Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gmer rootkit causes my computer to blue screen at launch


  • This topic is locked This topic is locked
21 replies to this topic

#1 Abacus89

Abacus89

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 10 March 2014 - 04:19 PM

I am running XP Service Pack 3. 

 

I was having difficulty in successfully completing a scan with Microsoft Security Essentials.  The computer was freezing during the scan. 

 

Eventually, I removed that antivirus and loaded AVG Free 2014.  It found and healed Trojan horse Generic9_c.BCED.  A little while longer, AVG's Resident Shield then secured the same trojan from what appears to be the restore directory.

 

Not certain that all of the malware has been completely eradicated, I scanned my computer in both safe and normal modes with Malwarebytes, SUPERantispyware, and Comodo.  All scans have been clean.

 

After these checks, I brought my computer back online and installed the free firewall Zone Alarm. 

 

Lastly, I wanted to check the computer with some rootkit software.  The first software that I tried was Gmer Rootkit.  It immediately threw me into a blue screen.  I took a photograph of the blue screen, but, the first few lines state:

 

A problem has been detected and windows has been shut down to prevent damage to your computer.  BAD_POOL_HEADER

 

So in summary, I know that I had a trojan.  AVG states that it was healed.  I tried to ensure that I do not have a rootkit, but GMER would not run.  Please help me gain the confidence that all of the malware has been eradicated.  Thanking you in advance.

 

DDS contents

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by David and Tara at 13:48:57 on 2014-03-10
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2814.1751 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Free Firewall Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2014\avgscanx.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
uURLSearchHooks: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned>
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [TClockEx] c:\program files\tclockex\TCLOCKEX.EXE
uRun: [ISUSPM] "c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe" -scheduler
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [AVG-Secure-Search-Update_0214c] c:\documents and settings\david and tara\application data\avg 0214c campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=899be788984147d2846ed14d0de1b203-ec095771bfbe3d7dc6c018678f8e050bdcce41eb /CMPID=0214c
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [IndexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"
mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\12\config\ereg\Ereg.ini"
mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe
mRun: [NPSStartup] <no file>
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 9\Snagit32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\speccy.lnk - c:\program files\speccy\Speccy.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Open with KUSO EXIF Viewer - c:\program files\kuso exif viewer\EXIF.htm
IE: Open with PDF Viewer Plus - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvLsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1346772761750
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340893798343
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: NameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{DF85662A-103D-4896-B585-8B7959FA7C3C} : DHCPNameServer = 68.94.156.1 68.94.157.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\david and tara\application data\mozilla\firefox\profiles\4tafqvml.default-1387478701312\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: c:\documents and settings\david and tara\application data\electronic arts\game face\npGameFacePlugin.dll
FF - plugin: c:\documents and settings\david and tara\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_70.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-11-25 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-25 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-25 210712]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-1-19 22808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-11-1 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-4-4 332248]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-4-4 212568]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2014-1-29 529968]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files\adobe\elements 11 organizer\PhotoshopElementsFileAgent.exe [2012-9-23 171600]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 163840]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-1-22 3788816]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2012-3-10 54760]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-1-8 239528]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-10 418376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-3-15 104880]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys [2013-8-13 10240]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files\checkpoint\zonealarm\ZAPrivacyService.exe [2013-10-15 50704]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2012-6-22 71424]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2012-6-22 11520]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-6-22 245760]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2013-1-8 36608]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-24 22856]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-4-4 69208]
S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-24 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-3-21 1691480]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 kftdqaog;kftdqaog;\??\c:\docume~1\davida~1\locals~1\temp\kftdqaog.sys --> c:\docume~1\davida~1\locals~1\temp\kftdqaog.sys [?]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2013-6-8 15896]
S3 MFE_RR;MFE_RR;\??\c:\docume~1\davida~1\locals~1\temp\mfe_rr.sys --> c:\docume~1\davida~1\locals~1\temp\mfe_rr.sys [?]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-4-4 69208]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-4-4 94040]
S3 Spyder4;Datacolor Spyder4;c:\windows\system32\drivers\dccmtr.sys [2011-7-12 12288]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2003-3-31 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\drivers\zghsmdm.sys [2013-6-8 113688]
.
=============== Created Last 30 ================
.
2014-03-10 19:57:28    --------    d-----w-    C:\TDSSKiller_Quarantine
2014-03-10 18:53:16    --------    d-----w-    c:\program files\Speccy
2014-03-10 16:07:42    --------    d-----w-    c:\program files\CheckPoint
2014-03-10 16:06:13    --------    d-----w-    c:\documents and settings\all users\application data\CheckPoint
2014-03-07 21:54:22    --------    d-----w-    c:\documents and settings\david and tara\application data\AVG2014
2014-03-07 21:53:43    --------    d-----w-    c:\documents and settings\david and tara\application data\TuneUp Software
2014-03-07 21:53:17    --------    d--h--w-    C:\$AVG
2014-03-07 21:53:16    --------    d-----w-    c:\documents and settings\all users\application data\AVG2014
2014-03-07 21:52:50    --------    d-----w-    c:\program files\AVG
2014-03-07 21:49:28    --------    d--h--w-    c:\documents and settings\all users\application data\Common Files
2014-03-07 21:49:27    --------    d-----w-    c:\documents and settings\david and tara\local settings\application data\MFAData
2014-03-07 21:49:27    --------    d-----w-    c:\documents and settings\david and tara\local settings\application data\Avg2014
2014-03-07 21:49:27    --------    d-----w-    c:\documents and settings\all users\application data\MFAData
2014-03-07 14:48:33    --------    d-----w-    C:\CCE_Quarantine
2014-02-20 15:25:32    --------    d-----w-    C:\New Folder
2014-02-19 17:33:17    --------    d-----r-    c:\program files\Skype
.
==================== Find3M  ====================
.
2014-02-22 00:41:19    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-22 00:41:19    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-02-05 23:26:52    920064    ----a-w-    c:\windows\system32\wininet.dll
2014-02-05 23:26:43    43520    ------w-    c:\windows\system32\licmgr10.dll
2014-02-05 23:26:42    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2014-02-05 23:26:37    18944    ----a-w-    c:\windows\system32\corpol.dll
2014-02-05 22:24:05    385024    ------w-    c:\windows\system32\html.iec
2014-01-27 17:58:46    231584    ------w-    c:\windows\system32\MpSigStub.exe
2014-01-20 05:46:54    22808    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2014-01-04 03:13:05    420864    ----a-w-    c:\windows\system32\vbscript.dll
.
============= FINISH: 13:49:40.81 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:09 PM

Posted 13 March 2014 - 04:02 PM

Good evening. :)

 

 

A little while longer, AVG's Resident Shield then secured the same trojan from what appears to be the restore directory.

 

I'm guessing that was System Volume Information which is computer speak for System restore. Unfortunately when SR runs it backs up what it is programmed to with no regard for naughtiness. Detections in there pose no threat as long as the Restore Point that has the file(s) in isn't used to restore the computer to. Over time Windows overwrites the RPs and so all is well.

 

 

 

Lastly, I wanted to check the computer with some rootkit software.  The first software that I tried was Gmer Rootkit.  It immediately threw me into a blue screen.  I took a photograph of the blue screen, but, the first few lines state:

 

A problem has been detected and windows has been shut down to prevent damage to your computer.  BAD_POOL_HEADER

 

This isn't unknown - it's a driver issue I think.

 

 

Please help me gain the confidence that all of the malware has been eradicated.

 

Let's start with a different anti-rootkit scanner then. Although it is still in beta it's been stable for quite a while and we are only going to scan with it. If it finds something we'll cross that bridge then.

Please download MalwareBytes Anti-Rootkit Scanner from this page and save it to your Desktop - when you run the executable it will create a folder on your Desktop called mbar and run the scanner.

If you are prompted about Registry value "AppInit_Dlls", please click No to continue.

Allow the tool to check for updates when prompted, and then click Next when this step has completed.
Click Scan to begin the scan - surprised, huh!
Once the scan has completed, which make take some time, DO NOT click the Cleanup button - simply close the application.

Please post the contents of the log mbar-log-date/time.txt that you should find in the mbar folder.


So long, and thanks for all the fish.

 

 


#3 Abacus89

Abacus89
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 14 March 2014 - 12:33 PM

Thank you for assisting me.

 

I downloaded the exe file as specified.  I turned off my ZoneAlarm Firewall to avoid receiving any prompts from them.  The scan completed without finding any malware.  After the scan, I could not find the mbar-log-date/time.txt file that you specified.  Instead, I found a file named system-log.txt.  I believe that this is what you are looking for.  Contents provided below.

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.399000 GHz
Memory total: 2951180288, free: 1860956160

=======================================
Initializing...
------------ Kernel report ------------
     03/14/2014 09:45:39
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
spkp.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SCSIPORT.SYS
ACPI.sys
pci.sys
ohci1394.sys
\WINDOWS\System32\DRIVERS\1394BUS.SYS
isapnp.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
nvgts.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
avgrkx86.sys
avglogx.sys
avgmfx86.sys
avgidshx.sys
\SystemRoot\System32\DRIVERS\nic1394.sys
\SystemRoot\System32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\L8042mou.Sys
\SystemRoot\system32\DRIVERS\LMouKE.Sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\L8042Kbd.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\P17.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\ctoss2k.sys
\SystemRoot\system32\DRIVERS\ctsfm2k.sys
\SystemRoot\System32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\nvnetbus.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\SBFWIM.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\NVENETFD.sys
\SystemRoot\system32\DRIVERS\NVNRM.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda32.sys
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\system32\drivers\SbFw.sys
\SystemRoot\system32\drivers\sbtis.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\vsdatant.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\BrScnUsb.sys
\SystemRoot\system32\DRIVERS\BrUsbSIb.sys
\SystemRoot\system32\DRIVERS\BrSerIb.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\system32\DRIVERS\avgdiskx.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvgts.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\DDCDrv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\FsUsbExDisk.SYS
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR6
Upper Device Object: 0xffffffff88fa0ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000091\
Lower Device Object: 0xffffffff88f0c830
Lower Device Driver Name: \Driver\USBSTOR\
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR6
Upper Device Object: 0xffffffff88fa0ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000091\
Lower Device Object: 0xffffffff88f0c830
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR5
Upper Device Object: 0xffffffff88f5c030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008f\
Lower Device Object: 0xffffffff890fd7b0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR4
Upper Device Object: 0xffffffff88f6dab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008e\
Lower Device Object: 0xffffffff88f6bc00
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR3
Upper Device Object: 0xffffffff88fa9ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008d\
Lower Device Object: 0xffffffff88fa1ea0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xffffffff892e8ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008c\
Lower Device Object: 0xffffffff890f8ea0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8afd8ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Scsi\nvgts2Port3Path0Target0Lun0\
Lower Device Object: 0xffffffff8b059a38
Lower Device Driver Name: \Driver\nvgts\
Driver name found: nvgts
Initialization returned 0x0
Port sub-driver loaded: \??\C:\WINDOWS\system32\drivers\scsiport.sys (0x0)
Load Function returned 0x0
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8afd8ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8afd8890, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8afd8ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8b059920, DeviceName: \Device\00000075\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8b059a38, DeviceName: \Device\Scsi\nvgts2Port3Path0Target0Lun0\, DriverName: \Driver\nvgts\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe521d218, 0xffffffff8afd8ab8, 0xffffffff883b7ab8
Lower DeviceData: 0xffffffffe510f348, 0xffffffff8b059a38, 0xffffffff882e8f18
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 67D967D9

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 1953503937
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff892e8ab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88f71020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff892e8ab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff890f8ea0, DeviceName: \Device\0000008c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff88fa9ab8, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88fa3cf0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff88fa9ab8, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff88fa1ea0, DeviceName: \Device\0000008d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff88f6dab8, DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88f6d020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff88f6dab8, DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff88f6bc00, DeviceName: \Device\0000008e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff88f5c030, DeviceName: \Device\Harddisk4\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88f5b020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff88f5c030, DeviceName: \Device\Harddisk4\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff890fd7b0, DeviceName: \Device\0000008f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xffffffff88fa0ab8, DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88ef6798, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff88fa0ab8, DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff88f0c830, DeviceName: \Device\00000091\, DriverName: \Driver\USBSTOR\
------------ End ----------
Read File:  File "c:\documents and settings\all users\application data\avg2014\chjw\fcb0bb55b0bb155c.dat:02438c14-bbba-480b-8b30-330bd3bd800f" is sparse (flags = 32768)
Scan finished
 



#4 Abacus89

Abacus89
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 14 March 2014 - 12:35 PM

Sorry.  After hitting finished, the file that you asked for appeared in the directory.  Contents below.

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2013.10.02.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
 :: ENPOWER-DESKTOP [administrator]

3/14/2014 9:45:45 AM
mbar-log-2014-03-14 (09-45-45).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 239805
Time elapsed: 38 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 



#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:09 PM

Posted 14 March 2014 - 04:42 PM

Good evening. :)

That looks OK so i'd like you to run the PC for a day or two, throwing in at least one reboot and then do the following:

 

Pay a visit to the ESET Online Scanner.

  • Click the Run ESET Online Scanner button.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

 

Also, download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

 


So long, and thanks for all the fish.

 

 


#6 Abacus89

Abacus89
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 14 March 2014 - 05:40 PM

Sounds like a plan.  I have been using my laptop rather than the concerned desktop up until now.  For what it is worth, my plan is to avoid accessing any websites that require a username / password.  I will provide you with an update in about 2 days.



#7 Abacus89

Abacus89
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 17 March 2014 - 03:13 PM

I became sick over the weekend.  So sadly, I was not able to use my computer much.  I am feeling better now, so I will start using my computer and run ESET on Wednesday.



#8 Abacus89

Abacus89
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 20 March 2014 - 12:25 PM

Finally started using my computer again.  Will run ESET tomorrow or Friday.



#9 Abacus89

Abacus89
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 22 March 2014 - 03:22 PM

After using the computer on the internet for  6+ hours and using my more common applications, I ran the programs that you asked.

 

ESET Results:

 

C:\Downloaded Programs\Applications\Piriform\CCleaner 316\ccsetup316.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Downloaded Programs\Applications\Piriform\CCleaner 319\ccsetup319.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Downloaded Programs\Applications\Piriform\CCleaner 321\ccsetup321.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Downloaded Programs\Applications\Piriform\CCleaner 322\ccsetup322.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Downloaded Programs\Applications\Piriform\CCleaner 324\ccsetup324.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Downloaded Programs\Applications\Piriform\CCleaner 326\ccsetup326.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Downloaded Programs\Applications\Piriform\CCleaner 400\ccsetup400.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Downloaded Programs\Applications\Piriform\CCleaner 403\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Downloaded Programs\Applications\Piriform\Defraggler 209\dfsetup209.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Downloaded Programs\Applications\Piriform\Defraggler 210\dfsetup210-413.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Downloaded Programs\Applications\Piriform\Defraggler 210\dfsetup210-424.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Downloaded Programs\Applications\Piriform\Defraggler 211\dfsetup211.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Downloaded Programs\Applications\Piriform\Defraggler 212\dfsetup212.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Downloaded Programs\Applications\Piriform\Defraggler 213\dfsetup213.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Downloaded Programs\Applications\Piriform\Defraggler 214\dfsetup214.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Downloaded Programs\Applications\Piriform\DeFraggler 217\dfsetup217.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Downloaded Programs\Applications\Piriform\Speccy 116\spsetup116.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Downloaded Programs\Applications\Piriform\Speccy 117\spsetup117.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Downloaded Programs\Applications\Piriform\Speccy 118\spsetup118.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Downloaded Programs\Applications\Piriform\Speccy 119\spsetup119.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Downloaded Programs\Applications\Piriform\Speccy 120\spsetup120.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Downloaded Programs\Applications\Piriform\Speccy 122\spsetup122.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Downloaded Programs\Applications\Piriform\Speccy 125\spsetup125.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Downloaded Programs\Hardware\Video Card - Nvidia EVGI 8500GT 512MB PCIE\Driver Fusion 1.60\driver_fusion_1.6.0.exe Win32/OpenCandy potentially unsafe application
C:\Downloaded Programs\Hardware\Video Card - PNY Nvidia GeForce GT 630\Driver Fusion 1.60\driver_fusion_1.6.0.exe Win32/OpenCandy potentially unsafe application

 

___________________________________________________________________________________________

OTL.txt

 

OTL logfile created on: 3/22/2014 12:50:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\David and Tara\Desktop\OTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.75 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 60.82% Memory free
4.59 Gb Paging File | 3.66 Gb Available in Paging File | 79.82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 508.19 Gb Free Space | 54.56% Space Free | Partition Type: NTFS
 
Computer Name: ENPOWER-DESKTOP | User Name: David and Tara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/03/22 12:49:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David and Tara\Desktop\OTL\OTL.exe
PRC - [2014/03/18 17:00:18 | 000,118,264 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2014/03/18 14:01:46 | 000,732,144 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\saUI.exe
PRC - [2014/01/29 20:55:08 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2014/01/29 20:21:40 | 000,074,160 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2014/01/22 13:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2014/01/22 13:17:36 | 004,962,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013/12/05 13:48:12 | 000,680,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
PRC - [2013/11/25 23:03:56 | 000,591,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2013/11/25 23:00:24 | 000,892,944 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2013/11/13 23:03:10 | 000,729,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2013/10/15 05:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
PRC - [2013/09/24 02:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/08/21 00:37:48 | 000,386,608 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgscanx.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/23 08:08:44 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2012/09/10 11:56:31 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/02/29 11:40:04 | 000,096,160 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2012/02/29 11:38:00 | 000,239,528 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/19 09:51:52 | 002,629,632 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/03/09 00:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/10/15 11:06:52 | 000,053,064 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\TscHelp.exe
PRC - [2009/10/15 11:06:50 | 000,066,888 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
PRC - [2009/10/15 11:06:46 | 006,287,176 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2008/09/16 14:02:26 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/23 05:00:00 | 000,692,224 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2007/04/11 16:32:22 | 000,056,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
PRC - [2006/12/23 18:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 18:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/12 12:02:14 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
MOD - [2014/02/12 12:02:14 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f254328a10638e87223d401b39197c91\System.Configuration.Install.ni.dll
MOD - [2014/02/12 12:01:53 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014/02/12 11:43:42 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014/02/12 11:43:08 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\159b4a6888004de346d499841ec088a7\System.Core.ni.dll
MOD - [2014/02/12 11:42:16 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/02/12 11:42:05 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 16:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/02/28 15:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2009/10/15 11:06:44 | 004,715,848 | R--- | M] () -- C:\Program Files\TechSmith\Snagit 9\PDFNetC.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2005/05/03 19:38:42 | 000,064,512 | ---- | M] () -- C:\WINDOWS\system32\P17.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/03/18 17:00:18 | 000,118,264 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2014/03/14 15:40:41 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/14 20:22:23 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/01/29 20:55:08 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2014/01/22 13:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/15 05:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
SRV - [2013/09/24 02:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/23 08:08:44 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0)
SRV - [2012/09/10 11:56:31 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/03/16 11:08:47 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/02/29 11:38:00 | 000,239,528 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2008/11/11 10:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/09/16 14:02:26 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\DAVIDA~1\LOCALS~1\Temp\mfe_rr.sys -- (MFE_RR)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\DAVIDA~1\LOCALS~1\Temp\kftdqaog.sys -- (kftdqaog)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/01/29 20:21:40 | 000,529,968 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2014/01/19 22:46:54 | 000,022,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/11/25 22:56:22 | 000,210,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/11/25 22:56:22 | 000,149,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/11/25 22:49:18 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/11/01 00:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/10/31 23:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/10/01 01:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/09/10 01:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/08/01 17:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/24 22:27:48 | 000,128,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2012/03/21 18:44:39 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011/12/13 18:27:30 | 007,069,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011/11/28 02:25:38 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/07 16:13:46 | 000,015,896 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2011/07/07 16:10:08 | 000,113,688 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zghsmdm.sys -- (zghsmdm)
DRV - [2011/06/23 02:01:22 | 000,010,240 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DDCDrv.sys -- (WinI2C-DDC)
DRV - [2011/06/02 15:56:38 | 000,012,288 | ---- | M] (Datacolor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dccmtr.sys -- (Spyder4)
DRV - [2011/04/05 17:35:20 | 000,332,248 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/04/05 17:35:20 | 000,212,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (SbTis)
DRV - [2011/04/05 17:35:20 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2010/04/28 08:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/04/26 19:25:12 | 000,123,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2010/04/26 19:25:12 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus)
DRV - [2010/04/26 19:25:12 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/11/02 20:06:12 | 000,011,520 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV - [2009/11/02 20:06:11 | 000,071,424 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2009/07/01 11:52:02 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009/07/01 11:52:00 | 000,067,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/06/30 17:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/12/04 17:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/06/15 03:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2007/04/11 16:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 16:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 16:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2005/01/10 11:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 11:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/04/29 00:01:00 | 000,369,024 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2003/09/25 23:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {78DBD377-1B3A-413F-9F64-A643CAFEA602}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=&q={searchTerms}
IE - HKCU\..\SearchScopes\{78DBD377-1B3A-413F-9F64-A643CAFEA602}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.3.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\David and Tara\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Documents and Settings\David and Tara\Application Data\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/10 11:12:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2014/03/21 10:32:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/02/14 20:21:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/14 20:21:58 | 000,000,000 | ---D | M]
 
[2012/03/17 10:29:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David and Tara\Application Data\Mozilla\Extensions
[2014/03/20 12:58:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David and Tara\Application Data\Mozilla\Firefox\Profiles\4tafqvml.default-1387478701312\extensions
[2014/03/20 12:58:13 | 000,787,979 | ---- | M] () (No name found) -- C:\Documents and Settings\David and Tara\Application Data\Mozilla\Firefox\Profiles\4tafqvml.default-1387478701312\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2014/02/14 20:21:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/14 20:22:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2003/03/31 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [AVG-Secure-Search-Update_0214c] C:\Documents and Settings\David and Tara\Application Data\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=899be788984147d2846ed14d0de1b203-ec095771bfbe3d7dc6c018678f8e050bdcce41eb /CMPID=0214c File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE (Dale Nurden)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Speccy.lnk = C:\Program Files\Speccy\Speccy.exe (Piriform Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with KUSO EXIF Viewer - C:\Program Files\KUSO EXIF Viewer\EXIF.htm ()
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1346772761750 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340893798343 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab (SysInfo Class)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF85662A-103D-4896-B585-8B7959FA7C3C}: DhcpNameServer = 68.94.156.1 68.94.157.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\David and Tara\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David and Tara\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{33c6d261-6f8f-11e1-a27f-00044b055bf0}\Shell - "" = AutoRun
O33 - MountPoints2\{33c6d261-6f8f-11e1-a27f-00044b055bf0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{33c6d261-6f8f-11e1-a27f-00044b055bf0}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/22 12:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David and Tara\Desktop\OTL
[2014/03/22 10:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/03/14 09:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2014/03/14 09:45:38 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/03/14 09:45:02 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/03/14 09:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David and Tara\Desktop\mbar
[2014/03/14 09:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2014/03/14 09:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David and Tara\Desktop\Malwarebytes Anti Rootkit Beta
[2014/03/10 13:46:10 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\David and Tara\Desktop\dds.com
[2014/03/10 13:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David and Tara\Desktop\McAfee Rootkit
[2014/03/10 13:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Gmer Rootkit
[2014/03/10 12:57:28 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/03/10 12:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David and Tara\Desktop\TDSSKiller
[2014/03/10 12:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David and Tara\Desktop\Gmer Rootkit
[2014/03/10 11:53:16 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2014/03/10 09:10:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2014/03/10 09:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2014/03/10 09:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2014/03/10 09:02:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David and Tara\Desktop\zone alarm
[2014/03/08 05:20:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\David and Tara\Recent
[2014/03/07 14:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David and Tara\Application Data\AVG2014
[2014/03/07 14:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David and Tara\Application Data\TuneUp Software
[2014/03/07 14:53:17 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/03/07 14:53:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2014/03/07 14:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2014/03/07 14:49:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/03/07 14:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David and Tara\Local Settings\Application Data\MFAData
[2014/03/07 14:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/03/07 14:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David and Tara\Local Settings\Application Data\Avg2014
[2014/03/07 14:48:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David and Tara\Desktop\AVG Free
[2014/03/07 07:48:33 | 000,000,000 | ---D | C] -- C:\CCE_Quarantine
[2014/03/06 17:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David and Tara\Desktop\comodo updated
[2014/03/06 16:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David and Tara\Desktop\cce_2.5.242177.201_x32
[2014/02/23 18:17:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David and Tara\Desktop\jack london square
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/22 12:53:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/22 12:48:07 | 000,009,498 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
[2014/03/22 12:40:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/22 09:43:56 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/22 09:43:51 | 000,013,696 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/22 09:43:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/21 12:46:27 | 000,002,487 | ---- | M] () -- C:\Documents and Settings\David and Tara\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft PowerPoint 2010.lnk
[2014/03/21 11:34:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/03/20 14:34:05 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\David and Tara\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2014/03/20 02:00:00 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-ENPOWER-DESKTOP-David and Tara.job
[2014/03/14 09:45:38 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/03/14 09:45:02 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/03/14 09:44:10 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2014/03/10 13:46:10 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\David and Tara\Desktop\dds.com
[2014/03/10 13:11:34 | 193,073,152 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2014/03/10 12:23:05 | 000,525,506 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/10 12:23:05 | 000,096,628 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/10 09:17:47 | 000,417,513 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2014/03/10 09:10:42 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoneAlarm Security.lnk
[2014/03/07 14:14:37 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2014/03/07 13:42:57 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/03/06 16:18:51 | 023,732,069 | ---- | M] () -- C:\Documents and Settings\David and Tara\Desktop\cce_2.5.242177.201_x32.zip
[2014/03/03 19:57:25 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2014/02/27 07:52:36 | 000,056,308 | ---- | M] () -- C:\Documents and Settings\David and Tara\Desktop\camera compare.pdf
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/03/10 09:10:54 | 000,417,513 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2014/03/10 09:10:42 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZoneAlarm Security.lnk
[2014/03/07 14:53:43 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2014/03/06 16:17:19 | 023,732,069 | ---- | C] () -- C:\Documents and Settings\David and Tara\Desktop\cce_2.5.242177.201_x32.zip
[2014/02/27 07:52:35 | 000,056,308 | ---- | C] () -- C:\Documents and Settings\David and Tara\Desktop\camera compare.pdf
[2013/12/16 13:01:56 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\David and Tara\Application Data\Adobe PNG Format CS5 Prefs
[2013/11/05 13:22:53 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\David and Tara\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2013/07/19 08:59:09 | 000,000,132 | ---- | C] () -- C:\WINDOWS\picture-shark.INI
[2013/06/27 13:02:34 | 001,802,736 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2000478354-602162358-839522115-1004-0.dat
[2013/06/27 13:02:34 | 000,286,534 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/06/08 20:18:24 | 000,584,584 | ---- | C] () -- C:\WINDOWS\adb.exe
[2013/01/08 14:10:24 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2013/01/08 14:10:24 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2013/01/08 14:09:53 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\David and Tara\Application Data\$_hpcst$.hpc
[2012/09/05 06:10:15 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Horns
[2012/09/05 06:10:15 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\David and Tara\Application Data\Hip Hop
[2012/09/05 06:10:15 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLeo.DAT
[2012/06/22 16:14:05 | 000,000,235 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2012/06/22 16:14:05 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2012/06/22 16:13:48 | 000,003,303 | ---- | C] () -- C:\WINDOWS\BRPARAM.INI
[2012/06/22 16:08:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2012/06/22 16:08:47 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2012/06/22 16:08:34 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2012/06/22 16:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2012/04/02 16:16:41 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/01 10:27:16 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2012/03/27 08:12:24 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\David and Tara\Local Settings\Application Data\fusioncache.dat
[2012/03/25 15:19:20 | 000,000,240 | ---- | C] () -- C:\WINDOWS\NkMEdit.INI
[2012/03/25 13:46:37 | 000,056,320 | ---- | C] () -- C:\Documents and Settings\David and Tara\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/23 11:11:59 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\David and Tara\Local Settings\Application Data\FASTWiz.html
[2012/03/16 12:14:07 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\David and Tara\default.pls
[2012/03/16 11:47:54 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Graphics
[2012/03/16 11:47:54 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\David and Tara\Application Data\Gems
[2012/03/16 11:47:54 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2012/03/16 11:47:24 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Guides
[2012/03/16 11:47:24 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\David and Tara\Application Data\Generic
[2012/03/16 11:47:24 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2012/03/16 11:47:23 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Grapher
[2012/03/16 11:47:23 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\David and Tara\Application Data\Galaxy Swirl
[2012/03/16 11:47:23 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
 
========== ZeroAccess Check ==========
 
[2012/03/09 19:40:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2011/12/19 01:53:33 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/06/21 14:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/03/07 14:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2013/01/17 14:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2014/03/10 09:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2014/03/07 14:49:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/06/22 16:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ControlCenter4
[2013/06/26 08:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DxO Labs
[2012/09/05 06:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2012/10/11 20:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2012/03/15 13:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2013/01/08 11:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2012/03/16 10:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2014/03/22 09:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/03/16 11:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MIDI Patch Names
[2012/03/16 11:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Multipressor
[2013/01/17 15:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2012/06/22 17:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2012/03/16 11:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Organs
[2013/01/08 11:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2013/08/14 20:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2013/01/08 14:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/06/22 17:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2013/03/21 12:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sync Schema
[2012/03/14 11:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2012/09/05 06:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2014/02/19 10:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\X-Rite
[2012/12/22 16:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xilisoft
[2012/06/22 17:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2012/03/15 13:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/04/04 06:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\adawaretb
[2012/03/19 09:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\Audacity
[2014/03/07 14:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\AVG2014
[2012/04/04 06:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\Blekko
[2012/10/11 13:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/06/22 16:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\ControlCenter4
[2013/02/05 12:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\Electronic Arts
[2013/01/15 11:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1
[2013/06/22 14:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\HDRsoft
[2012/03/15 13:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\HotSync
[2012/04/21 15:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\Image Zone Express
[2013/01/08 14:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\ML
[2012/03/19 09:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\MPEG Streamclip
[2012/03/16 11:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\Nikon
[2012/11/15 13:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\No Company Name
[2012/06/24 09:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\Nuance
[2013/01/08 11:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\PC Suite
[2013/08/08 20:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\PDAppFlex
[2012/10/18 08:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\Picturenaut
[2013/03/20 10:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\PrimoPDF
[2013/01/08 14:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\Samsung
[2014/03/07 14:53:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\TuneUp Software
[2012/05/01 09:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\Unity
[2012/03/09 19:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\Windows Desktop Search
[2012/03/10 07:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\Windows Search
[2013/08/14 07:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\X-Rite
[2012/12/22 16:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\Xilisoft
[2012/06/24 09:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David and Tara\Application Data\Zeon
 
========== Purity Check ==========
 
 

< End of report >



#10 Abacus89

Abacus89
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 22 March 2014 - 03:25 PM

OTL's Extras.txt

 

OTL Extras logfile created on: 3/22/2014 12:50:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\David and Tara\Desktop\OTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.75 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 60.82% Memory free
4.59 Gb Paging File | 3.66 Gb Available in Paging File | 79.82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 508.19 Gb Free Space | 54.56% Space Free | Partition Type: NTFS
 
Computer Name: ENPOWER-DESKTOP | User Name: David and Tara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Free Edition -- (SUPERAntiSpyware)
"C:\Program Files\SUPERAntiSpyware\SSUpdate.exe" = C:\Program Files\SUPERAntiSpyware\SSUpdate.exe:*:Enabled:SSUpdate.exe -- (SUPERAntiSpyware.com)
"C:\Program Files\Brother\BRAdmin Light\BRAdmLight.exe" = C:\Program Files\Brother\BRAdmin Light\BRAdmLight.exe:*:Enabled:BRAdmin Light -- (Brother Industries, Ltd.)
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\AVG\AVG2014\avgmfapx.exe" = C:\Program Files\AVG\AVG2014\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgnsx.exe" = C:\Program Files\AVG\AVG2014\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgdiagex.exe" = C:\Program Files\AVG\AVG2014\avgdiagex.exe:*:Enabled:AVG Diagnostics 2014 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgemcx.exe" = C:\Program Files\AVG\AVG2014\avgemcx.exe:*:Enabled:Personal Email Scanner -- (AVG Technologies CZ, s.r.o.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D42BF0-ED08-463f-8A28-99EB6FEE962B}" = ZTE Handset USB Driver
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0ED38503-B69A-44B4-98BE-21BFF284A9B6}" = Brother Driver Deployment Wizard
"{100C8F3B-82D6-4B14-BB7A-5E8C3FF810C8}_is1" = Driver Fusion
"{1152429F-E6F3-472B-8556-DD6DB666A31B}" = ZoneAlarm Security
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{193DB24F-9A66-4896-8404-22D53EA89075}" = 1400_Help
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1D181764-DCD0-41B8-AA7B-0A599F027A72}" = Adobe Photoshop Elements 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{266959FA-0AEE-41D0-A88E-F1EAC10A7C14}" = 1400
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}" = Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64794546-113F-8829-9F18-5CF4E838D0FF}" = The Photographer's Ephemeris
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6BE22EEE-C8CD-4B16-B17E-E036C00B473B}" = ZoneAlarm Firewall
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{88C2CD27-D2B4-4CFC-9A62-C77F37783C87}" = Picturenaut 3.2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8BCD7AE7-F713-4D50-BAB9-7839B9386870}" = ImageShack Uploader 2.2.0
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98CE8819-87AA-4814-8167-ADDDD513485F}" = PSE11 STI Installer
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C8BBE8E-1CF8-45FB-89F9-C66D882E3CF1}" = DOFMaster Hyperfocal Chart
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}" = Brother MFL-Pro Suite MFC-J835DW
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A7378875-1EF9-46BB-9316-BFB615CB45DA}" = AVG 2014
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe  1.4.136.1
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B08B4896-886C-4644-8664-BBA4CE99D318}" = Distortion Control Data
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B26B07BA-A768-4420-844E-771E05F0D965}" = AVG 2014
"{B28B351F-1232-46EA-85EF-B8EA91641033}" = Nero 7 Essentials
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B64BC516-2406-43AE-A21A-1E387A2343B1}" = ContentManager
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C510CA36-98D6-4F07-8AFF-81E7399A075B}" = 1400Trb
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE378F36-E404-4244-A33F-F50A2A6D31BD}" = Microsoft Color Control Panel Applet for Windows XP
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2D77DC2-8299-11D1-8949-444553540000}_is1" = ZTE Handset USB Driver
"{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}" = Elements 11 Organizer
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DAEEE97F-6A57-46C9-BE1D-371249F8CAB4}" = XRD i1d3
"{DB75941E-30C4-4D97-B000-D17C764B998C}" = Brother BRAdmin Light 1.21.0001
"{DDCC3BA4-18B9-42E9-8093-8E87442B28ED}" = DxO ViewPoint
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FD0955C7-C64C-45DC-A991-FDC4E50C4E09}" = Multimedia Card Reader
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Photoshop Elements 11" = Adobe Photoshop Elements 11
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Alarm_is1" = Alarm
"Audacity_is1" = Audacity 1.2.6
"AVG" = AVG 2014
"Canon RAW Codec" = Canon RAW Codec
"CCleaner" = CCleaner
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Defraggler" = Defraggler
"Device Control" = Device Control
"Digital Level Meter_is1" = Digital Level Meter Version 1.5
"DivX Setup" = DivX Setup
"Easy Chef's Million Recipes" = Easy Chef's Million Recipes
"EAXSet" = Creative EAX Settings
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FastStone Photo Resizer" = FastStone Photo Resizer 3.1
"Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1" = The Photographer's Ephemeris
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"ie8" = Windows Internet Explorer 8
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{FD0955C7-C64C-45DC-A991-FDC4E50C4E09}" = Multimedia Card Reader
"KUSO EXIF Viewer" = KUSO EXIF Viewer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"PhotomatixEssentials3x32_is1" = Photomatix Essentials 32-bit version 3.2.3
"PIXresizer_is1" = PIXresizer
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"RescuePRO-3.0" = RescuePRO 3.2
"SoftwareUpdUtility" = Download Updater (AOL Inc.)
"SPEAKER" = Creative Speaker Settings
"Speccy" = Speccy
"TClockEx_is1" = TClockEx
"Vienna SoundFont Studio" = Creative Vienna SoundFont Studio
"WaveStudio 7" = Creative WaveStudio 7
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft MP4 to DVD Converter" = Xilisoft MP4 to DVD Converter
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.8.0.0
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/7/2014 5:11:10 PM | Computer Name = ENPOWER-DESKTOP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\DAVID AND TARA\DESKTOP\COMODO
 UPDATED\CCE_2.5.242177.201_X32\CCE\KILLSWITCH.EXE> in the hash map cannot be updated.

Context:
  Application, SystemIndex Catalog  Details:  A device attached to the system is not
 functioning.   (0x8007001f)
 
Error - 3/7/2014 5:11:10 PM | Computer Name = ENPOWER-DESKTOP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\DAVID AND TARA\DESKTOP\COMODO
 UPDATED\CCE_2.5.242177.201_X32\CCE\KILLSWITCH.EXE> in the hash map cannot be updated.

Context:
  Application, SystemIndex Catalog  Details:  A device attached to the system is not
 functioning.   (0x8007001f)
 
Error - 3/7/2014 5:11:10 PM | Computer Name = ENPOWER-DESKTOP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\DAVID AND TARA\DESKTOP\COMODO
 UPDATED\CCE_2.5.242177.201_X32\CCE\PLATFORM.DLL> in the hash map cannot be updated.

Context:
  Application, SystemIndex Catalog  Details:  A device attached to the system is not
 functioning.   (0x8007001f)
 
Error - 3/7/2014 5:12:42 PM | Computer Name = ENPOWER-DESKTOP | Source = MPSampleSubmission | ID = 5000
Description =
 
Error - 3/7/2014 8:14:59 PM | Computer Name = ENPOWER-DESKTOP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\START MENU\PROGRAMS>
 in the hash map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:
 A
 device attached to the system is not functioning.   (0x8007001f)
 
Error - 3/7/2014 8:14:59 PM | Computer Name = ENPOWER-DESKTOP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\START MENU\PROGRAMS>
 in the hash map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:
 A
 device attached to the system is not functioning.   (0x8007001f)
 
Error - 3/10/2014 12:55:57 PM | Computer Name = ENPOWER-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 27.0.1.5156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/10/2014 12:56:10 PM | Computer Name = ENPOWER-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 27.0.1.5156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/10/2014 12:56:13 PM | Computer Name = ENPOWER-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 27.0.1.5156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/14/2014 6:53:42 PM | Computer Name = ENPOWER-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 27.0.1.5156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
 
[ Application Events ]
Error - 3/7/2014 5:11:10 PM | Computer Name = ENPOWER-DESKTOP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\DAVID AND TARA\DESKTOP\COMODO
 UPDATED\CCE_2.5.242177.201_X32\CCE\KILLSWITCH.EXE> in the hash map cannot be updated.

Context:
  Application, SystemIndex Catalog  Details:  A device attached to the system is not
 functioning.   (0x8007001f)
 
Error - 3/7/2014 5:11:10 PM | Computer Name = ENPOWER-DESKTOP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\DAVID AND TARA\DESKTOP\COMODO
 UPDATED\CCE_2.5.242177.201_X32\CCE\KILLSWITCH.EXE> in the hash map cannot be updated.

Context:
  Application, SystemIndex Catalog  Details:  A device attached to the system is not
 functioning.   (0x8007001f)
 
Error - 3/7/2014 5:11:10 PM | Computer Name = ENPOWER-DESKTOP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\DAVID AND TARA\DESKTOP\COMODO
 UPDATED\CCE_2.5.242177.201_X32\CCE\PLATFORM.DLL> in the hash map cannot be updated.

Context:
  Application, SystemIndex Catalog  Details:  A device attached to the system is not
 functioning.   (0x8007001f)
 
Error - 3/7/2014 5:12:42 PM | Computer Name = ENPOWER-DESKTOP | Source = MPSampleSubmission | ID = 5000
Description =
 
Error - 3/7/2014 8:14:59 PM | Computer Name = ENPOWER-DESKTOP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\START MENU\PROGRAMS>
 in the hash map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:
 A
 device attached to the system is not functioning.   (0x8007001f)
 
Error - 3/7/2014 8:14:59 PM | Computer Name = ENPOWER-DESKTOP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\START MENU\PROGRAMS>
 in the hash map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:
 A
 device attached to the system is not functioning.   (0x8007001f)
 
Error - 3/10/2014 12:55:57 PM | Computer Name = ENPOWER-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 27.0.1.5156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/10/2014 12:56:10 PM | Computer Name = ENPOWER-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 27.0.1.5156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/10/2014 12:56:13 PM | Computer Name = ENPOWER-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 27.0.1.5156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/14/2014 6:53:42 PM | Computer Name = ENPOWER-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 27.0.1.5156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
 
[ Application Events ]
Error - 3/7/2014 5:11:10 PM | Computer Name = ENPOWER-DESKTOP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\DAVID AND TARA\DESKTOP\COMODO
 UPDATED\CCE_2.5.242177.201_X32\CCE\KILLSWITCH.EXE> in the hash map cannot be updated.

Context:
  Application, SystemIndex Catalog  Details:  A device attached to the system is not
 functioning.   (0x8007001f)
 
Error - 3/7/2014 5:11:10 PM | Computer Name = ENPOWER-DESKTOP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\DAVID AND TARA\DESKTOP\COMODO
 UPDATED\CCE_2.5.242177.201_X32\CCE\KILLSWITCH.EXE> in the hash map cannot be updated.

Context:
  Application, SystemIndex Catalog  Details:  A device attached to the system is not
 functioning.   (0x8007001f)
 
Error - 3/7/2014 5:11:10 PM | Computer Name = ENPOWER-DESKTOP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\DAVID AND TARA\DESKTOP\COMODO
 UPDATED\CCE_2.5.242177.201_X32\CCE\PLATFORM.DLL> in the hash map cannot be updated.

Context:
  Application, SystemIndex Catalog  Details:  A device attached to the system is not
 functioning.   (0x8007001f)
 
Error - 3/7/2014 5:12:42 PM | Computer Name = ENPOWER-DESKTOP | Source = MPSampleSubmission | ID = 5000
Description =
 
Error - 3/7/2014 8:14:59 PM | Computer Name = ENPOWER-DESKTOP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\START MENU\PROGRAMS>
 in the hash map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:
 A
 device attached to the system is not functioning.   (0x8007001f)
 
Error - 3/7/2014 8:14:59 PM | Computer Name = ENPOWER-DESKTOP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\START MENU\PROGRAMS>
 in the hash map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:
 A
 device attached to the system is not functioning.   (0x8007001f)
 
Error - 3/10/2014 12:55:57 PM | Computer Name = ENPOWER-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 27.0.1.5156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/10/2014 12:56:10 PM | Computer Name = ENPOWER-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 27.0.1.5156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/10/2014 12:56:13 PM | Computer Name = ENPOWER-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 27.0.1.5156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/14/2014 6:53:42 PM | Computer Name = ENPOWER-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 27.0.1.5156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
 
[ System Events ]
Error - 3/15/2014 10:53:32 AM | Computer Name = ENPOWER-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ForceWare Intelligent Application Manager (IAM) service failed
 to start due to the following error:   %%2
 
Error - 3/15/2014 10:53:32 AM | Computer Name = ENPOWER-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ForceWare IP service service failed to start due to the following
 error:   %%2
 
Error - 3/15/2014 1:44:15 PM | Computer Name = ENPOWER-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ForceWare Intelligent Application Manager (IAM) service failed
 to start due to the following error:   %%2
 
Error - 3/15/2014 1:44:15 PM | Computer Name = ENPOWER-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ForceWare IP service service failed to start due to the following
 error:   %%2
 
Error - 3/17/2014 4:04:27 PM | Computer Name = ENPOWER-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ForceWare Intelligent Application Manager (IAM) service failed
 to start due to the following error:   %%2
 
Error - 3/17/2014 4:04:27 PM | Computer Name = ENPOWER-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ForceWare IP service service failed to start due to the following
 error:   %%2
 
Error - 3/21/2014 1:33:35 PM | Computer Name = ENPOWER-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ForceWare Intelligent Application Manager (IAM) service failed
 to start due to the following error:   %%2
 
Error - 3/21/2014 1:33:35 PM | Computer Name = ENPOWER-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ForceWare IP service service failed to start due to the following
 error:   %%2
 
Error - 3/22/2014 12:44:22 PM | Computer Name = ENPOWER-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ForceWare Intelligent Application Manager (IAM) service failed
 to start due to the following error:   %%2
 
Error - 3/22/2014 12:44:22 PM | Computer Name = ENPOWER-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ForceWare IP service service failed to start due to the following
 error:   %%2
 
[ System Events ]
Error - 3/15/2014 10:53:32 AM | Computer Name = ENPOWER-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ForceWare Intelligent Application Manager (IAM) service failed
 to start due to the following error:   %%2
 
Error - 3/15/2014 10:53:32 AM | Computer Name = ENPOWER-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ForceWare IP service service failed to start due to the following
 error:   %%2
 
Error - 3/15/2014 1:44:15 PM | Computer Name = ENPOWER-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ForceWare Intelligent Application Manager (IAM) service failed
 to start due to the following error:   %%2
 
Error - 3/15/2014 1:44:15 PM | Computer Name = ENPOWER-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ForceWare IP service service failed to start due to the following
 error:   %%2
 
Error - 3/17/2014 4:04:27 PM | Computer Name = ENPOWER-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ForceWare Intelligent Application Manager (IAM) service failed
 to start due to the following error:   %%2
 
Error - 3/17/2014 4:04:27 PM | Computer Name = ENPOWER-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ForceWare IP service service failed to start due to the following
 error:   %%2
 
Error - 3/21/2014 1:33:35 PM | Computer Name = ENPOWER-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ForceWare Intelligent Application Manager (IAM) service failed
 to start due to the following error:   %%2
 
Error - 3/21/2014 1:33:35 PM | Computer Name = ENPOWER-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ForceWare IP service service failed to start due to the following
 error:   %%2
 
Error - 3/22/2014 12:44:22 PM | Computer Name = ENPOWER-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ForceWare Intelligent Application Manager (IAM) service failed
 to start due to the following error:   %%2
 
Error - 3/22/2014 12:44:22 PM | Computer Name = ENPOWER-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ForceWare IP service service failed to start due to the following
 error:   %%2
 
 
< End of report >



#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:09 PM

Posted 23 March 2014 - 02:36 PM

Good evening. :)

Most of the ESET detections are due to the Google Toolbar that you can install, if you choose, when you run the installers. Not a risk or even interesting. The last two contain adware which I assume was bundled by a company called Treexy where the files came from. They aren't a major nasty but i'd be inclined to get my software from elsewhere, if possible, to avoid that crud.

 

 

 

Run OTL.exe.
 

  • Copy and paste the following bold text into the Custom Scans/Fixes box at the bottom:

    :OTL

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\Run: [NPSStartup]  File not found
    O4 - HKCU..\Run: [AVG-Secure-Search-Update_0214c] C:\Documents and Settings\David and Tara\Application Data\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=899be788984147d2846ed14d0de1b203-ec095771bfbe3d7dc6c018678f8e050bdcce41eb /CMPID=0214c File not found

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Click the Run Fix button at the top.
  • Let the program run until it has completed and then reboot the PC when it is done.

Please let me have a copy of the log that appears once OTL has completed it's run.

Note: Copies of the logs can be found in the  C:\_OTL\MovedFiles folder - open the newest .log file present, and copy/paste the contents of that document back here in your next post. The name of the log will in the following format: xxxxxxxx_xxxxxx. x representing the month, date, year and time the log was created. Eg: 03062009_170403
 

 


So long, and thanks for all the fish.

 

 


#12 Abacus89

Abacus89
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 23 March 2014 - 07:15 PM

I ran the script that you asked.  Was part of the script an action to remove the Treexy adware?

 

OTL log requested below:

 

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_0214c deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\David and Tara\Desktop\OTL\cmd.bat deleted successfully.
C:\Documents and Settings\David and Tara\Desktop\OTL\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 1376256 bytes
->Temporary Internet Files folder emptied: 17063368 bytes
->Flash cache emptied: 919 bytes
 
User: All Users
 
User: David and Tara
->Temp folder emptied: 118325700 bytes
->Temporary Internet Files folder emptied: 3029234 bytes
->FireFox cache emptied: 4456345 bytes
->Flash cache emptied: 8269532 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 4267738 bytes
->Temporary Internet Files folder emptied: 111572370 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 110080 bytes
%systemroot%\System32 .tmp files removed: 655377 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11497319 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 276944116 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 532.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: David and Tara
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
Total Flash Files Cleaned = 0.00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 03232014_170151

Files\Folders moved on Reboot...
C:\Documents and Settings\David and Tara\Local Settings\Temp\~DF55A6.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT0665b.TMP not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 



#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:07:09 PM

Posted 24 March 2014 - 02:41 PM

Good evening. :)

 

Was part of the script an action to remove the Treexy adware?

The detections in question are:

 

C:\Downloaded Programs\Hardware\Video Card - Nvidia EVGI 8500GT 512MB PCIE\Driver Fusion 1.60\driver_fusion_1.6.0.exe Win32/OpenCandy potentially unsafe application
C:\Downloaded Programs\Hardware\Video Card - PNY Nvidia GeForce GT 630\Driver Fusion 1.60\driver_fusion_1.6.0.exe Win32/OpenCandy potentially unsafe application

 

I don't know exactly what these files are for so I didn't have them removed - the detections aren't really a worry anyway. If you can get them from elsewhere then I would, on principal, but if they are what they are then i'd accept them on my machine if they performed a useful task. I'll leave the decision to you and you can just delete them if you don't want them.

 

Apart from that, are you happy with the way your machine is behaving now?


So long, and thanks for all the fish.

 

 


#14 Abacus89

Abacus89
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 24 March 2014 - 03:19 PM

I am somewhat comfortable with the way my machine is behaving.  I state somewhat, because GMER Rootkit continues to launch me into a blue screen with the same message regarding the BAD_POOL_HEADER.  If you continue to believe that this is the result of a driver issue and if you are comfortable with the various log files attached above, well then I too am comfortable with the state of my machine.



#15 Abacus89

Abacus89
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 24 March 2014 - 04:21 PM

Regarding the the two driver_fusion_1.6.0. exe files. 

 

I installed Treexy's Driver Fusion on 7/13/2013 while updating my Nvidia video driver.  I used the Treexy software during the installation because a forum spelled out a process which included it.  After the driver update, I have not used the  Driver Fusion application since. 

 

As such, I am quite ok with them being removed.  Do I just delete them?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users