WINDOWS\Tasks\At1.job
2014-03-01 16:05 - 2014-03-05 14:49 - 00001329 _____ () C:\Documents and Settings\Dashel R\Desktop\My DAP Downloads.lnk
2014-03-01 16:04 - 2014-03-02 08:56 - 00000000 ____D () C:\Program Files\DAP
2014-03-01 16:04 - 2014-03-01 18:15 - 00000704 _____ () C:\Documents and Settings\All Users\Start Menu\Download Accelerator Plus (DAP).lnk
2014-03-01 16:04 - 2014-03-01 18:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Download Accelerator Plus (DAP)
2014-03-01 16:04 - 2014-03-01 16:04 - 00000000 ____D () C:\Documents and Settings\Dashel R\Local Settings\Application Data\SpeedBIT
2014-03-01 16:04 - 2014-03-01 16:04 - 00000000 ____D () C:\Documents and Settings\Dashel R\Application Data\SpeedBit
2014-03-01 15:15 - 2014-03-01 15:15 - 00000000 ____D () C:\Program Files\Common Files\SpeedBit
2014-02-26 18:34 - 2014-03-11 09:49 - 534855680 _____ () C:\WINDOWS\MEMORY.DMP
2014-02-26 15:11 - 2014-02-26 15:11 - 00000000 ____D () C:\Program Files\WIFi Locator
2014-02-26 15:11 - 2014-02-26 15:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WIFi Locator
2014-02-24 20:47 - 2014-03-11 10:03 - 00000246 _____ () C:\WINDOWS\Tasks\WefiStartup.job
2014-02-24 20:42 - 2014-02-24 20:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WeFi
2014-02-24 20:42 - 2014-02-24 20:42 - 00000457 _____ () C:\Documents and Settings\All Users\Desktop\WeFi.lnk
2014-02-24 20:41 - 2014-03-01 13:44 - 00000000 ____D () C:\Program Files\WeFi
2014-02-23 09:41 - 2014-03-11 09:59 - 00000000 ____D () C:\AdwCleaner
2014-02-22 15:55 - 2014-02-22 15:56 - 17858952 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-02-19 18:57 - 2014-02-19 18:57 - 00001552 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-02-19 18:57 - 2014-02-19 18:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-02-19 18:55 - 2014-02-19 18:57 - 00000000 ____D () C:\Program Files\iTunes
2014-02-19 18:55 - 2014-02-19 18:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-19 18:54 - 2014-02-19 18:54 - 00001607 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\About iTunes.lnk
2014-02-19 18:51 - 2014-02-19 18:51 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Apple Computer
2014-02-19 18:50 - 2014-02-19 18:50 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-18 11:07 - 2014-02-18 11:07 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-02-17 16:33 - 2014-02-17 16:33 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\jkl
2014-02-17 01:38 - 2014-02-17 01:41 - 00000000 __HDC () C:\WINDOWS\ie8
2014-02-15 19:15 - 2014-02-15 20:36 - 00000210 _____ () C:\Documents and Settings\Dashel R\My Documents\rominfo.txt
2014-02-15 19:14 - 2014-02-15 20:37 - 00008192 _____ () C:\Documents and Settings\Dashel R\My Documents\FinalFantasy2.srm
2014-02-15 19:14 - 2012-12-07 13:21 - 00274047 _____ () C:\Documents and Settings\Dashel R\My Documents\FinalFantasy2.SMC
2014-02-14 23:00 - 2014-02-14 23:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-12 11:32 - 2014-02-12 11:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-12 11:00 - 2014-02-17 16:11 - 00021370 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-12 11:00 - 2014-02-12 11:00 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-02-12 10:57 - 2014-02-17 16:10 - 00011082 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-12 04:25 - 2014-02-12 11:33 - 00014359 _____ () C:\WINDOWS\KB2916036.log
2014-02-11 13:51 - 2014-02-11 13:51 - 00000000 ____D () C:\New Folder
2014-02-11 00:44 - 2014-02-11 00:44 - 00004243 _____ () C:\Documents and Settings\Dashel R\My Documents\Photo Recovery 2014-02-10 at 23.44.05.res

==================== One Month Modified Files and Folders =======

2014-03-11 10:25 - 2014-03-11 10:23 - 00000000 ____D () C:\FRST
2014-03-11 10:20 - 2014-03-11 10:20 - 00000905 _____ () C:\Documents and Settings\Dashel R\Desktop\JRT.txt
2014-03-11 10:17 - 2012-10-01 19:21 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-03-11 10:16 - 2010-07-18 15:12 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-11 10:12 - 2013-12-14 19:11 - 00000958 _____ () C:\WINDOWS\Tasks\SBW_UpdateTask_Time_313931363131383635322d3437415a556c2a3223346c41.job
2014-03-11 10:12 - 2012-10-01 19:17 - 00000366 ____H () C:\WINDOWS\Tasks\MpIdleTask.job
2014-03-11 10:04 - 2004-12-19 23:50 - 01406433 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-11 10:04 - 2004-12-19 23:36 - 00000282 ___SH () C:\boot.ini
2014-03-11 10:04 - 2004-08-10 12:04 - 00000120 _____ () C:\WINDOWS\WIN.INI
2014-03-11 10:04 - 2004-08-10 11:57 - 00000150 _____ () C:\WINDOWS\system.ini
2014-03-11 10:03 - 2014-03-07 21:47 - 00000228 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-11 10:03 - 2014-02-24 20:47 - 00000246 _____ () C:\WINDOWS\Tasks\WefiStartup.job
2014-03-11 10:03 - 2013-12-14 19:11 - 00000958 _____ () C:\WINDOWS\Tasks\SBW_UpdateTask_Logon_313931363131383635322d3437415a556c2a3223346c41.job
2014-03-11 10:03 - 2010-07-18 15:12 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-11 10:03 - 2004-12-19 23:48 - 00002206 _____ () C:\WINDOWS\system32\WPA.DBL
2014-03-11 10:03 - 2004-12-19 23:28 - 00000000 ____D () C:\WINDOWS\system32\IAS
2014-03-11 10:02 - 2004-12-19 23:50 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-11 10:02 - 2004-08-10 11:59 - 00000159 _____ () C:\WINDOWS\WIADEBUG.LOG
2014-03-11 10:02 - 2004-08-10 11:59 - 00000049 _____ () C:\WINDOWS\WIASERVC.LOG
2014-03-11 10:00 - 2004-12-29 02:20 - 00000178 ___SH () C:\Documents and Settings\Dashel R\NTUSER.INI
2014-03-11 10:00 - 2004-12-29 02:20 - 00000000 ____D () C:\Documents and Settings\Dashel R
2014-03-11 10:00 - 2004-12-19 23:50 - 00032364 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-11 09:59 - 2014-02-23 09:41 - 00000000 ____D () C:\AdwCleaner
2014-03-11 09:50 - 2014-03-11 09:50 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031114-01.dmp
2014-03-11 09:50 - 2005-02-28 20:04 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-11 09:49 - 2014-02-26 18:34 - 534855680 _____ () C:\WINDOWS\MEMORY.DMP
2014-03-11 09:44 - 2014-03-11 09:44 - 00026624 _____ () C:\WINDOWS\system32\TrueSight.sys
2014-03-11 09:42 - 2014-03-11 09:42 - 00000000 ____D () C:\Documents and Settings\Dashel R\Desktop\RK_Quarantine
2014-03-11 09:38 - 2013-08-22 09:22 - 00000063 _____ () C:\WINDOWS\qsbset.qsb
2014-03-11 09:37 - 2012-09-26 09:00 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-10 21:17 - 2014-03-01 16:53 - 00000354 _____ () C:\WINDOWS\Tasks\At1.job
2014-03-10 17:22 - 2011-04-02 19:07 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\Any Video Converter
2014-03-10 16:25 - 2005-02-22 18:09 - 00000000 ____D () C:\Program Files\GBA EMU
2014-03-10 15:51 - 2014-03-10 15:14 - 00008192 _____ () C:\Documents and Settings\Dashel R\Final_Fantasy_III_(J)_[T+Eng2.00] GG.sav
2014-03-10 15:51 - 2005-01-20 16:12 - 00000000 ____D () C:\Program Files\Nes_Snes
2014-03-10 15:12 - 2014-03-10 15:02 - 00008192 _____ () C:\Documents and Settings\Dashel R\Final_Fantasy_III_(J)_[T+Eng2.00].sav
2014-03-10 14:46 - 2014-03-10 14:46 - 00000000 _____ () C:\Documents and Settings\Dashel R\Desktop\tempo.txt
2014-03-10 14:41 - 2013-09-15 16:49 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\DEVELOPMENTTOOLS
2014-03-10 12:01 - 2006-03-07 15:19 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\MS
2014-03-09 20:22 - 2014-01-21 18:15 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\My Cheat Tables
2014-03-09 17:59 - 2004-12-30 12:06 - 00113152 _____ () C:\Documents and Settings\Dashel R\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-09 17:06 - 2012-09-29 09:20 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\Freecorder 4
2014-03-09 16:59 - 2004-12-19 23:49 - 00610674 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-08 22:06 - 2014-03-07 21:47 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-08 21:21 - 2010-11-19 19:41 - 00000000 ____D () C:\Documents and Settings\Dashel R\Local Settings\Application Data\FLVService
2014-03-07 16:07 - 2014-03-07 16:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-07 16:07 - 2014-03-07 16:03 - 00005845 _____ () C:\WINDOWS\KB2934207.log
2014-03-07 16:07 - 2013-05-04 22:13 - 00687291 _____ () C:\WINDOWS\setupapi.log
2014-03-07 16:07 - 2004-12-19 23:49 - 05448983 ____C () C:\WINDOWS\FaxSetup.log
2014-03-07 16:07 - 2004-12-19 23:49 - 02678507 ____C () C:\WINDOWS\OCGEN.LOG
2014-03-07 16:07 - 2004-12-19 23:49 - 02097658 ____C () C:\WINDOWS\TSOC.LOG
2014-03-07 16:07 - 2004-12-19 23:49 - 00847351 ____C () C:\WINDOWS\IIS6.LOG
2014-03-07 16:07 - 2004-12-19 23:49 - 00725223 _____ () C:\WINDOWS\COMSETUP.LOG
2014-03-07 16:07 - 2004-12-19 23:49 - 00291207 ____C () C:\WINDOWS\OCMSN.LOG
2014-03-07 16:07 - 2004-12-19 23:49 - 00272628 ____C () C:\WINDOWS\MSGSOCM.LOG
2014-03-07 16:07 - 2004-12-19 23:49 - 00033545 ____C () C:\WINDOWS\ntdtcsetup.log
2014-03-07 16:07 - 1979-12-31 23:00 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-03-07 15:45 - 2013-06-17 01:09 - 00000000 ____D () C:\Program Files\Freecorder
2014-03-07 08:33 - 2014-03-07 08:33 - 00007759 _____ () C:\ESETScan.txt
2014-03-07 05:16 - 2014-01-21 18:14 - 00000000 ____D () C:\Program Files\Cheat Engine 6.3
2014-03-07 05:16 - 2012-11-14 15:38 - 00000000 ____D () C:\Program Files\Free Audio Editor
2014-03-06 20:55 - 2014-03-06 20:55 - 00003707 _____ () C:\JRT.txt
2014-03-06 20:44 - 2014-03-06 20:44 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-06 18:05 - 2014-03-06 18:05 - 00021963 _____ () C:\Result.txt
2014-03-05 23:34 - 2014-03-05 23:34 - 00000000 ____D () C:\Documents and Settings\Dashel R\Local Settings\Application Data\JiveshwarWiFiHotSpotMaker
2014-03-05 21:59 - 2014-03-05 20:18 - 00008192 _____ () C:\Documents and Settings\Dashel R\Final Fantasy III GG.sav
2014-03-05 21:34 - 2014-03-05 21:34 - 00002024 _____ () C:\Documents and Settings\All Users\Desktop\Launch Jiveshwar Wi-Fi Hotspot Maker.lnk
2014-03-05 21:34 - 2014-03-05 21:34 - 00000000 ____D () C:\Program Files\JiveshwarSharma.com
2014-03-05 21:34 - 2014-03-05 21:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\JiveshwarSharma.com
2014-03-05 20:50 - 2013-11-08 12:16 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\RPGVXAce
2014-03-05 20:47 - 2014-03-05 20:30 - 00008192 _____ () C:\Documents and Settings\Dashel R\Final Fantasy III GG GG.sav
2014-03-05 20:26 - 2014-03-05 20:26 - 00000988 _____ () C:\Documents and Settings\Dashel R\My Documents\FFGH.nsp
2014-03-05 20:26 - 2014-03-04 12:31 - 00031373 _____ () C:\Documents and Settings\Dashel R\My Documents\HOJO.nst
2014-03-05 20:24 - 2014-03-05 20:24 - 00031373 _____ () C:\Documents and Settings\Dashel R\My Documents\Final Fantasy III GG.ns1
2014-03-05 20:03 - 2014-03-05 20:02 - 00068957 _____ () C:\Documents and Settings\Dashel R\Downloads\Gilligan's Island.zip
2014-03-05 14:57 - 2004-12-19 23:29 - 00000000 ____D () C:\WINDOWS\Help
2014-03-05 14:49 - 2014-03-01 16:05 - 00001329 _____ () C:\Documents and Settings\Dashel R\Desktop\My DAP Downloads.lnk
2014-03-04 20:55 - 2011-08-06 15:58 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-03-04 16:22 - 2013-02-14 22:04 - 00008192 ____C () C:\Documents and Settings\Dashel R\Final Fantasy III.sav
2014-03-04 15:56 - 2014-03-04 15:56 - 00031373 _____ () C:\Documents and Settings\Dashel R\My Documents\Final Fantasy III.ns1
2014-03-04 12:40 - 2014-03-04 12:36 - 00031361 _____ () C:\Documents and Settings\Dashel R\My Documents\FFIII.nst
2014-03-04 12:31 - 2014-03-04 12:31 - 00000681 _____ () C:\Documents and Settings\Dashel R\My Documents\Final Fantasy III.nsp
2014-03-04 12:30 - 2014-03-04 12:30 - 00031361 _____ () C:\Documents and Settings\Dashel R\Final Fantasy III.ns1
2014-03-04 12:16 - 2014-03-04 12:16 - 00000000 ____D () C:\Documents and Settings\Dashel R\New Folder
2014-03-04 12:16 - 2005-11-21 14:25 - 00000681 ____C () C:\Documents and Settings\Dashel R\zelda2.ns1
2014-03-04 12:15 - 2005-04-03 16:42 - 00000681 ____C () C:\Documents and Settings\Dashel R\zelda.ns4
2014-03-03 15:54 - 2004-08-10 12:08 - 00004632 _____ () C:\WINDOWS\WMSETUP.LOG
2014-03-03 14:24 - 2014-01-16 18:04 - 00008412 _____ () C:\Final Fantasy 1 + 2 - Dawn of Souls.clt
2014-03-02 16:15 - 2004-12-19 23:29 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-03-02 16:07 - 2006-05-31 10:31 - 00000754 ____C () C:\WINDOWS\WORDPAD.INI
2014-03-02 08:56 - 2014-03-01 16:04 - 00000000 ____D () C:\Program Files\DAP
2014-03-01 18:15 - 2014-03-01 18:15 - 00000620 _____ () C:\Documents and Settings\Dashel R\Desktop\Download Accelerator Plus (DAP).lnk
2014-03-01 18:15 - 2014-03-01 16:04 - 00000704 _____ () C:\Documents and Settings\All Users\Start Menu\Download Accelerator Plus (DAP).lnk
2014-03-01 18:15 - 2014-03-01 16:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Download Accelerator Plus (DAP)
2014-03-01 16:18 - 2013-12-14 19:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SpeedBit
2014-03-01 16:04 - 2014-03-01 16:04 - 00000000 ____D () C:\Documents and Settings\Dashel R\Local Settings\Application Data\SpeedBIT
2014-03-01 16:04 - 2014-03-01 16:04 - 00000000 ____D () C:\Documents and Settings\Dashel R\Application Data\SpeedBit
2014-03-01 16:04 - 2004-12-29 02:20 - 00000000 ___RD () C:\Documents and Settings\Dashel R\Start Menu\Programs\Accessories
2014-03-01 15:15 - 2014-03-01 15:15 - 00000000 ____D () C:\Program Files\Common Files\SpeedBit
2014-03-01 13:44 - 2014-02-24 20:41 - 00000000 ____D () C:\Program Files\WeFi
2014-02-28 16:43 - 2012-11-14 15:39 - 00000000 ____D () C:\Documents and Settings\Dashel R\Application Data\Free Audio Editor
2014-02-28 00:06 - 2005-01-01 16:23 - 00000000 ____D () C:\Documents and Settings\Dashel R\Local Settings\Application Data\WMTools Downloaded Files
2014-02-28 00:03 - 2012-11-03 06:42 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\VideoPad Projects
2014-02-27 23:01 - 2012-11-26 10:05 - 00000000 ____D () C:\Documents and Settings\Dashel R\Desktop\New Folder
2014-02-26 15:11 - 2014-02-26 15:11 - 00000000 ____D () C:\Program Files\WIFi Locator
2014-02-26 15:11 - 2014-02-26 15:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WIFi Locator
2014-02-25 18:59 - 2014-03-07 08:47 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-02-25 18:59 - 2014-03-07 08:47 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-02-24 20:48 - 2014-02-24 20:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WeFi
2014-02-24 20:42 - 2014-02-24 20:42 - 00000457 _____ () C:\Documents and Settings\All Users\Desktop\WeFi.lnk
2014-02-22 15:56 - 2014-02-22 15:55 - 17858952 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-02-22 15:56 - 2012-09-26 09:00 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-22 15:56 - 2011-05-19 16:55 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-21 20:48 - 2013-06-17 01:10 - 00000000 ____D () C:\Documents and Settings\Dashel R\Start Menu\Programs\Freecorder
2014-02-19 22:43 - 2009-03-06 09:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-02-19 22:43 - 2004-12-29 03:04 - 00000000 ____D () C:\Documents and Settings\Dashel R\Application Data\Adobe
2014-02-19 18:57 - 2014-02-19 18:57 - 00001552 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-02-19 18:57 - 2014-02-19 18:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-02-19 18:57 - 2014-02-19 18:55 - 00000000 ____D () C:\Program Files\iTunes
2014-02-19 18:57 - 2014-02-19 18:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-19 18:55 - 2010-01-03 07:01 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-19 18:54 - 2014-02-19 18:54 - 00001607 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\About iTunes.lnk
2014-02-19 18:51 - 2014-02-19 18:51 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Apple Computer
2014-02-19 18:51 - 2010-01-03 07:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple
2014-02-19 18:50 - 2014-02-19 18:50 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-18 18:32 - 2008-06-11 01:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951376_0$
2014-02-18 11:07 - 2014-02-18 11:07 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-02-17 22:26 - 2004-12-19 23:49 - 00219000 _____ () C:\WINDOWS\setupact.log
2014-02-17 16:33 - 2014-02-17 16:33 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\jkl
2014-02-17 16:11 - 2014-02-12 11:00 - 00021370 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-17 16:11 - 2009-09-13 16:04 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-02-17 16:11 - 2005-04-12 13:12 - 00732957 ____C () C:\WINDOWS\updspapi.log
2014-02-17 16:11 - 1979-12-31 23:00 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-02-17 16:10 - 2014-02-12 10:57 - 00011082 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-17 16:09 - 2011-04-15 16:08 - 00035091 ____C () C:\WINDOWS\KB2510531-IE8.log
2014-02-17 01:47 - 2008-02-18 19:45 - 00000813 _____ () C:\Documents and Settings\Dashel R\Start Menu\Programs\Internet Explorer.lnk
2014-02-17 01:43 - 2006-03-11 19:49 - 00098748 ____C () C:\WINDOWS\spupdsvc.log
2014-02-17 01:42 - 2009-09-13 15:18 - 01491665 ____C () C:\WINDOWS\ie8_main.log
2014-02-17 01:41 - 2014-02-17 01:38 - 00000000 __HDC () C:\WINDOWS\ie8
2014-02-17 01:41 - 2009-09-13 15:57 - 00325196 ____C () C:\WINDOWS\ie8.log
2014-02-17 01:19 - 2009-09-18 19:01 - 00078092 ____C () C:\WINDOWS\ie8Uninst.log
2014-02-16 23:57 - 2004-12-20 00:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AOL
2014-02-16 23:46 - 2006-06-08 22:25 - 00000000 ____D () C:\kid pics
2014-02-16 23:44 - 2005-08-02 17:28 - 00000000 ____D () C:\Program Files\Disney Interactive
2014-02-16 23:34 - 2014-01-31 17:17 - 00000000 ____D () C:\Documents and Settings\Dashel R\Local Settings\Application Data\WinISO Computing
2014-02-16 23:34 - 2004-12-19 23:59 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-15 20:37 - 2014-02-15 19:14 - 00008192 _____ () C:\Documents and Settings\Dashel R\My Documents\FinalFantasy2.srm
2014-02-15 20:36 - 2014-02-15 19:15 - 00000210 _____ () C:\Documents and Settings\Dashel R\My Documents\rominfo.txt
2014-02-15 01:11 - 2012-09-23 18:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-14 23:03 - 2014-02-14 23:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-12 18:52 - 2004-12-19 23:30 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-12 11:33 - 2014-02-12 04:25 - 00014359 _____ () C:\WINDOWS\KB2916036.log
2014-02-12 11:32 - 2014-02-12 11:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-12 11:23 - 2013-07-28 22:18 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-12 11:10 - 2005-05-10 11:11 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-12 11:00 - 2014-02-12 11:00 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-02-11 13:59 - 2012-11-04 15:18 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-02-11 13:51 - 2014-02-11 13:51 - 00000000 ____D () C:\New Folder
2014-02-11 00:44 - 2014-02-11 00:44 - 00004243 _____ () C:\Documents and Settings\Dashel R\My Documents\Photo Recovery 2014-02-10 at 23.44.05.res

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


Some content of TEMP:
====================
C:\Documents and Settings\C.O\Local Settings\temp\AcsInstall.dll
C:\Documents and Settings\C.O\Local Settings\temp\atl80.dll
C:\Documents and Settings\C.O\Local Settings\temp\insmac2k.dll
C:\Documents and Settings\C.O\Local Settings\temp\libexpat.dll
C:\Documents and Settings\C.O\Local Settings\temp\mfc80.dll
C:\Documents and Settings\C.O\Local Settings\temp\mfc80u.dll
C:\Documents and Settings\C.O\Local Settings\temp\mfcm80.dll
C:\Documents and Settings\C.O\Local Settings\temp\mfcm80u.dll
C:\Documents and Settings\C.O\Local Settings\temp\msvcm80.dll
C:\Documents and Settings\C.O\Local Settings\temp\msvcp80.dll
C:\Documents and Settings\C.O\Local Settings\temp\msvcr80.dll
C:\Documents and Settings\C.O\Local Settings\temp\ocpchk.dll
C:\Documents and Settings\C.O\Local Settings\temp\tbinst.dll
C:\Documents and Settings\C.O\Local Settings\temp\TmDbg32.dll
C:\Documents and Settings\C.O\Local Settings\temp\uninst.dll
C:\Documents and Settings\Dashel R\Local Settings\temp\cabex.dll
C:\Documents and Settings\Dashel R\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Dashel R\Local Settings\temp\RunWizards.exe
C:\Documents and Settings\Dashel R\Local Settings\temp\SetupUtils6.dll
C:\Documents and Settings\Dashel R\Local Settings\temp\speccycpuid.dll
C:\Documents and Settings\Dashel R\Local Settings\temp\speedmax.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

 



#6 faye raye

faye raye
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:28 PM

Posted 11 March 2014 - 01:07 PM

When I tried to run RogueKiller, the Pre-Sacn caused a Blue Error Screen.

 

ADWCleaner:

 

# AdwCleaner v3.021 - Report created 11/03/2014 at 09:59:24
# Updated 10/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : D R - NO1
# Running from : C:\Documents and Settings\Dashel R\My Documents\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[x] Not Deleted : C:\Documents and Settings\All Users\Application Data\NCH Software
[x] Not Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
[x] Not Deleted : C:\Program Files\NCH Software
[x] Not Deleted : C:\Program Files\Viewpoint
[x] Not Deleted : C:\Program Files\Freecorder
[x] Not Deleted : C:\Documents and Settings\Dashel R\Local Settings\Application Data\Freecorder
[x] Not Deleted : C:\Documents and Settings\Dashel R\Application Data\NCH Software
[x] Not Deleted : C:\Documents and Settings\Dashel R\Start Menu\Programs\Freecorder

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[x] Not Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\Freecorder
Key Deleted : HKLM\Software\MetaStream
[x] Not Deleted : HKLM\Software\Viewpoint
[x] Not Deleted : HKLM\Software\Freecorder
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Freecorder Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Documents and Settings\D R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\prefs.js ]

Line Deleted : user_pref("extensions.daplinkchecker@speedbit.com.install-event-fired", true);

*************************

AdwCleaner[R0].txt - [23930 octets] - [23/02/2014 09:41:40]
AdwCleaner[R1].txt - [24524 octets] - [06/03/2014 18:56:18]
AdwCleaner[R2].txt - [2904 octets] - [11/03/2014 09:55:55]
AdwCleaner[S0].txt - [24451 octets] - [06/03/2014 20:01:12]
AdwCleaner[S1].txt - [2923 octets] - [11/03/2014 09:59:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2983 octets] ##########

 

 

JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by DR on Tue 03/11/2014 at 10:10:07.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\viewpoint"
Successfully deleted: [Folder] "C:\Program Files\viewpoint"



~~~ FireFox

Emptied folder: C:\Documents and Settings\Dashel R\Application Data\mozilla\firefox\profiles\abg9ebcp.default\minidumps [10 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/11/2014 at 10:20:44.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Farbar:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2014
Ran by Dashel R (administrator) on NO1 on 11-03-2014 10:25:04
Running from C:\Documents and Settings\DR\My Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(America Online, Inc.) C:\WINDOWS\wanmpsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe
(CyberLink Corp.) C:\Program Files\Dell\Media Experience\PCMService.exe
(Intel Corporation) C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
() C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Speedbit Ltd.) C:\Program Files\DAP\DAP.EXE
() C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [PCMService] - C:\Program Files\Dell\Media Experience\PCMService.exe [290816 2004-04-11] (CyberLink Corp.)
HKLM\...\Run: [IntelMeM] - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [221184 2003-09-03] (Intel Corporation)
HKLM\...\Run: [IMJPMIG8.1] - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [IMEKRMIG6.1] - C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [44032 2004-08-12] (Microsoft Corporation)
HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\tfswctrl.exe [127035 2004-11-16] (Sonic Solutions)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [1388544 2004-06-30] (Analog Devices, Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [947176 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [Freecorder FLV Service] - C:\Program Files\Freecorder\FLVSrvc.exe [167936 2010-06-26] (Applian Technologies, Inc.)
HKLM\...\Run: [Dell Photo AIO Printer 922] - C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe [290816 2004-06-18] ()
HKLM\...\Run: [MSConfig] - C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [169984 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [pcreg] - C:\Program Files\pcreg\service.exe
HKLM\...\Policies\Explorer\Run: [SysLogger32] - C:\Windows\security\Syslogs\core32_176.dll [1448960 2013-08-22] ( ())
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-25] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [RunNarrator] - C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-329806685-2581723038-1583669757-1007\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-329806685-2581723038-1583669757-1007\...\Run: [DownloadAccelerator] - C:\Program Files\DAP\DAP.EXE [4110992 2014-03-01] (Speedbit Ltd.)
HKU\S-1-5-21-329806685-2581723038-1583669757-1007\...\Policies\Explorer: [HideSCAHealth] 1
AppInit_DLLs: C:\WINDOWS\system32\AppInitHook321.dll => C:\WINDOWS\system32\AppInitHook321.dll [297984 2013-08-22] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x501A9490F22FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {1C0A9D8F-DBDD-D292-72D5-646CEFA495BB} URL =
SearchScopes: HKCU - {3752E508-E868-40e0-BF0F-FE6D37499D75} URL = http://www.ask.com/web?&o=13795&l=dis&q={searchTerms}
SearchScopes: HKCU - {C1D477AE-060A-42D1-B03B-18D7E14CABB3} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20121249,16646,0,6,0
BHO: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
BHO: SpeedBit Link Verification Helper - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll (Speedbit Ltd.)
Toolbar: HKLM - AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
Toolbar: HKLM - FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - AIM Search - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1351444110390
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\SpeedBit Video Accelerator\sblsp.dll [177320] (SPEEDbit)
Winsock: Catalog9 02 C:\Program Files\SpeedBit Video Accelerator\sblsp.dll [177320] (SPEEDbit)
Winsock: Catalog9 20 C:\Program Files\SpeedBit Video Accelerator\sblsp.dll [177320] (SPEEDbit)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2027 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2088 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1040 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: ArcadeParlor - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [2013-11-14]
FF Extension: SelectionLinks - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{148F8DC8-9EA9-456C-A170-A8789FEA0E06} [2013-06-12]
FF Extension: Flashblock - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-11-06]
FF Extension: WOT - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Ghostery - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\firefox@ghostery.com.xpi [2013-08-02]
FF Extension: 1-Click YouTube Video Downloader - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2013-12-31]
FF Extension: NoScript - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-01-18]
FF Extension: Procon Latte Content Filter - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}.xpi [2013-05-09]
FF Extension: Menu Editor - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2013-05-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files\DAP\daplinkchecker [2014-03-01]
FF HKCU\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Documents and Settings\Dashel R\Local Settings\Application Data\XDM\xdmff
FF Extension: XDM Helper - C:\Documents and Settings\Dashel R\Local Settings\Application Data\XDM\xdmff [2013-12-15]
FF HKCU\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files\DAP\DAPFireFox
FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files\DAP\DAPFireFox [2014-03-01]

========================== Services (Whitelisted) =================

S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2005-04-26] ()
S4 AOL ACS; C:\Program Files\Common Files\AOL\ACS\acsd.exe [42312 2010-07-13] (AOL Inc.)
S4 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [100016 2004-10-15] (America Online, Inc)
S3 dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [421888 2004-03-16] (Dell)
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
S4 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2011-05-04] (Memeo)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20472 2012-09-12] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel® Corporation)
S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [74512 2012-02-06] (SANDBOXIE L.T.D)
S4 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2011-06-01] (Memeo)
R2 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2003-01-10] (America Online, Inc.)
S4 WefiEngSvc; C:\Program Files\WeFi\WefiEngSvc.exe [120152 2010-11-03] (WeFi)
S4 0096561348771546mcinstcleanup; C:\DOCUME~1\DASHEL~1\LOCALS~1\Temp\009656~1.EXE -cleanup -nolog [X]
S4 pcregservice; C:\Program Files\pcreg\pcreg.exe [X]
S4 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe /service [X]
S4 VideoAcceleratorService; C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [X]

==================== Drivers (Whitelisted) ====================

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-12] (Microsoft Corporation)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 ASPI32; C:\WINDOWS\system32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2003-08-28] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions)
R3 IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [1233525 2004-03-05] (Intel Corporation)
R3 IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [647929 2004-03-05] (Intel Corporation)
R3 IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [61157 2004-06-15] (Intel Corporation)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [35144 2013-03-01] ()
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2014-02-18] (Malwarebytes Corporation)
R3 mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [37048 2004-03-05] (Intel Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation)
S3 MR97310_USB_DUAL_CAMERA; C:\WINDOWS\System32\DRIVERS\mr97310c.sys [129875 2002-12-13] (Mars Semiconductor Corp.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0x01000000 papycpu2; C:\WINDOWS\System32\DRIVERS\papycpu2.sys [1984 2003-01-17] ()
R0x01000000 papyjoy; C:\WINDOWS\System32\DRIVERS\papyjoy.sys [1856 2003-01-17] ()
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [133392 2012-02-06] (SANDBOXIE L.T.D)
R3 senfilt; C:\WINDOWS\System32\drivers\senfilt.sys [381056 2004-04-26] (Sensaura)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)
S3 tbhsd; C:\WINDOWS\System32\drivers\tbhsd.sys [39048 2013-12-04] (RapidSolution Software AG)
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25883 2004-11-16] (Sonic Solutions)
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34843 2004-11-16] (Sonic Solutions)
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4123 2004-11-16] (Sonic Solutions)
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2239 2004-11-16] (Sonic Solutions)
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86554 2004-11-16] (Sonic Solutions)
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15227 2004-11-16] (Sonic Solutions)
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6363 2004-11-16] (Sonic Solutions)
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98714 2004-11-16] (Sonic Solutions)
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100603 2004-11-16] (Sonic Solutions)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 WsAudio_DeviceS(1); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(1).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(2); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(2).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(3); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(3).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(4); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(4).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(5); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(5).sys [25704 2010-12-24] (Wondershare)
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E}; C:\Program Files\VMLaunch\BuddyVM.sys [15872 2004-10-05] (Interlex Inc.)
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CCCP106; system32\DRIVERS\cccp106.sys [X]
S3 cpuz136; \??\C:\DOCUME~1\DASHEL~1\LOCALS~1\Temp\cpuz136\cpuz136_x32.sys [X]
S3 mcdbus; system32\DRIVERS\mcdbus.sys [X]
S3 mfeavfk06; \Device\mfeavfk06.sys [X]
S3 mfebopk26; \Device\mfebopk26.sys [X]
U3 Pcsimgrsii; No ImagePath
S3 pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys [X]
S3 SBUpdd; \??\C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys [X]
S2 StarOpen; No ImagePath
U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-11 10:23 - 2014-03-11 10:25 - 00000000 ____D () C:\FRST
2014-03-11 10:20 - 2014-03-11 10:20 - 00000905 _____ () C:\Documents and Settings\Dashel R\Desktop\JRT.txt
2014-03-11 09:50 - 2014-03-11 09:50 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031114-01.dmp
2014-03-11 09:44 - 2014-03-11 09:44 - 00026624 _____ () C:\WINDOWS\system32\TrueSight.sys
2014-03-11 09:42 - 2014-03-11 09:42 - 00000000 ____D () C:\Documents and Settings\Dashel R\Desktop\RK_Quarantine
2014-03-10 15:14 - 2014-03-10 15:51 - 00008192 _____ () C:\Documents and Settings\Dashel R\Final_Fantasy_III_(J)_[T+Eng2.00] GG.sav
2014-03-10 15:02 - 2014-03-10 15:12 - 00008192 _____ () C:\Documents and Settings\Dashel R\Final_Fantasy_III_(J)_[T+Eng2.00].sav
2014-03-10 14:46 - 2014-03-10 14:46 - 00000000 _____ () C:\Documents and Settings\Dashel R\Desktop\tempo.txt
2014-03-07 21:47 - 2014-03-11 10:03 - 00000228 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-07 21:47 - 2014-03-08 22:06 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-07 16:07 - 2014-03-07 16:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-07 16:03 - 2014-03-07 16:07 - 00005845 _____ () C:\WINDOWS\KB2934207.log
2014-03-07 08:47 - 2014-02-25 18:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-03-07 08:47 - 2014-02-25 18:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-03-07 08:33 - 2014-03-07 08:33 - 00007759 _____ () C:\ESETScan.txt
2014-03-06 20:55 - 2014-03-06 20:55 - 00003707 _____ () C:\JRT.txt
2014-03-06 20:44 - 2014-03-06 20:44 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-06 18:05 - 2014-03-06 18:05 - 00021963 _____ () C:\Result.txt
2014-03-05 23:34 - 2014-03-05 23:34 - 00000000 ____D () C:\Documents and Settings\Dashel R\Local Settings\Application Data\JiveshwarWiFiHotSpotMaker
2014-03-05 21:34 - 2014-03-05 21:34 - 00002024 _____ () C:\Documents and Settings\All Users\Desktop\Launch Jiveshwar Wi-Fi Hotspot Maker.lnk
2014-03-05 21:34 - 2014-03-05 21:34 - 00000000 ____D () C:\Program Files\JiveshwarSharma.com
2014-03-05 21:34 - 2014-03-05 21:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\JiveshwarSharma.com
2014-03-05 20:30 - 2014-03-05 20:47 - 00008192 _____ () C:\Documents and Settings\Dashel R\Final Fantasy III GG GG.sav
2014-03-05 20:26 - 2014-03-05 20:26 - 00000988 _____ () C:\Documents and Settings\Dashel R\My Documents\FFGH.nsp
2014-03-05 20:24 - 2014-03-05 20:24 - 00031373 _____ () C:\Documents and Settings\Dashel R\My Documents\Final Fantasy III GG.ns1
2014-03-05 20:18 - 2014-03-05 21:59 - 00008192 _____ () C:\Documents and Settings\Dashel R\Final Fantasy III GG.sav
2014-03-05 20:04 - 2005-11-13 01:57 - 00000730 _____ () C:\Documents and Settings\Dashel R\Downloads\readme.html
2014-03-05 20:04 - 2000-03-19 16:38 - 00131088 _____ () C:\Documents and Settings\Dashel R\My Documents\Gilligan's Island.nes
2014-03-05 20:02 - 2014-03-05 20:03 - 00068957 _____ () C:\Documents and Settings\Dashel R\Downloads\Gilligan's Island.zip
2014-03-04 15:56 - 2014-03-04 15:56 - 00031373 _____ () C:\Documents and Settings\Dashel R\My Documents\Final Fantasy III.ns1
2014-03-04 12:36 - 2014-03-04 12:40 - 00031361 _____ () C:\Documents and Settings\Dashel R\My Documents\FFIII.nst
2014-03-04 12:31 - 2014-03-05 20:26 - 00031373 _____ () C:\Documents and Settings\Dashel R\My Documents\HOJO.nst
2014-03-04 12:31 - 2014-03-04 12:31 - 00000681 _____ () C:\Documents and Settings\Dashel R\My Documents\Final Fantasy III.nsp
2014-03-04 12:30 - 2014-03-04 12:30 - 00031361 _____ () C:\Documents and Settings\Dashel R\Final Fantasy III.ns1
2014-03-04 12:16 - 2014-03-04 12:16 - 00000000 ____D () C:\Documents and Settings\Dashel R\New Folder
2014-03-01 18:15 - 2014-03-01 18:15 - 00000620 _____ () C:\Documents and Settings\Dashel R\Desktop\Download Accelerator Plus (DAP).lnk
2014-03-01 16:53 - 2014-03-10 21:17 - 00000354 _____ () C:\WINDOWS\Tasks\At1.job
2014-03-01 16:05 - 2014-03-05 14:49 - 00001329 _____ () C:\Documents and Settings\Dashel R\Desktop\My DAP Downloads.lnk
2014-03-01 16:04 - 2014-03-02 08:56 - 00000000 ____D () C:\Program Files\DAP
2014-03-01 16:04 - 2014-03-01 18:15 - 00000704 _____ () C:\Documents and Settings\All Users\Start Menu\Download Accelerator Plus (DAP).lnk
2014-03-01 16:04 - 2014-03-01 18:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Download Accelerator Plus (DAP)
2014-03-01 16:04 - 2014-03-01 16:04 - 00000000 ____D () C:\Documents and Settings\Dashel R\Local Settings\Application Data\SpeedBIT
2014-03-01 16:04 - 2014-03-01 16:04 - 00000000 ____D () C:\Documents and Settings\Dashel R\Application Data\SpeedBit
2014-03-01 15:15 - 2014-03-01 15:15 - 00000000 ____D () C:\Program Files\Common Files\SpeedBit
2014-02-26 18:34 - 2014-03-11 09:49 - 534855680 _____ () C:\WINDOWS\MEMORY.DMP
2014-02-26 15:11 - 2014-02-26 15:11 - 00000000 ____D () C:\Program Files\WIFi Locator
2014-02-26 15:11 - 2014-02-26 15:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WIFi Locator
2014-02-24 20:47 - 2014-03-11 10:03 - 00000246 _____ () C:\WINDOWS\Tasks\WefiStartup.job
2014-02-24 20:42 - 2014-02-24 20:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WeFi
2014-02-24 20:42 - 2014-02-24 20:42 - 00000457 _____ () C:\Documents and Settings\All Users\Desktop\WeFi.lnk
2014-02-24 20:41 - 2014-03-01 13:44 - 00000000 ____D () C:\Program Files\WeFi
2014-02-23 09:41 - 2014-03-11 09:59 - 00000000 ____D () C:\AdwCleaner
2014-02-22 15:55 - 2014-02-22 15:56 - 17858952 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-02-19 18:57 - 2014-02-19 18:57 - 00001552 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-02-19 18:57 - 2014-02-19 18:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-02-19 18:55 - 2014-02-19 18:57 - 00000000 ____D () C:\Program Files\iTunes
2014-02-19 18:55 - 2014-02-19 18:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-19 18:54 - 2014-02-19 18:54 - 00001607 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\About iTunes.lnk
2014-02-19 18:51 - 2014-02-19 18:51 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Apple Computer
2014-02-19 18:50 - 2014-02-19 18:50 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-18 11:07 - 2014-02-18 11:07 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-02-17 16:33 - 2014-02-17 16:33 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\jkl
2014-02-17 01:38 - 2014-02-17 01:41 - 00000000 __HDC () C:\WINDOWS\ie8
2014-02-15 19:15 - 2014-02-15 20:36 - 00000210 _____ () C:\Documents and Settings\Dashel R\My Documents\rominfo.txt
2014-02-15 19:14 - 2014-02-15 20:37 - 00008192 _____ () C:\Documents and Settings\Dashel R\My Documents\FinalFantasy2.srm
2014-02-15 19:14 - 2012-12-07 13:21 - 00274047 _____ () C:\Documents and Settings\Dashel R\My Documents\FinalFantasy2.SMC
2014-02-14 23:00 - 2014-02-14 23:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-12 11:32 - 2014-02-12 11:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-12 11:00 - 2014-02-17 16:11 - 00021370 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-12 11:00 - 2014-02-12 11:00 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-02-12 10:57 - 2014-02-17 16:10 - 00011082 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-12 04:25 - 2014-02-12 11:33 - 00014359 _____ () C:\WINDOWS\KB2916036.log
2014-02-11 13:51 - 2014-02-11 13:51 - 00000000 ____D () C:\New Folder
2014-02-11 00:44 - 2014-02-11 00:44 - 00004243 _____ () C:\Documents and Settings\Dashel R\My Documents\Photo Recovery 2014-02-10 at 23.44.05.res

==================== One Month Modified Files and Folders =======

2014-03-11 10:25 - 2014-03-11 10:23 - 00000000 ____D () C:\FRST
2014-03-11 10:20 - 2014-03-11 10:20 - 00000905 _____ () C:\Documents and Settings\Dashel R\Desktop\JRT.txt
2014-03-11 10:17 - 2012-10-01 19:21 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-03-11 10:16 - 2010-07-18 15:12 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-11 10:12 - 2013-12-14 19:11 - 00000958 _____ () C:\WINDOWS\Tasks\SBW_UpdateTask_Time_313931363131383635322d3437415a556c2a3223346c41.job
2014-03-11 10:12 - 2012-10-01 19:17 - 00000366 ____H () C:\WINDOWS\Tasks\MpIdleTask.job
2014-03-11 10:04 - 2004-12-19 23:50 - 01406433 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-11 10:04 - 2004-12-19 23:36 - 00000282 ___SH () C:\boot.ini
2014-03-11 10:04 - 2004-08-10 12:04 - 00000120 _____ () C:\WINDOWS\WIN.INI
2014-03-11 10:04 - 2004-08-10 11:57 - 00000150 _____ () C:\WINDOWS\system.ini
2014-03-11 10:03 - 2014-03-07 21:47 - 00000228 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-11 10:03 - 2014-02-24 20:47 - 00000246 _____ () C:\WINDOWS\Tasks\WefiStartup.job
2014-03-11 10:03 - 2013-12-14 19:11 - 00000958 _____ () C:\WINDOWS\Tasks\SBW_UpdateTask_Logon_313931363131383635322d3437415a556c2a3223346c41.job
2014-03-11 10:03 - 2010-07-18 15:12 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-11 10:03 - 2004-12-19 23:48 - 00002206 _____ () C:\WINDOWS\system32\WPA.DBL
2014-03-11 10:03 - 2004-12-19 23:28 - 00000000 ____D () C:\WINDOWS\system32\IAS
2014-03-11 10:02 - 2004-12-19 23:50 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-11 10:02 - 2004-08-10 11:59 - 00000159 _____ () C:\WINDOWS\WIADEBUG.LOG
2014-03-11 10:02 - 2004-08-10 11:59 - 00000049 _____ () C:\WINDOWS\WIASERVC.LOG
2014-03-11 10:00 - 2004-12-29 02:20 - 00000178 ___SH () C:\Documents and Settings\Dashel R\NTUSER.INI
2014-03-11 10:00 - 2004-12-29 02:20 - 00000000 ____D () C:\Documents and Settings\Dashel R
2014-03-11 10:00 - 2004-12-19 23:50 - 00032364 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-11 09:59 - 2014-02-23 09:41 - 00000000 ____D () C:\AdwCleaner
2014-03-11 09:50 - 2014-03-11 09:50 - 00065536 _____ () C:\WINDOWS\Minidump\Mini031114-01.dmp
2014-03-11 09:50 - 2005-02-28 20:04 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-11 09:49 - 2014-02-26 18:34 - 534855680 _____ () C:\WINDOWS\MEMORY.DMP
2014-03-11 09:44 - 2014-03-11 09:44 - 00026624 _____ () C:\WINDOWS\system32\TrueSight.sys
2014-03-11 09:42 - 2014-03-11 09:42 - 00000000 ____D () C:\Documents and Settings\Dashel R\Desktop\RK_Quarantine
2014-03-11 09:38 - 2013-08-22 09:22 - 00000063 _____ () C:\WINDOWS\qsbset.qsb
2014-03-11 09:37 - 2012-09-26 09:00 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-10 21:17 - 2014-03-01 16:53 - 00000354 _____ () C:\WINDOWS\Tasks\At1.job
2014-03-10 17:22 - 2011-04-02 19:07 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\Any Video Converter
2014-03-10 16:25 - 2005-02-22 18:09 - 00000000 ____D () C:\Program Files\GBA EMU
2014-03-10 15:51 - 2014-03-10 15:14 - 00008192 _____ () C:\Documents and Settings\Dashel R\Final_Fantasy_III_(J)_[T+Eng2.00] GG.sav
2014-03-10 15:51 - 2005-01-20 16:12 - 00000000 ____D () C:\Program Files\Nes_Snes
2014-03-10 15:12 - 2014-03-10 15:02 - 00008192 _____ () C:\Documents and Settings\Dashel R\Final_Fantasy_III_(J)_[T+Eng2.00].sav
2014-03-10 14:46 - 2014-03-10 14:46 - 00000000 _____ () C:\Documents and Settings\Dashel R\Desktop\tempo.txt
2014-03-10 14:41 - 2013-09-15 16:49 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\DEVELOPMENTTOOLS
2014-03-10 12:01 - 2006-03-07 15:19 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\MS
2014-03-09 20:22 - 2014-01-21 18:15 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\My Cheat Tables
2014-03-09 17:59 - 2004-12-30 12:06 - 00113152 _____ () C:\Documents and Settings\Dashel R\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-09 17:06 - 2012-09-29 09:20 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\Freecorder 4
2014-03-09 16:59 - 2004-12-19 23:49 - 00610674 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-08 22:06 - 2014-03-07 21:47 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-08 21:21 - 2010-11-19 19:41 - 00000000 ____D () C:\Documents and Settings\Dashel R\Local Settings\Application Data\FLVService
2014-03-07 16:07 - 2014-03-07 16:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-07 16:07 - 2014-03-07 16:03 - 00005845 _____ () C:\WINDOWS\KB2934207.log
2014-03-07 16:07 - 2013-05-04 22:13 - 00687291 _____ () C:\WINDOWS\setupapi.log
2014-03-07 16:07 - 2004-12-19 23:49 - 05448983 ____C () C:\WINDOWS\FaxSetup.log
2014-03-07 16:07 - 2004-12-19 23:49 - 02678507 ____C () C:\WINDOWS\OCGEN.LOG
2014-03-07 16:07 - 2004-12-19 23:49 - 02097658 ____C () C:\WINDOWS\TSOC.LOG
2014-03-07 16:07 - 2004-12-19 23:49 - 00847351 ____C () C:\WINDOWS\IIS6.LOG
2014-03-07 16:07 - 2004-12-19 23:49 - 00725223 _____ () C:\WINDOWS\COMSETUP.LOG
2014-03-07 16:07 - 2004-12-19 23:49 - 00291207 ____C () C:\WINDOWS\OCMSN.LOG
2014-03-07 16:07 - 2004-12-19 23:49 - 00272628 ____C () C:\WINDOWS\MSGSOCM.LOG
2014-03-07 16:07 - 2004-12-19 23:49 - 00033545 ____C () C:\WINDOWS\ntdtcsetup.log
2014-03-07 16:07 - 1979-12-31 23:00 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-03-07 15:45 - 2013-06-17 01:09 - 00000000 ____D () C:\Program Files\Freecorder
2014-03-07 08:33 - 2014-03-07 08:33 - 00007759 _____ () C:\ESETScan.txt
2014-03-07 05:16 - 2014-01-21 18:14 - 00000000 ____D () C:\Program Files\Cheat Engine 6.3
2014-03-07 05:16 - 2012-11-14 15:38 - 00000000 ____D () C:\Program Files\Free Audio Editor
2014-03-06 20:55 - 2014-03-06 20:55 - 00003707 _____ () C:\JRT.txt
2014-03-06 20:44 - 2014-03-06 20:44 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-06 18:05 - 2014-03-06 18:05 - 00021963 _____ () C:\Result.txt
2014-03-05 23:34 - 2014-03-05 23:34 - 00000000 ____D () C:\Documents and Settings\Dashel R\Local Settings\Application Data\JiveshwarWiFiHotSpotMaker
2014-03-05 21:59 - 2014-03-05 20:18 - 00008192 _____ () C:\Documents and Settings\Dashel R\Final Fantasy III GG.sav
2014-03-05 21:34 - 2014-03-05 21:34 - 00002024 _____ () C:\Documents and Settings\All Users\Desktop\Launch Jiveshwar Wi-Fi Hotspot Maker.lnk
2014-03-05 21:34 - 2014-03-05 21:34 - 00000000 ____D () C:\Program Files\JiveshwarSharma.com
2014-03-05 21:34 - 2014-03-05 21:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\JiveshwarSharma.com
2014-03-05 20:50 - 2013-11-08 12:16 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\RPGVXAce
2014-03-05 20:47 - 2014-03-05 20:30 - 00008192 _____ () C:\Documents and Settings\Dashel R\Final Fantasy III GG GG.sav
2014-03-05 20:26 - 2014-03-05 20:26 - 00000988 _____ () C:\Documents and Settings\Dashel R\My Documents\FFGH.nsp
2014-03-05 20:26 - 2014-03-04 12:31 - 00031373 _____ () C:\Documents and Settings\Dashel R\My Documents\HOJO.nst
2014-03-05 20:24 - 2014-03-05 20:24 - 00031373 _____ () C:\Documents and Settings\Dashel R\My Documents\Final Fantasy III GG.ns1
2014-03-05 20:03 - 2014-03-05 20:02 - 00068957 _____ () C:\Documents and Settings\Dashel R\Downloads\Gilligan's Island.zip
2014-03-05 14:57 - 2004-12-19 23:29 - 00000000 ____D () C:\WINDOWS\Help
2014-03-05 14:49 - 2014-03-01 16:05 - 00001329 _____ () C:\Documents and Settings\Dashel R\Desktop\My DAP Downloads.lnk
2014-03-04 20:55 - 2011-08-06 15:58 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-03-04 16:22 - 2013-02-14 22:04 - 00008192 ____C () C:\Documents and Settings\Dashel R\Final Fantasy III.sav
2014-03-04 15:56 - 2014-03-04 15:56 - 00031373 _____ () C:\Documents and Settings\Dashel R\My Documents\Final Fantasy III.ns1
2014-03-04 12:40 - 2014-03-04 12:36 - 00031361 _____ () C:\Documents and Settings\Dashel R\My Documents\FFIII.nst
2014-03-04 12:31 - 2014-03-04 12:31 - 00000681 _____ () C:\Documents and Settings\Dashel R\My Documents\Final Fantasy III.nsp
2014-03-04 12:30 - 2014-03-04 12:30 - 00031361 _____ () C:\Documents and Settings\Dashel R\Final Fantasy III.ns1
2014-03-04 12:16 - 2014-03-04 12:16 - 00000000 ____D () C:\Documents and Settings\Dashel R\New Folder
2014-03-04 12:16 - 2005-11-21 14:25 - 00000681 ____C () C:\Documents and Settings\Dashel R\zelda2.ns1
2014-03-04 12:15 - 2005-04-03 16:42 - 00000681 ____C () C:\Documents and Settings\Dashel R\zelda.ns4
2014-03-03 15:54 - 2004-08-10 12:08 - 00004632 _____ () C:\WINDOWS\WMSETUP.LOG
2014-03-03 14:24 - 2014-01-16 18:04 - 00008412 _____ () C:\Final Fantasy 1 + 2 - Dawn of Souls.clt
2014-03-02 16:15 - 2004-12-19 23:29 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-03-02 16:07 - 2006-05-31 10:31 - 00000754 ____C () C:\WINDOWS\WORDPAD.INI
2014-03-02 08:56 - 2014-03-01 16:04 - 00000000 ____D () C:\Program Files\DAP
2014-03-01 18:15 - 2014-03-01 18:15 - 00000620 _____ () C:\Documents and Settings\Dashel R\Desktop\Download Accelerator Plus (DAP).lnk
2014-03-01 18:15 - 2014-03-01 16:04 - 00000704 _____ () C:\Documents and Settings\All Users\Start Menu\Download Accelerator Plus (DAP).lnk
2014-03-01 18:15 - 2014-03-01 16:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Download Accelerator Plus (DAP)
2014-03-01 16:18 - 2013-12-14 19:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SpeedBit
2014-03-01 16:04 - 2014-03-01 16:04 - 00000000 ____D () C:\Documents and Settings\Dashel R\Local Settings\Application Data\SpeedBIT
2014-03-01 16:04 - 2014-03-01 16:04 - 00000000 ____D () C:\Documents and Settings\Dashel R\Application Data\SpeedBit
2014-03-01 16:04 - 2004-12-29 02:20 - 00000000 ___RD () C:\Documents and Settings\Dashel R\Start Menu\Programs\Accessories
2014-03-01 15:15 - 2014-03-01 15:15 - 00000000 ____D () C:\Program Files\Common Files\SpeedBit
2014-03-01 13:44 - 2014-02-24 20:41 - 00000000 ____D () C:\Program Files\WeFi
2014-02-28 16:43 - 2012-11-14 15:39 - 00000000 ____D () C:\Documents and Settings\Dashel R\Application Data\Free Audio Editor
2014-02-28 00:06 - 2005-01-01 16:23 - 00000000 ____D () C:\Documents and Settings\Dashel R\Local Settings\Application Data\WMTools Downloaded Files
2014-02-28 00:03 - 2012-11-03 06:42 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\VideoPad Projects
2014-02-27 23:01 - 2012-11-26 10:05 - 00000000 ____D () C:\Documents and Settings\Dashel R\Desktop\New Folder
2014-02-26 15:11 - 2014-02-26 15:11 - 00000000 ____D () C:\Program Files\WIFi Locator
2014-02-26 15:11 - 2014-02-26 15:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WIFi Locator
2014-02-25 18:59 - 2014-03-07 08:47 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-02-25 18:59 - 2014-03-07 08:47 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-02-24 20:48 - 2014-02-24 20:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WeFi
2014-02-24 20:42 - 2014-02-24 20:42 - 00000457 _____ () C:\Documents and Settings\All Users\Desktop\WeFi.lnk
2014-02-22 15:56 - 2014-02-22 15:55 - 17858952 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-02-22 15:56 - 2012-09-26 09:00 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-22 15:56 - 2011-05-19 16:55 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-21 20:48 - 2013-06-17 01:10 - 00000000 ____D () C:\Documents and Settings\Dashel R\Start Menu\Programs\Freecorder
2014-02-19 22:43 - 2009-03-06 09:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-02-19 22:43 - 2004-12-29 03:04 - 00000000 ____D () C:\Documents and Settings\Dashel R\Application Data\Adobe
2014-02-19 18:57 - 2014-02-19 18:57 - 00001552 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-02-19 18:57 - 2014-02-19 18:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-02-19 18:57 - 2014-02-19 18:55 - 00000000 ____D () C:\Program Files\iTunes
2014-02-19 18:57 - 2014-02-19 18:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-19 18:55 - 2010-01-03 07:01 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-19 18:54 - 2014-02-19 18:54 - 00001607 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\About iTunes.lnk
2014-02-19 18:51 - 2014-02-19 18:51 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Apple Computer
2014-02-19 18:51 - 2010-01-03 07:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple
2014-02-19 18:50 - 2014-02-19 18:50 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-18 18:32 - 2008-06-11 01:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951376_0$
2014-02-18 11:07 - 2014-02-18 11:07 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-02-17 22:26 - 2004-12-19 23:49 - 00219000 _____ () C:\WINDOWS\setupact.log
2014-02-17 16:33 - 2014-02-17 16:33 - 00000000 ____D () C:\Documents and Settings\Dashel R\My Documents\jkl
2014-02-17 16:11 - 2014-02-12 11:00 - 00021370 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-17 16:11 - 2009-09-13 16:04 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-02-17 16:11 - 2005-04-12 13:12 - 00732957 ____C () C:\WINDOWS\updspapi.log
2014-02-17 16:11 - 1979-12-31 23:00 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-02-17 16:10 - 2014-02-12 10:57 - 00011082 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-17 16:09 - 2011-04-15 16:08 - 00035091 ____C () C:\WINDOWS\KB2510531-IE8.log
2014-02-17 01:47 - 2008-02-18 19:45 - 00000813 _____ () C:\Documents and Settings\Dashel R\Start Menu\Programs\Internet Explorer.lnk
2014-02-17 01:43 - 2006-03-11 19:49 - 00098748 ____C () C:\WINDOWS\spupdsvc.log
2014-02-17 01:42 - 2009-09-13 15:18 - 01491665 ____C () C:\WINDOWS\ie8_main.log
2014-02-17 01:41 - 2014-02-17 01:38 - 00000000 __HDC () C:\WINDOWS\ie8
2014-02-17 01:41 - 2009-09-13 15:57 - 00325196 ____C () C:\WINDOWS\ie8.log
2014-02-17 01:19 - 2009-09-18 19:01 - 00078092 ____C () C:\WINDOWS\ie8Uninst.log
2014-02-16 23:57 - 2004-12-20 00:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AOL
2014-02-16 23:46 - 2006-06-08 22:25 - 00000000 ____D () C:\kid pics
2014-02-16 23:44 - 2005-08-02 17:28 - 00000000 ____D () C:\Program Files\Disney Interactive
2014-02-16 23:34 - 2014-01-31 17:17 - 00000000 ____D () C:\Documents and Settings\Dashel R\Local Settings\Application Data\WinISO Computing
2014-02-16 23:34 - 2004-12-19 23:59 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-15 20:37 - 2014-02-15 19:14 - 00008192 _____ () C:\Documents and Settings\Dashel R\My Documents\FinalFantasy2.srm
2014-02-15 20:36 - 2014-02-15 19:15 - 00000210 _____ () C:\Documents and Settings\Dashel R\My Documents\rominfo.txt
2014-02-15 01:11 - 2012-09-23 18:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-14 23:03 - 2014-02-14 23:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-12 18:52 - 2004-12-19 23:30 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-12 11:33 - 2014-02-12 04:25 - 00014359 _____ () C:\WINDOWS\KB2916036.log
2014-02-12 11:32 - 2014-02-12 11:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-12 11:23 - 2013-07-28 22:18 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-12 11:10 - 2005-05-10 11:11 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-12 11:00 - 2014-02-12 11:00 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-02-11 13:59 - 2012-11-04 15:18 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-02-11 13:51 - 2014-02-11 13:51 - 00000000 ____D () C:\New Folder
2014-02-11 00:44 - 2014-02-11 00:44 - 00004243 _____ () C:\Documents and Settings\Dashel R\My Documents\Photo Recovery 2014-02-10 at 23.44.05.res

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


Some content of TEMP:
====================
C:\Documents and Settings\C.O\Local Settings\temp\AcsInstall.dll
C:\Documents and Settings\C.O\Local Settings\temp\atl80.dll
C:\Documents and Settings\C.O\Local Settings\temp\insmac2k.dll
C:\Documents and Settings\C.O\Local Settings\temp\libexpat.dll
C:\Documents and Settings\C.O\Local Settings\temp\mfc80.dll
C:\Documents and Settings\C.O\Local Settings\temp\mfc80u.dll
C:\Documents and Settings\C.O\Local Settings\temp\mfcm80.dll
C:\Documents and Settings\C.O\Local Settings\temp\mfcm80u.dll
C:\Documents and Settings\C.O\Local Settings\temp\msvcm80.dll
C:\Documents and Settings\C.O\Local Settings\temp\msvcp80.dll
C:\Documents and Settings\C.O\Local Settings\temp\msvcr80.dll
C:\Documents and Settings\C.O\Local Settings\temp\ocpchk.dll
C:\Documents and Settings\C.O\Local Settings\temp\tbinst.dll
C:\Documents and Settings\C.O\Local Settings\temp\TmDbg32.dll
C:\Documents and Settings\C.O\Local Settings\temp\uninst.dll
C:\Documents and Settings\D R\Local Settings\temp\cabex.dll
C:\Documents and Settings\DR\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\D R\Local Settings\temp\RunWizards.exe
C:\Documents and Settings\D R\Local Settings\temp\SetupUtils6.dll
C:\Documents and Settings\DR\Local Settings\temp\speccycpuid.dll
C:\Documents and Settings\DR\Local Settings\temp\speedmax.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

 

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:28 PM

Posted 11 March 2014 - 01:38 PM


Just like to mentioned that all the programs you did not remove with the AdwCleaner tool are supporting adds.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {1C0A9D8F-DBDD-D292-72D5-646CEFA495BB} URL =
SearchScopes: HKCU - {3752E508-E868-40e0-BF0F-FE6D37499D75} URL = http://www.ask.com/web?&o=13795&l=dis&q={searchTerms}
BHO: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
FF Extension: SelectionLinks - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{148F8DC8-9EA9-456C-A170-A8789FEA0E06} [2013-06-12]
FF Extension: Ghostery - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\firefox@ghostery.com.xpi [2013-08-02]
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CCCP106; system32\DRIVERS\cccp106.sys [X]
S3 cpuz136; \??\C:\DOCUME~1\DASHEL~1\LOCALS~1\Temp\cpuz136\cpuz136_x32.sys [X]
S3 mcdbus; system32\DRIVERS\mcdbus.sys [X]
S3 mfeavfk06; \Device\mfeavfk06.sys [X]
S3 mfebopk26; \Device\mfebopk26.sys [X]
U3 Pcsimgrsii; No ImagePath
S3 pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys [X]
S3 SBUpdd; \??\C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [X]
S3 SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys [X]
S2 StarOpen; No ImagePath
U3 TlntSvr;

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what issues you are still having with this computer.

#8 faye raye

faye raye
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:28 PM

Posted 11 March 2014 - 08:18 PM

Just like to mentioned that all the programs you did not remove with the AdwCleaner tool are supporting adds.

 

 

Two of them I've had for a while and I know how they work, but I realized I didn't need the ViewPoint so I removed it.

 

Here's the Fix Log:

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2014
Ran by D R at 2014-03-11 17:31:33 Run:1
Running from C:\Documents and Settings\D R\My Documents\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start

SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {1C0A9D8F-DBDD-D292-72D5-646CEFA495BB} URL =
SearchScopes: HKCU - {3752E508-E868-40e0-BF0F-FE6D37499D75} URL = http://www.ask.com/web?&o=13795&l=dis&q={searchTerms}
BHO: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
FF Extension: SelectionLinks - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{148F8DC8-9EA9-456C-A170-A8789FEA0E06} [2013-06-12]
FF Extension: Ghostery - C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\firefox@ghostery.com.xpi [2013-08-02]
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CCCP106; system32\DRIVERS\cccp106.sys [X]
S3 cpuz136; \??\C:\DOCUME~1\DASHEL~1\LOCALS~1\Temp\cpuz136\cpuz136_x32.sys [X]
S3 mcdbus; system32\DRIVERS\mcdbus.sys [X]
S3 mfeavfk06; \Device\mfeavfk06.sys [X]
S3 mfebopk26; \Device\mfebopk26.sys [X]
U3 Pcsimgrsii; No ImagePath
S3 pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys [X]
S3 SBUpdd; \??\C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [X]
S3 SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys [X]
S2 StarOpen; No ImagePath
U3 TlntSvr;

end
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1C0A9D8F-DBDD-D292-72D5-646CEFA495BB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{1C0A9D8F-DBDD-D292-72D5-646CEFA495BB} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3752E508-E868-40e0-BF0F-FE6D37499D75} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{3752E508-E868-40e0-BF0F-FE6D37499D75} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => Key deleted successfully.
HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => Key not found.
HKLM\Software\MozillaPlugins\@viewpoint.com/VMP => Key not found.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll not found.

"C:\Documents and Settings\D R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{148F8DC8-9EA9-456C-A170-A8789FEA0E06}" directory move:

C:\Documents and Settings\DR\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{148F8DC8-9EA9-456C-A170-A8789FEA0E06}\chrome.manifest => Moved successfully.
C:\Documents and Settings\DR\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{148F8DC8-9EA9-456C-A170-A8789FEA0E06}\install.rdf => Moved successfully.
C:\Documents and Settings\DR\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{148F8DC8-9EA9-456C-A170-A8789FEA0E06}\install.rdf.old => Moved successfully.
C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{148F8DC8-9EA9-456C-A170-A8789FEA0E06}\skin\overlay.css => Moved successfully.
C:\Documents and Settings\DR\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{148F8DC8-9EA9-456C-A170-A8789FEA0E06}\locale\.DS_Store => Moved successfully.
C:\Documents and Settings\DR\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{148F8DC8-9EA9-456C-A170-A8789FEA0E06}\locale\en-US\.DS_Store => Moved successfully.
C:\Documents and Settings\DR\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{148F8DC8-9EA9-456C-A170-A8789FEA0E06}\locale\en-US\._vfdownload.properties => Moved successfully.
C:\Documents and Settings\D R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{148F8DC8-9EA9-456C-A170-A8789FEA0E06}\locale\en-US\vfdownload.properties => Moved successfully.
C:\Documents and Settings\D R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{148F8DC8-9EA9-456C-A170-A8789FEA0E06}\defaults\.DS_Store => Moved successfully.
C:\Documents and Settings\DR\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{148F8DC8-9EA9-456C-A170-A8789FEA0E06}\defaults\preferences\.DS_Store => Moved successfully.
C:\Documents and Settings\DR\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{148F8DC8-9EA9-456C-A170-A8789FEA0E06}\defaults\preferences\vfdownload.js => Moved successfully.
C:\Documents and Settings\DR\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{148F8DC8-9EA9-456C-A170-A8789FEA0E06}\content\.DS_Store => Moved successfully.
C:\Documents and Settings\DR\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{148F8DC8-9EA9-456C-A170-A8789FEA0E06}\content\firefoxOverlay.xul => Moved successfully.
C:\Documents and Settings\DR\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{148F8DC8-9EA9-456C-A170-A8789FEA0E06}\content\installid.js => Moved successfully.
C:\Documents and Settings\DR\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{148F8DC8-9EA9-456C-A170-A8789FEA0E06}\content\overlay.js => Moved successfully.
C:\Documents and Settings\DR\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{148F8DC8-9EA9-456C-A170-A8789FEA0E06}\content\vfdownload.js => Moved successfully.
C:\Documents and Settings\DR\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{148F8DC8-9EA9-456C-A170-A8789FEA0E06}\content\vfdownload.js.old => Moved successfully.
Could not move "C:\Documents and Settings\DR\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{148F8DC8-9EA9-456C-A170-A8789FEA0E06}" directory. => Scheduled to move on reboot.

C:\Documents and Settings\DR\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\firefox@ghostery.com.xpi => Moved successfully.
anvsnddrv => Service deleted successfully.
catchme => Service deleted successfully.
CCCP106 => Service deleted successfully.
cpuz136 => Service deleted successfully.
mcdbus => Service deleted successfully.
mfeavfk06 => Service deleted successfully.
mfebopk26 => Service deleted successfully.
Pcsimgrsii => Service deleted successfully.
pgfilter => Service deleted successfully.
SBUpdd => Service deleted successfully.
SDDMI2 => Service deleted successfully.
StarOpen => Service deleted successfully.
TlntSvr => Service deleted successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-03-11 17:46:21)<=

C:\Documents and Settings\DR\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Extensions\{148F8DC8-9EA9-456C-A170-A8789FEA0E06} => Moved successfully.

==== End of Fixlog ====

 

 

 

It's lessened, but there's still an audio issue,



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:28 PM

Posted 12 March 2014 - 08:50 AM

You will need to remove the items identified by the AdwCleaner tool.

You can remove them all. One at a time if you like.
If it does not solve your problem then you can de-quarantine the program(s) with the AdwCleaner tool.

If you did not used this MBAM tool before run it.

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.list]
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with the Malwarebytes Anti-Malware log once it's complete.
===

#10 faye raye

faye raye
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:28 PM

Posted 12 March 2014 - 08:33 PM

Here it is. I'm still having the audio issues.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.12.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dashel R :: NO1 [administrator]

3/12/2014 4:36:39 PM
mbam-log-2014-03-12 (16-36-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 329782
Time elapsed: 1 hour(s), 5 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:28 PM

Posted 13 March 2014 - 10:05 AM

Is the audio running when you are using IE, Chrome and or Firefox?

#12 faye raye

faye raye
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:28 PM

Posted 13 March 2014 - 02:43 PM

Yes, I've checked it with and without Internet on. The issue sounds exactly the same as when the PC was afflicted by malware in the past. It's also still having the AOL re-connecting issue, and browser window freezing.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:28 PM

Posted 14 March 2014 - 06:46 AM

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

#14 faye raye

faye raye
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:28 PM

Posted 15 March 2014 - 10:08 AM

Here it is: 

 

 

ComboFix 14-03-13.01 - DR 03/15/2014   3:56.14.1 - x86
Microsoft Windows XP Home Edition  [GMT -7:00]
Running from: c:\documents and settings\DR\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\DR\WINDOWS
C:\install.exe
c:\windows\system32\drivers\etc\hosts.ics
C:\WindowsXP-KB894391-x86-ENU.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-15 to 2014-03-15  )))))))))))))))))))))))))))))))
.
.
2014-03-13 23:13 . 2014-02-06 07:08    7947048    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8889F1E2-CDD5-446E-B4AE-8E835C677698}\mpengine.dll
2014-03-12 22:25 . 2014-03-12 22:25    --------    d-----w-    c:\documents and settings\Dashel R\Local Settings\Application Data\Freecorder
2014-03-12 22:25 . 2014-03-12 22:25    --------    d-----w-    c:\program files\Freecorder
2014-03-12 16:47 . 2014-02-06 07:08    7947048    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-11 17:23 . 2014-03-12 00:46    --------    d-----w-    C:\FRST
2014-03-11 16:44 . 2014-03-11 16:44    26624    ----a-w-    c:\windows\system32\TrueSight.sys
2014-03-07 15:47 . 2014-02-26 01:59    13312    -c----w-    c:\windows\system32\dllcache\xp_eos.exe
2014-03-07 15:47 . 2014-02-26 01:59    13312    ------w-    c:\windows\system32\xp_eos.exe
2014-03-07 03:44 . 2014-03-07 03:44    --------    d-----w-    c:\windows\ERUNT
2014-03-06 06:34 . 2014-03-06 06:34    --------    d-----w-    c:\documents and settings\Dashel R\Local Settings\Application Data\JiveshwarWiFiHotSpotMaker
2014-03-06 04:34 . 2014-03-06 04:34    --------    d-----w-    c:\program files\JiveshwarSharma.com
2014-03-04 19:16 . 2014-03-04 19:16    --------    d-----w-    c:\documents and settings\Dashel R\New Folder
2014-03-01 23:04 . 2014-03-01 23:04    --------    d-----w-    c:\documents and settings\Dashel R\Local Settings\Application Data\SpeedBIT
2014-03-01 23:04 . 2014-03-01 23:04    --------    d-----w-    c:\documents and settings\Dashel R\Application Data\SpeedBit
2014-03-01 23:04 . 2014-03-02 15:56    --------    d-----w-    c:\program files\DAP
2014-03-01 22:15 . 2014-03-01 22:15    --------    d-----w-    c:\program files\Common Files\SpeedBit
2014-02-26 22:11 . 2014-02-26 22:11    --------    d-----w-    c:\program files\WIFi Locator
2014-02-25 03:41 . 2014-03-01 20:44    --------    d-----w-    c:\program files\WeFi
2014-02-23 16:41 . 2014-03-12 21:42    --------    d-----w-    C:\AdwCleaner
2014-02-20 01:55 . 2014-02-20 01:57    --------    d-----w-    c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-20 01:55 . 2014-02-20 01:57    --------    d-----w-    c:\program files\iTunes
2014-02-20 01:51 . 2014-02-20 01:51    --------    d-----w-    c:\documents and settings\LocalService\Application Data\Apple Computer
2014-02-20 01:50 . 2014-02-20 01:50    --------    d-----w-    c:\program files\Bonjour
2014-02-17 08:38 . 2014-02-17 08:41    --------    dc-h--w-    c:\windows\ie8
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-13 21:39 . 2012-09-26 16:00    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-13 21:39 . 2011-05-19 23:55    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-24 11:46 . 2008-04-14 10:42    920064    ----a-w-    c:\windows\system32\wininet.dll
2014-02-24 11:45 . 2008-04-14 10:41    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2014-02-24 11:45 . 2008-04-14 10:42    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-02-24 11:45 . 2008-04-14 10:41    18944    ----a-w-    c:\windows\system32\corpol.dll
2014-02-24 10:54 . 2008-04-14 05:07    385024    ----a-w-    c:\windows\system32\html.iec
2014-02-07 02:01 . 2008-04-14 06:00    1879040    ----a-w-    c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2008-04-14 10:42    562688    ----a-w-    c:\windows\system32\qedit.dll
2014-01-19 07:32 . 2012-09-28 07:48    231584    ------w-    c:\windows\system32\MpSigStub.exe
2014-01-04 03:13 . 2008-04-14 10:42    420864    ----a-w-    c:\windows\system32\vbscript.dll
2005-06-01 18:14 . 2005-06-01 18:09    823296    -c--a-w-    c:\program files\winmx353.exe
2005-05-20 09:16 . 2005-05-20 09:15    4354084    -c--a-w-    c:\program files\spybotsd13.exe
2005-05-20 09:04 . 2005-05-14 23:58    37700    -c--a-w-    c:\program files\PopUpStopperFree.exe
2005-05-12 21:47 . 2005-05-12 21:47    3149616    -c--a-w-    c:\program files\dap74.exe
2005-05-04 01:59 . 2005-05-04 01:36    6179507    -c--a-w-    c:\program files\4UWMAMP3Converter.exe
2004-12-30 20:08 . 2004-12-30 20:08    7741336    -c--a-w-    c:\program files\DivX521XP2K.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}]
2014-03-01 23:04    442472    ----a-w-    c:\program files\DAP\LinkVerifier.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2014-03-02 4110992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-12 44032]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 290816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dashel R^Start Menu^Programs^Startup^Seagate NA05YTFH Product Registration.lnk]
path=c:\documents and settings\Dashel R\Start Menu\Programs\Startup\Seagate NA05YTFH Product Registration.lnk
backup=c:\windows\pss\Seagate NA05YTFH Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Absolute StartUp monitor]
2005-04-06 17:14    163840    -c--a-w-    c:\program files\F-Group\Absolute StartUp\ASMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2003-08-18 19:08    45139    ----a-w-    c:\program files\America Online 9.0\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2010-07-13 20:40    70720    ------r-    c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 01:17    207424    -c--a-w-    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42    15360    ----a-w-    c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]
2004-06-18 15:30    290816    ----a-w-    c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 15:24    16384    -c--a-w-    c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
2010-06-26 17:09    167936    ----a-w-    c:\program files\Freecorder\FLVSrvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-03-08 07:27    41800    -c--a-w-    c:\program files\Common Files\AOL\1366905743\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-01-21 00:32    152392    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
2011-05-04 23:40    144608    -c--a-w-    c:\program files\Memeo\AutoSync\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Instant Backup]
2011-05-04 21:04    136416    -c--a-w-    c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12    1695232    -c--a-w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08    417792    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2012-02-06 12:24    451856    -c--a-w-    c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2011-06-01 16:42    79112    ----a-w-    c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 07:01    110592    ----a-w-    c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ACDaemon"=2 (0x2)
"0096561348771546mcinstcleanup"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"ImapiService"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"AOL ACS"=2 (0x2)
"!SASCORE"=2 (0x2)
"SbieSvc"=2 (0x2)
"SeagateDashboardService"=2 (0x2)
"MemeoBackgroundService"=2 (0x2)
"VideoAcceleratorService"=2 (0x2)
"SBUpd"=2 (0x2)
"pcregservice"=2 (0x2)
"WefiEngSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Nes_Snes\\zsnesw.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\dplaysvr.exe"=
"c:\\Documents and Settings\\Dashel R\\My Documents\\Downloads\\vbaserver.exe"=
"c:\\Documents and Settings\\Dashel R\\My Documents\\Downloads\\VisualBoyAdvance.exe"=
"c:\\Program Files\\GBA EMU\\VisualBoyAdvance.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Documents and Settings\\Dashel R\\My Documents\\Downloads\\pcsxr\\pcsxr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-03-01 35144]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-24 25704]
R4 0096561348771546mcinstcleanup;McAfee Application Installer Cleanup (0096561348771546);c:\docume~1\DASHEL~1\LOCALS~1\Temp\009656~1.EXE [x]
R4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-05-04 25824]
R4 pcregservice;pcregservice Service;c:\program files\pcreg\pcreg.exe [x]
R4 SBUpd;SpeedBit Update;c:\program files\Common Files\SpeedBit\SBUpdate\sbu.exe [x]
R4 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
R4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe [x]
R4 WefiEngSvc;WeFi Engine Service;c:\program files\WeFi\WefiEngSvc.exe [2010-11-03 120152]
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\VMLaunch\BuddyVM.sys [2004-10-05 15872]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-26 21:39]
.
2014-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2014-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 22:12]
.
2014-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 22:12]
.
2014-03-15 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 22:25]
.
2014-03-15 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-07 01:59]
.
2014-03-09 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-07 01:59]
.
2014-03-15 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 22:25]
.
2014-03-15 c:\windows\Tasks\SBW_UpdateTask_Logon_313931363131383635322d3437415a556c2a3223346c41.job
- c:\windows\system32\wscript.exe [2008-04-14 11:24]
.
2014-03-14 c:\windows\Tasks\SBW_UpdateTask_Time_313931363131383635322d3437415a556c2a3223346c41.job
- c:\windows\system32\wscript.exe [2008-04-14 11:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Verify with DAP - c:\program files\DAP\dapverify.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {{413D68F3-BF21-4E7B-ACA6-50C6394304BC} - c:\program files\FreshDevices\FreshDownload\fd.exe
LSP: c:\program files\SpeedBit Video Accelerator\sblsp.dll
Trusted Zone: YouTube.com
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\DAP\dapie.dll
Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-pcreg - c:\program files\pcreg\service.exe
MSConfigStartUp-pcreg - c:\program files\pcreg\service.exe
AddRemove-AOL Toolbar - c:\program files\AOL Toolbar\UNWISE.EXE
AddRemove-Freecorder4.1 - c:\windows\Freecorder\uninstall.exe
AddRemove-VideoPad - c:\program files\NCH Software\VideoPad\videopad.exe
AddRemove-{8915B73A-4ECB-4384-A63F-1321C73B75B7}_is1 - c:\program files\Quick Site Blocker 2\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-15 04:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-329806685-2581723038-1583669757-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-329806685-2581723038-1583669757-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{986DFB37-1CA8-30DC-044A-5AA4FA3E22AD}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jacoidbonofaknlinkhf"=hex:62,61,6a,68,00,00
"jacoidbonofaknlinklf"=hex:62,61,6a,68,00,00
"iacpeajpmenhclkdfc"=hex:6b,61,70,68,6e,70,6f,6e,64,6e,70,69,70,66,61,6b,6a,67,
   70,6f,6f,6a,00,00
"hainoadiplcgabpd"=hex:6b,61,70,68,6e,70,6f,6e,64,6e,70,69,70,66,61,6b,6a,67,
   70,6f,6f,6a,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{568ad20d-85c9-4122-961d-4116e3ee661f}]
@Denied: (Full) (Everyone)
"Model"=dword:00000000
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,88,79,0d,22,8e,33,17,75,e6,82,db,74,d6,1f,ea,8f,64,51,35,36,23,e5,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):95,93,09,1a,1a,61,9d,92,bf,7b,a6,18,ad,29,20,06,12,4a,36,33,6c,
   e0,3d,9f,ea,7b,29,27,c1,0f,84,21,f8,bc,a4,8a,a6,f5,00,e1,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(732)
c:\program files\SpeedBit Video Accelerator\sblsp.dll
.
Completion time: 2014-03-15  04:26:22
ComboFix-quarantined-files.txt  2014-03-15 11:26
ComboFix2.txt  2013-08-15 14:26
ComboFix3.txt  2013-06-20 06:41
ComboFix4.txt  2013-03-06 07:18
ComboFix5.txt  2014-03-14 16:34
.
Pre-Run: 28,413,181,952 bytes free
Post-Run: 28,742,725,632 bytes free
.
- - End Of File - - 506FD0C1897C0B96872A154917D6B88B
B16A2359F4962B0C622D81A1C1F4B703



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:28 PM

Posted 15 March 2014 - 01:01 PM

Open notepad and copy/paste the text in the quote box below into it:
 
Driver::
0096561348771546mcinstcleanup
SBUpd
pcregservice
VideoAcceleratorService

ClearJavaCache::
Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Let me know what problem persists.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users