Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stolen's PUPs and a Trojan ~ Can someone plz check these 2 logs for me? TY


  • This topic is locked This topic is locked
10 replies to this topic

#1 Stolen

Stolen

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:23 PM

Posted 15 June 2014 - 12:51 PM

Yesterday I was attempting to use a video converting program I had used before and installed on my computer. It asked me to update the program, which I did. I then used another program already installed in order to try and download the video from youtube so i could convert and then edit the video. I stepped away from the computer while waiting for the youtube to download.  

 

When I returned, there were almost 100 programs which had opened on my computer and many many strange windows and processes. These were things I did not recognize and had not opened. 

 

I immediately updated MBAM and ran a scan.  After that scan, I updated SuperAntiSpyware and ran a scan.  MBAM identified numerous things that it quarantined or fixed...called PUP. SAS found a Trojan and removed. 

 

Can someone please take a look at the 2 logs below and let me know if I should do anything further? 

 

thank you very much. 

 

~stolen

 

///

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.06.14.06
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
K35496 :: USL2LX2RM1 [administrator]
 
6/14/2014 3:18:44 PM
mbam-log-2014-06-14 (15-18-44).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 403255
Time elapsed: 23 minute(s), 52 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 3
C:\Documents and Settings\k35496\Application Data\OpenCandy (PUP.Optional.OpenCandy) -> No action taken.
C:\Documents and Settings\k35496\Application Data\OpenCandy\46F1B0386E154A89958ED5E353203757 (PUP.Optional.OpenCandy) -> No action taken.
C:\Program Files\appbario16 (PUP.Optional.AppBario.A) -> No action taken.
 
Files Detected: 12
C:\Documents and Settings\k35496\Application Data\OpenCandy\46F1B0386E154A89958ED5E353203757\dlm.exe (PUP.Optional.OpenCandy.A) -> No action taken.
C:\Documents and Settings\k35496\Local Settings\Temp\sam__2268_il515232.exe (PUP.Optional.Amonetize) -> No action taken.
C:\Documents and Settings\k35496\Local Settings\Temp\is-BPU63.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> No action taken.
C:\Documents and Settings\k35496\Local Settings\Temporary Internet Files\Content.IE5\GVZXOWDV\sam__2268_il515232[1].exe (PUP.Optional.Amonetize) -> No action taken.
C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage (PUP.Optional.Superfish.A) -> No action taken.
C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal (PUP.Optional.Superfish.A) -> No action taken.
C:\Documents and Settings\k35496\Application Data\OpenCandy\46F1B0386E154A89958ED5E353203757\AVG Safeguard.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Documents and Settings\k35496\Application Data\OpenCandy\46F1B0386E154A89958ED5E353203757\AVG_Toolbar_CB_ALL_p3v5.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Program Files\appbario16\GottenAppsContextMenu.xml (PUP.Optional.AppBario.A) -> No action taken.
C:\Program Files\appbario16\OtherAppsContextMenu.xml (PUP.Optional.AppBario.A) -> No action taken.
C:\Program Files\appbario16\SharedAppsContextMenu.xml (PUP.Optional.AppBario.A) -> No action taken.
C:\Program Files\appbario16\ToolbarContextMenu.xml (PUP.Optional.AppBario.A) -> No action taken.
 
(end)
 

///

 

SUPERAntiSpyware Scan Log
 
Generated 06/14/2014 at 06:04 PM
 
Application Version : 5.7.1026
 
Core Rules Database Version : 11307
Trace Rules Database Version: 9119
 
Scan type       : Complete Scan
Total Scan Time : 01:57:05
 
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
 
Memory items scanned      : 707
Memory threats detected   : 0
Registry items scanned    : 38448
Registry threats detected : 0
File items scanned        : 116891
File threats detected     : 1
 
Trojan.Agent/Gen-Dropper
C:\DOCUMENTS AND SETTINGS\K35496\DESKTOP\PROGRAMS I USE\YOUR UNINSTALLER PRO 2008 6.1.1229 PORTABLE.EXE


BC AdBot (Login to Remove)

 


m

#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,605 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:23 PM

Posted 15 June 2014 - 01:21 PM

Hi there stolen. :)

Always take care when downloading and using bundled installers, they use the most sneaky techniques to get additional stuff on your system. To see whats left over, lets first run a scan.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Stolen

Stolen
  • Topic Starter

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:23 PM

Posted 15 June 2014 - 01:47 PM

:hello:

 

Yes i was bad... it was big no no to even try to update that program  :nono: not gonna lie, it was a scary place. There was some strange person who even opened a chat window with me on Skype and said, "Thank you for accepting my invitation, do you want to chat?" Umm...no. lol

 

OK here are FRST logs THANK YOU Elise

 

///

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-06-2014
Ran by K35496 (administrator) on USL2LX2RM1 on 15-06-2014 13:39:01
Running from C:\Documents and Settings\k35496\My Documents\Downloads
Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Check Point Software Tech Ltd) C:\WINDOWS\system32\Prot_srv.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\WINDOWS\system32\dldocoms.exe
( ) C:\WINDOWS\system32\dleecoms.exe
(Sanford, L.P.) C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe
(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(O2Micro International) C:\WINDOWS\system32\drivers\o2flash.exe
(Check Point Software Tech Ltd) C:\WINDOWS\system32\pstartSr.exe
(LogMeIn, Inc.) C:\Program Files\RemotelyAnywhere\x86\ramaint.exe
(LogMeIn, Inc.) C:\Program Files\RemotelyAnywhere\x86\RemotelyAnywhere.exe
(Sophos Limited) C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Remote Management System\RouterNT.exe
(Windows ® Codename Longhorn DDK provider) C:\Program Files\UPHClean\uphclean.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwtracepktwpp.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Andrea Electronics Corporation) C:\WINDOWS\system32\AESTFltr.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Captaris, Inc.) C:\Program Files\RightFax\Client\FAXCTRL.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Check Point Software Technologies LTD) C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe
(Check Point Software Tech Ltd) C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\CarbonitePreinstaller.exe
(Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
() C:\Program Files\AVG SafeGuard toolbar\vprot.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Sanford, L.P.) C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe
(Cisco WebEx LLC) C:\Program Files\WebEx\Productivity Tools\PTIM.exe
(Cisco WebEx LLC) C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe
(AT&T Inc.) C:\Documents and Settings\k35496\Local Settings\Application Data\ATT Connect\Participant\pull.exe
(Cisco WebEx LLC) C:\Program Files\WebEx\Productivity Tools\ptSrv.exe
() C:\Program Files\InstantEyedropper\InstantEyedropper.exe
(BitTorrent Inc.) C:\Documents and Settings\k35496\Application Data\uTorrent\uTorrent.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
(Dropbox, Inc.) C:\Documents and Settings\k35496\Application Data\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(mIRC Co. Ltd.) C:\Program Files\mIRC\mirc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\ALUpdate.exe
(Farbar) C:\Documents and Settings\k35496\My Documents\Downloads\FRST (1).exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AESTFltr] => C:\WINDOWS\system32\AESTFltr.exe [737280 2011-02-14] (Andrea Electronics Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM\...\Run: [DellBtrEvent] => D:\Program Files\Dell\Reader 2.0\DellBtrEvent.exe
HKLM\...\Run: [Dell 968 AIO Printer Fax Server] => C:\Program Files\Dell 968 AIO Printer\fm3032.exe [311976 2009-04-27] ()
HKLM\...\Run: [RightFAX Print-to-Fax Driver] => C:\Program Files\RightFax\Client\FaxCtrl.exe [94208 2004-10-22] (Captaris, Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19576424 2010-09-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [505720 2011-12-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMcTray.dll [111208 2011-06-05] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [13887592 2011-06-05] (NVIDIA Corporation)
HKLM\...\Run: [NVHotkey] => C:\WINDOWS\system32\nvHotkey.dll [288872 2011-06-05] (NVIDIA Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2011-02-14] (IDT, Inc.)
HKLM\...\Run: [RemotelyAnywhere GUI] => C:\Program Files\RemotelyAnywhere\x86\RAGui.exe [63064 2007-04-05] (LogMeIn, Inc.)
HKLM\...\Run: [Check Point Endpoint Tray Application] => C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe [70144 2010-06-02] (Check Point Software Technologies LTD)
HKLM\...\Run: [Pointsec Tray] => C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe [860496 2011-06-14] (Check Point Software Tech Ltd)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [AT&T Communication Manager] => C:\Program Files\AT&T\Communication Manager\ATTCM.exe [883272 2009-12-04] (ATT)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [DLSService] => "C:\Program Files\DYMO\DYMO Label Software\DLSService.exe"
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2010-09-09] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM\...\Run: [CarboniteSetupLite] => C:\Program Files\Carbonite\CarbonitePreinstaller.exe [318096 2009-08-04] (Carbonite, Inc.)
HKLM\...\Run: [MaxMenuMgr] => C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-26] (Seagate LLC)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-06-19] (Cisco Systems, Inc.)
HKLM\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files\Sophos\AutoUpdate\almon.exe [1617704 2014-05-21] (Sophos Limited)
HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2557976 2014-06-14] ()
Winlogon\Notify\RAinit: C:\WINDOWS\system32\RAinit.dll (LogMeIn, Inc.)
HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 0
HKLM\...\Policies\Explorer: [NoToolbarCustomize] 0
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21739304 2008-07-23] (Skype Technologies S.A.)
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Run: [DymoQuickPrint] => C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe [1866544 2013-03-05] (Sanford, L.P.)
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Run: [PTIM.exe] => C:\Program Files\WebEx\Productivity Tools\PTIM.exe [408592 2013-04-24] (Cisco WebEx LLC)
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Run: [PTOneClick] => C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe [370704 2013-04-24] (Cisco WebEx LLC)
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Run: [Push Client] => C:\Documents and Settings\k35496\Local Settings\Application Data\ATT Connect\Participant\pull.exe [966944 2011-04-27] (AT&T Inc.)
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5626136 2014-06-05] (SUPERAntiSpyware)
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Run: [instanteyedropper] => C:\Program Files\InstantEyedropper\InstantEyedropper.exe [352256 2007-10-17] ()
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Run: [uTorrent] => C:\Documents and Settings\k35496\Application Data\uTorrent\uTorrent.exe [1267536 2014-06-12] (BitTorrent Inc.)
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Policies\Explorer: [Btn_Home] 0
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Policies\Explorer: [Btn_Fullscreen] 0
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Policies\Explorer: [Btn_Tools] 0
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Policies\Explorer: [Btn_Print] 0
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Policies\Explorer: [Btn_Edit] 0
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Policies\Explorer: [Btn_Cut] 0
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Policies\Explorer: [Btn_Copy] 0
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Policies\Explorer: [Btn_Paste] 0
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Policies\Explorer: [Btn_Encoding] 0
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\MountPoints2: {8f8c40b6-d78c-11e2-a45c-70f1a18a104d} - E:\WIN\setup.exe
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\MountPoints2: {f0a3306b-cc97-11e3-a497-70f1a18a104d} - E:\TL_Bootstrap.exe
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\MountPoints2: {ff09d982-ec22-11e3-a4a0-70f1a18a104d} - E:\win\setup.exe -phs
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk
ShortcutTarget: Dell ControlPoint System Manager.lnk -> C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Documents and Settings\k35496\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\k35496\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\k35496\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
Startup: C:\Documents and Settings\k35496\Start Menu\Programs\Startup\Seagate 2GEXX6TG Product Registration.lnk
ShortcutTarget: Seagate 2GEXX6TG Product Registration.lnk -> C:\Documents and Settings\k35496\Application Data\Leadertech\PowerRegister\Seagate 2GEXX6TG Product Registration.exe (Leader Technologies/Seagate)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kcicentral.kci.com/tools/Pages/default.aspx
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://kcicentral.kci.com/Pages/default.aspx
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {793316FC-43AF-429D-9385-116DC9470D7B} URL = http://www.google.com
SearchScopes: HKCU - {793316FC-43AF-429D-9385-116DC9470D7B} URL = 
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={9CE41CA1-C128-45E2-9D7F-14D83E36C6D5}&mid=c1d081b8db3c47d387e7a1b8e76ef9be-f7ad66ae266a9328b385d3d0421c02eab5ef78cb&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-06-14 13:34:09&v=18.1.0.443&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9F4716C1-DE93-45EB-8E24-158C82203123} URL = http://www.google.com
BHO: No Name - {11111111-1111-1111-1111-110311321154} -  No File
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.0.443\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.0.443\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} http://aquire-codebase.vipasuite.com/codebase101/OrgPubX.cab
DPF: {CAFECAFE-0013-0001-0029-ABCDEFABCDEF} 
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 02 C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 03 C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 04 C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 05 bmnet.dll File Not found ()
Winsock: Catalog9 06 bmnet.dll File Not found ()
Winsock: Catalog9 07 bmnet.dll File Not found ()
Winsock: Catalog9 13 C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll No File
FF Plugin: @dymo.com/DymoLabelFramework - C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
 
Chrome: 
=======
CHR HomePage: hxxp://mysearch.avg.com?cid={9CE41CA1-C128-45E2-9D7F-14D83E36C6D5}&mid=c1d081b8db3c47d387e7a1b8e76ef9be-f7ad66ae266a9328b385d3d0421c02eab5ef78cb&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-06-14 13:34:09&v=18.1.0.443&pid=safeguard&sg=&sap=hp
CHR StartupUrls: "hxxp://mysearch.avg.com?cid={9CE41CA1-C128-45E2-9D7F-14D83E36C6D5}&mid=c1d081b8db3c47d387e7a1b8e76ef9be-f7ad66ae266a9328b385d3d0421c02eab5ef78cb&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-06-14 13:34:09&v=18.1.0.443&pid=safeguard&sg=&sap=hp"
CHR DefaultSearchKeyword: mysearch.avg.com
CHR DefaultSearchURL: http://mysearch.avg.com/search?cid={9CE41CA1-C128-45E2-9D7F-14D83E36C6D5}&mid=c1d081b8db3c47d387e7a1b8e76ef9be-f7ad66ae266a9328b385d3d0421c02eab5ef78cb&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-06-14 13:34:09&v=18.1.0.443&pid=safeguard&sg=&sap=dsp&q={searchTerms}
CHR Extension: (Google Docs) - C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-14]
CHR Extension: (Google Wallet) - C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
 
========================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
S3 ATTRcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [121416 2009-12-04] (SmithMicro Inc.)
S2 buttonsvc32; c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [278304 2009-11-20] (Dell Inc.)
S2 CcmExec; C:\WINDOWS\system32\CCM\CcmExec.exe [764768 2009-09-18] (Microsoft Corporation)
R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [812448 2009-12-17] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [27040 2009-12-17] (Broadcom Corporation)
S2 dcpsysmgrsvc; c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [376608 2009-12-10] (Dell Inc.)
S2 dldoCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe [99568 2007-10-05] ()
R2 dldo_device; C:\WINDOWS\system32\dldocoms.exe [595184 2007-10-05] ( )
S2 dleeCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dleeserv.exe [98984 2009-07-01] ()
R2 dlee_device; C:\WINDOWS\system32\dleecoms.exe [602792 2009-07-01] ( )
R2 DymoPnpService; C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2013-03-05] (Sanford, L.P.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2013-06-17] (Macrovision Europe Ltd.) [File not signed]
R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [189736 2009-09-26] (Seagate Technology LLC)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-07-28] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 O2FLASH; C:\WINDOWS\system32\DRIVERS\o2flash.exe [72296 2010-02-10] (O2Micro International)
R2 Pointsec; C:\WINDOWS\system32\Prot_srv.exe [659792 2011-06-14] (Check Point Software Tech Ltd)
R2 Pointsec_start; C:\WINDOWS\system32\pstartSr.exe [233808 2011-06-14] (Check Point Software Tech Ltd)
R2 RAMaint; C:\Program Files\RemotelyAnywhere\x86\RaMaint.exe [111952 2008-07-03] (LogMeIn, Inc.)
R2 RemotelyAnywhere; C:\Program Files\RemotelyAnywhere\x86\RemotelyAnywhere.exe [63064 2007-04-05] (LogMeIn, Inc.)
S3 smstsmgr; C:\WINDOWS\system32\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
R2 Sophos Agent; C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe [289856 2013-06-14] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [341800 2014-05-21] (Sophos Limited)
S3 Sophos Device Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe [601664 2013-07-05] (Sophos Limited)
R2 Sophos Message Router; C:\Program Files\Sophos\Remote Management System\RouterNT.exe [818240 2013-06-14] (Sophos Limited)
S2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-06-14] (Sophos Limited)
S2 swi_update; C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_update.exe [1459264 2013-06-14] (Sophos Limited)
R2 UPHClean; C:\Program Files\UPHClean\uphclean.exe [399872 2010-09-13] (Windows ® Codename Longhorn DDK provider) [File not signed]
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [557968 2013-06-19] (Cisco Systems, Inc.)
R2 vToolbarUpdater18.1.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [1801240 2014-06-14] (AVG Secure Search)
S4 STacSV; c:\drivers\audio\r267815\payload\wdm\stacsv.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 Acceler; C:\WINDOWS\System32\DRIVERS\Accelern.sys [43888 2010-12-13] (ST Microelectronics)
S3 acsint; C:\WINDOWS\System32\DRIVERS\acsint.sys [39888 2013-06-19] (Cisco Systems, Inc.)
S3 acsmux; C:\WINDOWS\System32\DRIVERS\acsmux.sys [58320 2013-06-19] (Cisco Systems, Inc.)
R3 AESTAud; C:\WINDOWS\System32\drivers\AESTAud.sys [113664 2011-02-14] (Andrea Electronics Corporation)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 anvsnddrv; C:\WINDOWS\System32\drivers\anvsnddrv.sys [32896 2011-11-28] (AnvSoft Inc.) [File not signed]
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42272 2014-06-14] (AVG Technologies)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [3360256 2011-01-17] (Broadcom Corporation)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [909864 2010-02-19] (Broadcom Corporation.)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [51752 2011-11-08] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 cvusbdrv; C:\WINDOWS\System32\Drivers\cvusbdrv.sys [33832 2011-12-21] (Broadcom Corporation)
S3 e1cexpress; C:\WINDOWS\System32\DRIVERS\e1c5132.sys [193704 2011-11-08] (Intel Corporation)
R3 e1kexpress; C:\WINDOWS\System32\DRIVERS\e1k5132.sys [168616 2011-12-21] (Intel Corporation)
S3 ialm; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [1754912 2010-04-25] (Intel Corporation) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation) [File not signed]
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [30880 2009-10-14] (Intel Corporation )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NETwNx32; C:\WINDOWS\System32\DRIVERS\NETwNx32.sys [7391744 2011-01-04] (Intel Corporation) [File not signed]
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [119528 2011-11-08] (NVIDIA Corporation)
S3 O2MDFRDR; C:\WINDOWS\System32\DRIVERS\O2MDFxp.sys [60192 2011-01-04] (O2Micro )
S3 O2SDJRDR; C:\WINDOWS\System32\DRIVERS\o2sdjxp.sys [63136 2011-01-04] (O2Micro )
S3 prepdrvr; C:\WINDOWS\system32\CCM\prepdrv.sys [20848 2009-09-18] (Microsoft Corporation)
R0 prot_2k; C:\WINDOWS\system32\Drivers\prot_2k.sys [223440 2011-06-14] (Check Point Software Tech Ltd)
R2 RAInfo; C:\Program Files\RemotelyAnywhere\x86\RaInfo.sys [12856 2008-01-23] (LogMeIn, Inc.)
R3 ramirr; C:\WINDOWS\System32\DRIVERS\ramirr.sys [10168 2007-04-17] (LogMeIn, Inc.)
R2 RARfsDriver; C:\WINDOWS\system32\drivers\RARfsDriver.sys [46000 2007-04-05] (LogMeIn, Inc.)
S2 risdpcie; C:\WINDOWS\System32\DRIVERS\risdpe86.sys [59904 2010-03-21] (REDC) [File not signed]
S3 RSPCIESTOR; C:\WINDOWS\System32\DRIVERS\RtsPStor.sys [232448 2010-08-12] (Realtek Semiconductor Corp.) [File not signed]
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SAVOnAccessControl; C:\WINDOWS\System32\DRIVERS\savonaccesscontrol.sys [155392 2013-06-14] (Sophos Limited)
R1 SAVOnAccessFilter; C:\WINDOWS\System32\DRIVERS\savonaccessfilter.sys [24832 2013-06-14] (Sophos Limited)
R3 sdcfilter; C:\WINDOWS\System32\DRIVERS\sdcfilter.sys [33696 2013-06-14] (Sophos Limited)
R1 SKMScan; C:\WINDOWS\System32\DRIVERS\skmscan.sys [31736 2013-06-14] (Sophos Plc)
R3 smsmdd; C:\WINDOWS\System32\DRIVERS\smsmdm.sys [12448 2008-10-20] (Microsoft Corporation)
S4 SophosBootDriver; C:\WINDOWS\System32\DRIVERS\SophosBootDriver.sys [14976 2013-06-14] (Sophos Plc)
R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [17648 2010-08-20] (ST Microelectronics)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1656499 2011-02-14] (IDT, Inc.)
S3 swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [28288 2009-01-14] ()
S3 SWNC8UA3; C:\WINDOWS\System32\DRIVERS\swnc8ua3.sys [190080 2009-03-31] (Sierra Wireless Inc.)
S3 SWUMXA3; C:\WINDOWS\System32\DRIVERS\swumxa3.sys [148096 2009-05-04] (Sierra Wireless Inc.)
R1 tcpipBM; C:\WINDOWS\system32\Drivers\tcpipBM.sys [24064 2009-12-04] (Bytemobile, Inc.) [File not signed]
S3 usbbus; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [12416 2007-08-23] (LG Electronics Inc.)
S3 UsbDiag; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [19840 2007-08-23] (LG Electronics Inc.)
S3 USBModem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [21632 2007-08-23] (LG Electronics Inc.)
U2 CertPropSvc; 
S1 DVMIO; \??\D:\Program Files\Dell\Reader 2.0\dvmio.sys [X]
S4 RARfsClientNP; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-15 13:35 - 2014-06-15 13:39 - 00000000 ____D () C:\FRST
2014-06-15 13:33 - 2014-06-15 13:33 - 00000924 _____ () C:\Documents and Settings\k35496\Desktop\Shortcut to FRST (1).exe.lnk
2014-06-14 16:06 - 2014-06-14 16:06 - 00001684 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-06-14 16:06 - 2014-06-14 16:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-06-14 13:34 - 2014-06-14 13:31 - 00042272 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2014-06-14 13:33 - 2014-06-14 13:34 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-06-14 13:33 - 2014-06-14 13:33 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-06-14 13:33 - 2014-06-14 13:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2014-06-14 13:31 - 2014-06-14 13:31 - 00000000 ____D () C:\Documents and Settings\k35496\Application Data\OpenCandy
2014-06-14 13:29 - 2014-06-14 13:30 - 31485368 _____ (Any-Video-Converter.com ) C:\Documents and Settings\k35496\Desktop\avc-free.exe
2014-06-14 12:44 - 2014-06-14 12:44 - 00000000 ____D () C:\Documents and Settings\k35496\My Documents\Any Video Converter Professional
2014-06-14 12:42 - 2014-06-14 12:42 - 34184288 _____ (Any-Video-Converter.com ) C:\Documents and Settings\k35496\Desktop\any-video-converter.exe
2014-06-10 20:03 - 2014-06-10 20:03 - 00000000 ____D () C:\Program Files\AviSynth 2.5
2014-06-10 20:03 - 2009-09-27 09:39 - 00415744 ___SH (The Public) C:\WINDOWS\system32\avisynth.dll
2014-06-10 20:03 - 2005-07-14 12:31 - 00032256 ___SH () C:\WINDOWS\system32\AVSredirect.dll
2014-06-10 20:03 - 2004-02-22 10:11 - 00764416 ___SH (Abysmal Software) C:\WINDOWS\system32\devil.dll
2014-06-10 20:03 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\system32\yv12vfw.dll
2014-06-10 20:03 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\system32\i420vfw.dll
2014-06-09 22:02 - 2014-06-09 22:02 - 00000000 ____D () C:\Documents and Settings\k35496\My Documents\eRightSoft
2014-06-09 21:57 - 2014-06-09 21:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPER © - by eRightSoft
2014-06-09 21:57 - 2014-02-13 14:21 - 00000493 __RSH () C:\WINDOWS\system32\LAVFilters.Dependencies.manifest
2014-06-09 21:57 - 2014-02-13 14:20 - 03057808 __RSH (FFmpeg Project) C:\WINDOWS\system32\avcodec-lav-55.dll
2014-06-09 21:57 - 2014-02-13 14:20 - 00539280 __RSH (FFmpeg Project) C:\WINDOWS\system32\avformat-lav-55.dll
2014-06-09 21:57 - 2014-02-13 14:20 - 00313520 __RSH (1f0.de - Hendrik Leppkes) C:\WINDOWS\system32\HLvideo.dll
2014-06-09 21:57 - 2014-02-13 14:20 - 00202384 __RSH (1f0.de - Hendrik Leppkes) C:\WINDOWS\system32\HLsplit.dll
2014-06-09 21:57 - 2014-02-13 14:20 - 00180368 __RSH (FFmpeg Project) C:\WINDOWS\system32\avutil-lav-52.dll
2014-06-09 21:57 - 2014-02-13 14:20 - 00152720 __RSH (Intel Corp.) C:\WINDOWS\system32\IntelQuickSyncDecoder.dll
2014-06-09 21:57 - 2014-02-13 14:20 - 00122512 __RSH (1f0.de - Hendrik Leppkes) C:\WINDOWS\system32\HLaudio.dll
2014-06-09 21:57 - 2014-02-13 14:20 - 00110224 __RSH () C:\WINDOWS\system32\libbluray.dll
2014-06-09 21:57 - 2014-02-13 14:20 - 00109200 __RSH (FFmpeg Project) C:\WINDOWS\system32\swscale-lav-2.dll
2014-06-09 21:57 - 2014-02-13 14:20 - 00098960 __RSH (FFmpeg Project) C:\WINDOWS\system32\avfilter-lav-3.dll
2014-06-09 21:57 - 2014-02-13 14:20 - 00059536 __RSH (FFmpeg Project) C:\WINDOWS\system32\avresample-lav-1.dll
2014-06-09 21:57 - 2012-10-05 19:54 - 00188416 __RSH () C:\WINDOWS\system32\winDCE32.dll
2014-06-09 21:57 - 2012-07-11 23:00 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Olepau32.ax
2014-06-09 21:57 - 2011-02-11 10:26 - 00112128 __RSH () C:\WINDOWS\system32\OptimFROG.dll
2014-06-09 21:57 - 2009-08-10 23:00 - 00352768 __RSH () C:\WINDOWS\system32\ac3DX.ax
2014-06-09 21:57 - 2005-02-22 17:55 - 00081920 __RSH () C:\WINDOWS\system32\aac_parser.ax
2014-06-09 21:57 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\WINDOWS\system32\drvc.dll
2014-06-09 21:57 - 2004-04-27 16:03 - 00017408 __RSH (RadLight) C:\WINDOWS\system32\RLOFRDec.ax
2014-06-09 21:56 - 2014-06-09 21:56 - 00000000 ____D () C:\Program Files\eRightSoft
2014-06-09 21:54 - 2014-06-09 21:54 - 00001809 _____ () C:\Documents and Settings\k35496\Desktop\Continue installation  - SUPER © Installation.lnk
2014-06-09 20:53 - 2014-06-09 21:38 - 67155686 _____ (eRightSoft ) C:\Documents and Settings\k35496\Desktop\SUPERsetup.exe
2014-06-05 02:19 - 2014-06-05 02:19 - 02956401 _____ () C:\Documents and Settings\k35496\My Documents\20140605_001228.mp4
2014-06-04 20:36 - 2014-06-04 20:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CDex
2014-06-04 20:35 - 2014-06-06 09:07 - 00000000 ____D () C:\Program Files\CDex
2014-06-04 20:35 - 2014-06-04 20:35 - 08697544 _____ (Georgy Berdyshev) C:\Documents and Settings\k35496\Desktop\CDex-win32-1.70-b4-2009.exe
2014-06-04 10:32 - 2014-06-04 10:32 - 41945432 _____ (Apple Inc.) C:\Documents and Settings\k35496\Desktop\QuickTimeInstaller.exe
2014-06-04 09:39 - 2006-09-25 17:58 - 00014640 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2014-06-04 09:38 - 2014-06-04 09:39 - 00111895 _____ () C:\WINDOWS\MSCompPackV1.log
2014-06-04 09:37 - 2014-06-04 09:38 - 00120850 _____ () C:\WINDOWS\wmp11.log
2014-06-04 09:36 - 2014-06-04 09:37 - 00131675 _____ () C:\WINDOWS\WMFDist11.log
2014-06-04 09:36 - 2014-06-04 09:36 - 00001553 _____ () C:\WINDOWS\Wudf01000Inst.log
2014-06-04 09:35 - 2014-06-04 09:35 - 25740256 _____ (Microsoft Corporation) C:\Documents and Settings\k35496\Desktop\wmp11-windowsxp-x86-enu.exe
2014-05-26 17:10 - 2014-05-26 17:10 - 00042685 _____ () C:\Documents and Settings\k35496\Local Settings\Application Data\recently-used.xbel
2014-05-26 13:24 - 2014-05-26 13:24 - 00001239 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Illustrator CS3.lnk
2014-05-26 13:22 - 2014-05-26 13:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ALM
2014-05-26 13:20 - 2014-05-26 13:20 - 00000948 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Stock Photos CS3.lnk
2014-05-26 13:17 - 2014-05-26 13:17 - 00001106 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
2014-05-26 13:17 - 2014-05-26 13:17 - 00000917 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS3.lnk
2014-05-26 13:13 - 2014-05-26 13:13 - 00000824 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS3.lnk
 
==================== One Month Modified Files and Folders =======
 
2014-06-15 13:40 - 2013-06-17 12:36 - 00000000 ____D () C:\Documents and Settings\k35496\Local Settings\Temp
2014-06-15 13:39 - 2014-06-15 13:35 - 00000000 ____D () C:\FRST
2014-06-15 13:38 - 2014-04-05 21:06 - 00000000 ____D () C:\Documents and Settings\k35496\Application Data\uTorrent
2014-06-15 13:38 - 2013-06-17 16:35 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-15 13:35 - 2010-09-09 14:26 - 05243071 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\OfflineVaultPH.log
2014-06-15 13:33 - 2014-06-15 13:33 - 00000924 _____ () C:\Documents and Settings\k35496\Desktop\Shortcut to FRST (1).exe.lnk
2014-06-15 13:17 - 2013-06-17 15:03 - 00000000 ____D () C:\Documents and Settings\k35496\Application Data\Skype
2014-06-15 12:00 - 2013-07-28 12:00 - 00001178 _____ () C:\WINDOWS\Tasks\Safe Saver-updater.job
2014-06-15 11:59 - 2013-07-28 11:59 - 00001876 _____ () C:\WINDOWS\Tasks\Safe Saver-chromeinstaller.job
2014-06-15 11:59 - 2013-07-28 11:59 - 00001182 _____ () C:\WINDOWS\Tasks\Safe Saver-codedownloader.job
2014-06-15 11:59 - 2013-07-28 11:59 - 00001082 _____ () C:\WINDOWS\Tasks\Safe Saver-enabler.job
2014-06-15 10:38 - 2013-06-17 16:35 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-15 10:31 - 2014-02-04 18:10 - 00000000 ____D () C:\Documents and Settings\k35496\Application Data\mIRC
2014-06-15 10:18 - 2012-01-26 16:08 - 00212509 _____ () C:\WINDOWS\system32\nvModes.001
2014-06-14 23:00 - 2013-06-14 15:07 - 00000530 _____ () C:\WINDOWS\Tasks\Nightly.job
2014-06-14 22:40 - 2013-07-04 22:50 - 00000352 _____ () C:\WINDOWS\Tasks\EZLyrics Update.job
2014-06-14 19:53 - 2013-07-04 22:48 - 00000000 ____D () C:\Documents and Settings\k35496\Local Settings\Application Data\AVG SafeGuard toolbar
2014-06-14 18:48 - 2014-03-25 08:51 - 00000000 ____D () C:\Documents and Settings\k35496\Desktop\Programs I use
2014-06-14 16:40 - 2014-02-04 18:10 - 00000000 ____D () C:\Program Files\mIRC
2014-06-14 16:06 - 2014-06-14 16:06 - 00001684 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-06-14 16:06 - 2014-06-14 16:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-06-14 16:06 - 2013-11-07 23:42 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-14 15:55 - 2014-03-27 16:08 - 00000000 ____D () C:\Documents and Settings\k35496\Application Data\DropboxMaster
2014-06-14 15:55 - 2013-07-28 11:31 - 00000000 ___RD () C:\Documents and Settings\k35496\My Documents\Dropbox
2014-06-14 15:55 - 2013-07-28 11:27 - 00000000 ____D () C:\Documents and Settings\k35496\Application Data\Dropbox
2014-06-14 15:52 - 2012-01-26 16:08 - 00212509 _____ () C:\WINDOWS\system32\nvModes.dat
2014-06-14 15:51 - 2008-04-25 16:28 - 01441085 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-14 15:51 - 2008-04-25 11:16 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-14 15:50 - 2008-04-25 04:25 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-06-14 15:50 - 2008-04-25 04:25 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-06-14 15:49 - 2008-04-25 16:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-14 15:46 - 2014-04-13 14:49 - 15104184 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-06-14 15:46 - 2014-01-25 21:42 - 03997696 _____ () C:\WINDOWS\system32\config\ACVPN.evt
2014-06-14 15:46 - 2013-06-14 14:53 - 00065536 _____ () C:\WINDOWS\system32\config\Pointsec.evt
2014-06-14 15:46 - 2010-09-09 07:32 - 00065536 _____ () C:\WINDOWS\system32\config\ODiag.evt
2014-06-14 15:46 - 2008-04-25 16:32 - 00032416 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-14 15:29 - 2013-06-14 14:51 - 00000000 ____D () C:\Program Files\RemotelyAnywhere
2014-06-14 15:13 - 2013-06-17 12:39 - 05243008 _____ () C:\Documents and Settings\k35496\Local Settings\Application Data\OfflineVaultPH.log
2014-06-14 14:25 - 2013-08-24 19:21 - 00007680 _____ () C:\Documents and Settings\k35496\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-14 13:34 - 2014-06-14 13:33 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-06-14 13:33 - 2014-06-14 13:33 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-06-14 13:33 - 2014-06-14 13:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2014-06-14 13:33 - 2013-07-04 22:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
2014-06-14 13:31 - 2014-06-14 13:34 - 00042272 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2014-06-14 13:31 - 2014-06-14 13:31 - 00000000 ____D () C:\Documents and Settings\k35496\Application Data\OpenCandy
2014-06-14 13:30 - 2014-06-14 13:29 - 31485368 _____ (Any-Video-Converter.com ) C:\Documents and Settings\k35496\Desktop\avc-free.exe
2014-06-14 12:50 - 2013-12-28 21:28 - 00000000 ____D () C:\Documents and Settings\k35496\Desktop\my stuff dec 28 2013
2014-06-14 12:44 - 2014-06-14 12:44 - 00000000 ____D () C:\Documents and Settings\k35496\My Documents\Any Video Converter Professional
2014-06-14 12:43 - 2013-07-20 19:37 - 00000000 ____D () C:\Program Files\AnvSoft
2014-06-14 12:43 - 2013-07-20 19:37 - 00000000 ____D () C:\Documents and Settings\k35496\Application Data\AnvSoft
2014-06-14 12:43 - 2013-07-20 19:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AnvSoft
2014-06-14 12:42 - 2014-06-14 12:42 - 34184288 _____ (Any-Video-Converter.com ) C:\Documents and Settings\k35496\Desktop\any-video-converter.exe
2014-06-14 12:38 - 2010-09-09 07:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-06-13 18:06 - 2012-01-26 04:05 - 00000608 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2014-06-13 08:49 - 2013-08-01 18:27 - 00352377 _____ () C:\WINDOWS\setupapi.log
2014-06-11 21:41 - 2013-06-17 16:42 - 00001819 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-06-10 20:03 - 2014-06-10 20:03 - 00000000 ____D () C:\Program Files\AviSynth 2.5
2014-06-09 22:02 - 2014-06-09 22:02 - 00000000 ____D () C:\Documents and Settings\k35496\My Documents\eRightSoft
2014-06-09 21:57 - 2014-06-09 21:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPER © - by eRightSoft
2014-06-09 21:56 - 2014-06-09 21:56 - 00000000 ____D () C:\Program Files\eRightSoft
2014-06-09 21:54 - 2014-06-09 21:54 - 00001809 _____ () C:\Documents and Settings\k35496\Desktop\Continue installation  - SUPER © Installation.lnk
2014-06-09 21:38 - 2014-06-09 20:53 - 67155686 _____ (eRightSoft ) C:\Documents and Settings\k35496\Desktop\SUPERsetup.exe
2014-06-09 09:36 - 2013-08-01 16:55 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-06-08 10:29 - 2013-08-12 11:45 - 00000716 _____ () C:\WINDOWS\setupact.log
2014-06-06 09:07 - 2014-06-04 20:35 - 00000000 ____D () C:\Program Files\CDex
2014-06-05 13:25 - 2013-08-21 08:22 - 00000794 _____ () C:\Documents and Settings\k35496\Start Menu\Programs\Windows Media Player.lnk
2014-06-05 13:25 - 2013-08-21 08:22 - 00000788 _____ () C:\Documents and Settings\k35496\Desktop\Windows Media Player.lnk
2014-06-05 13:25 - 2013-08-01 16:26 - 00023906 _____ () C:\WINDOWS\wmsetup.log
2014-06-05 10:13 - 2013-06-17 12:36 - 00000000 ____D () C:\Documents and Settings\k35496\Application Data\Adobe
2014-06-05 10:12 - 2013-06-17 12:36 - 00000000 ____D () C:\Documents and Settings\k35496\Local Settings\Application Data\Adobe
2014-06-05 02:19 - 2014-06-05 02:19 - 02956401 _____ () C:\Documents and Settings\k35496\My Documents\20140605_001228.mp4
2014-06-04 20:36 - 2014-06-04 20:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CDex
2014-06-04 20:36 - 2012-12-18 08:27 - 00000000 ____D () C:\Temp
2014-06-04 20:35 - 2014-06-04 20:35 - 08697544 _____ (Georgy Berdyshev) C:\Documents and Settings\k35496\Desktop\CDex-win32-1.70-b4-2009.exe
2014-06-04 10:44 - 2013-08-12 11:45 - 00055119 _____ () C:\WINDOWS\spupdsvc.log
2014-06-04 10:44 - 2008-04-25 16:29 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb
2014-06-04 10:44 - 2008-04-25 16:29 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb
2014-06-04 10:37 - 2013-06-17 12:36 - 00000178 ___SH () C:\Documents and Settings\k35496\ntuser.ini
2014-06-04 10:32 - 2014-06-04 10:32 - 41945432 _____ (Apple Inc.) C:\Documents and Settings\k35496\Desktop\QuickTimeInstaller.exe
2014-06-04 09:39 - 2014-06-04 09:38 - 00111895 _____ () C:\WINDOWS\MSCompPackV1.log
2014-06-04 09:38 - 2014-06-04 09:37 - 00120850 _____ () C:\WINDOWS\wmp11.log
2014-06-04 09:38 - 2013-08-12 11:44 - 00045292 _____ () C:\WINDOWS\updspapi.log
2014-06-04 09:38 - 2011-03-17 08:00 - 00000000 ____D () C:\Program Files\Windows Media Connect 2
2014-06-04 09:37 - 2014-06-04 09:36 - 00131675 _____ () C:\WINDOWS\WMFDist11.log
2014-06-04 09:36 - 2014-06-04 09:36 - 00001553 _____ () C:\WINDOWS\Wudf01000Inst.log
2014-06-04 09:35 - 2014-06-04 09:35 - 25740256 _____ (Microsoft Corporation) C:\Documents and Settings\k35496\Desktop\wmp11-windowsxp-x86-enu.exe
2014-06-03 12:41 - 2013-06-26 05:31 - 00003128 _____ () C:\WINDOWS\smartkeydiagnostics.txt
2014-06-02 20:52 - 2013-06-14 15:49 - 00000000 __SHD () C:\WINDOWS\CSC
2014-06-01 17:49 - 2008-04-25 04:21 - 01650152 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-06-01 16:18 - 2013-07-04 22:54 - 00000000 ____D () C:\Documents and Settings\k35496\.gimp-2.8
2014-05-30 10:25 - 2013-06-17 09:28 - 00149504 ___SH () C:\Documents and Settings\k35496\Desktop\Thumbs.db
2014-05-27 18:25 - 2013-06-17 08:55 - 00000000 ____D () C:\Documents and Settings\k35496\My Documents\KCI Administrative docs
2014-05-27 17:48 - 2013-07-28 11:28 - 00000000 ____D () C:\Documents and Settings\k35496\Start Menu\Programs\Dropbox
2014-05-26 21:25 - 2013-06-17 12:36 - 00095120 _____ () C:\Documents and Settings\k35496\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-05-26 21:10 - 2013-07-06 23:37 - 00000000 ____D () C:\Documents and Settings\k35496\Local Settings\Application Data\gtk-2.0
2014-05-26 17:10 - 2014-05-26 17:10 - 00042685 _____ () C:\Documents and Settings\k35496\Local Settings\Application Data\recently-used.xbel
2014-05-26 13:24 - 2014-05-26 13:24 - 00001239 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Illustrator CS3.lnk
2014-05-26 13:22 - 2014-05-26 13:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ALM
2014-05-26 13:22 - 2013-06-17 08:47 - 00000000 ____D () C:\Program Files\Adobe
2014-05-26 13:21 - 2013-06-17 08:47 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-26 13:20 - 2014-05-26 13:20 - 00000948 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Stock Photos CS3.lnk
2014-05-26 13:17 - 2014-05-26 13:17 - 00001106 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
2014-05-26 13:17 - 2014-05-26 13:17 - 00000917 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS3.lnk
2014-05-26 13:13 - 2014-05-26 13:13 - 00000824 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS3.lnk
2014-05-25 14:08 - 2014-01-15 17:11 - 00000000 ____D () C:\Documents and Settings\k35496\.gimp-2.6
2014-05-21 07:29 - 2013-06-14 15:06 - 00029992 _____ (Sophos Limited) C:\WINDOWS\system32\SophosBootTasks.exe
2014-05-20 10:44 - 2013-06-17 12:36 - 00000000 ____D () C:\Documents and Settings\k35496
 
Some content of TEMP:
====================
C:\Documents and Settings\k35496\Local Settings\Temp\ChangeIcon.exe
C:\Documents and Settings\k35496\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy7t9i1.dll
C:\Documents and Settings\k35496\Local Settings\Temp\mirc732.exe
C:\Documents and Settings\k35496\Local Settings\Temp\oi_{A0A6EDFA-3113-4D2E-A38D-D76341AC58D6}.exe
C:\Documents and Settings\k35496\Local Settings\Temp\sam__2268_il515232.exe
C:\Documents and Settings\k35496\Local Settings\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
///
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-06-2014
Ran by K35496 at 2014-06-15 13:40:46
Running from C:\Documents and Settings\k35496\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
 
==================== Installed Programs ======================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31395 - BitTorrent Inc.)
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (Version:  - Microsoft) Hidden
Adobe Acrobat  9 Standard - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat  9 Standard - English, Français, Deutsch (Version: 9.0.0 - Adobe Systems) Hidden
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS3 (HKLM\...\Adobe_a04a925a57548091300ada368235fc6) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Illustrator CS3 (Version: 13.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.03) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Any Video Converter 5.6.2 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Any Video Converter Professional 5.6.2 (HKLM\...\Any Video Converter Professional_is1) (Version:  - Any-Video-Converter.com)
Any Video Converter Ultimate 4.6.1 (HKLM\...\Any Video Converter Ultimate_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Communication Manager (HKLM\...\{F813E3A8-1641-4510-9C35-BF4656C63B8C}) (Version: 7.01.0030.0 - AT&T)
AT&T Connect Participant Application v9.0.82 (HKLM\...\{1F3A6960-8470-4C84-820C-EBFFAF4DA580}) (Version: 9.0.82 - AT&T Inc.)
AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 18.1.0.443 - AVG Technologies)
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Carbonite Online Backup Setup (HKLM\...\Carbonite Setup Lite) (Version: 3.8.0 - Carbonite Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
CDex - Open Source Digital Audio CD Extractor (HKLM\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
Check Point Endpoint Security - Full Disk Encryption (HKLM\...\{31B33270-24D7-4307-84F2-A3288636B83A}) (Version: 7.4.5.1667 - Check Point Software Technologies Ltd)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04059 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.04059 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Claim Form Fax (HKLM\...\{10A7A47C-779E-40FF-AF66-7C01559AC908}) (Version: 4.37.01 - KCI)
Claim Form Fax (HKLM\...\{AF72B445-3E2A-412A-BB2B-91501EEA2E8F}) (Version: 4.1.20.2 - Kinetic Concepts, Inc)
Configuration Manager Client (Version: 4.00.6487.2000 - Microsoft Corporation) Hidden
CVE-2013-3893 (HKLM\...\{55aab41f-5d5c-abdf-4568-baef76587bd7}.sdb) (Version:  - )
DC-Bass Source 1.3.0 (HKLM\...\DC-Bass Source) (Version:  - )
Dell 968 AIO Printer (HKLM\...\Dell 968 AIO Printer) (Version:  - Dell, Inc.)
Dell ControlPoint System Manager (HKLM\...\{314E5785-BD81-47FD-9D6B-5C3CD31B351B}) (Version: 1.4.00000 - Dell Inc.)
Dell ControlVault Host Components Installer (Version: 1.7.450.290 - Broadcom Corporation) Hidden
Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.050 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.125 - ALPS ELECTRIC CO., LTD.)
Dell V715w (HKLM\...\Dell V715w) (Version:  - Dell, Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
DYMO Label v.8 (HKLM\...\DYMO Label v.8) (Version: 8.5.0.1751 - Sanford, L.P.)
DYMO LabelWriter Drivers (HKLM\...\{CE16D92B-50F3-4FC5-B29C-13FAFEE1A6C6}) (Version: 8.3.0.443 - Sanford L.P.)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FileNet IDM Viewer 4.0 (HKLM\...\IDMViewer) (Version:  - )
Ghostscript Install (HKLM\...\{170BD686-2FF6-4D8B-AEE7-0541B528D106}) (Version: 1.10.0001 - Kinetic Concepts, Inc)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HERO (HKLM\...\{7A81A9F6-5914-4FAE-A3BA-8932909FA434}) (Version: 5.14.0.0 - Kinetic Concepts, Inc)
HP Color LaserJet 2600 series (HKLM\...\HP Color LaserJet 2600 series) (Version:  - )
Instant Eyedropper 1.75 (HKLM\...\Instant Eyedropper_is1) (Version:  - )
Intel® Network Connections 14.8.43.0 (HKLM\...\{11107A2A-AD44-4BC8-ABB5-E88E63BCA785}) (Version: 14.8.43.0 - Dell)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
IT Helpdesk Tools (HKLM\...\{F97FF771-6050-4AA2-BDFD-24F299554C78}) (Version: 1.00.0000 - KCI)
iTunes (HKLM\...\{9B486871-27EB-49A5-8832-77176E63333C}) (Version: 11.0.5.5 - Apple Inc.)
J2SE Runtime Environment 5.0 Update 11 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150110}) (Version: 1.5.0.110 - Sun Microsystems, Inc.)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
KCI Field PB9 (HKLM\...\{A82E626D-3D6E-4810-BB81-7017927DF4E7}) (Version: 6.04.01 - Kinetic Concepts, Inc.)
Lagarith Lossless Codec (1.3.27) (HKLM\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LibreOffice 4.1.4.2 (HKLM\...\{94E11973-ED58-47A0-907C-ABF6D95C5DD8}) (Version: 4.1.4.2 - The Document Foundation)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MathMap-1.3.5 (HKLM\...\MathMap-1.3.5_is1) (Version: 1.3.5 - Mark Probst)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2742597) (HKLM\...\M2742597) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Project MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Project Standard 2007 (HKLM\...\PRJSTD) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Project Standard 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Visio Standard 2007 (HKLM\...\VISSTD) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Visio Standard 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
mIRC (HKLM\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB927977) (HKLM\...\{5A710547-B58E-488B-828D-CA9A25A0533C}) (Version: 6.00.3890.0 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA Display Control Panel (HKLM\...\{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 6.14.12.6883 - NVIDIA Corporation)
OpenSource Flash Video Splitter 1.0.0.5 (HKLM\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
Oracle 10g InstantClient (HKLM\...\{54499F55-F17B-4380-8F66-995AB370A408}) (Version: 10.1.0.4.3 - Kinetic Concepts, Inc)
Oracle JInitiator 1.3.1.29 (HKLM\...\{CAFECAFE-0013-0001-0129-ABCDEFABCDEF}) (Version:  - )
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RDC (Version:  - Microsoft Corporation) Hidden
Reader 2.0 (HKLM\...\Reader2.0) (Version: 2.0.1.1038 - Dell Inc.)
Reader 2.0 (Version: 2.0.1.1038 - Dell Inc.) Hidden
RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6201 - Realtek Semiconductor Corp.)
RemotelyAnywhere (HKLM\...\{52121943-407C-4082-868C-139DD3AD333B}) (Version: 8.0.747 - LogMeIn, Inc.)
RightFax Product Suite (HKLM\...\{37EAD3B6-15F3-4292-AA85-41CADD54E964}) (Version: 9.00.0000 - Captaris, Inc.)
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Roxio Creator DE 10.3 (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
Safe Saver (HKLM\...\Safe Saver) (Version: 1.27.153.8 - Safe Saver) <==== ATTENTION
Seagate Manager Installer (HKLM\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
Seagate Manager Installer (Version: 2.01.0600 - Seagate) Hidden
Skype™ 3.8 (HKLM\...\{375943E2-B268-4AD7-B7A4-0FD90E9C2AC7}) (Version: 3.8.144 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM\...\{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}) (Version: 10.0.10 - Sophos Limited)
Sophos AutoUpdate (HKLM\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.1.18 - Sophos Limited)
Sophos Remote Management System (HKLM\...\{FED1005D-CBC8-45D5-A288-FFC7BB304121}) (Version: 3.4.1 - Sophos Limited)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SUPER © v2014.build.60+Recorder (2014/02/18) version v2014.buil (HKLM\...\{8E2A18E2-96AF-8549-4DE7-5C06B75719A4}_is1) (Version: v2014.build.60+Recorder - eRightSoft)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
Symantec Enterprise Vault Outlook Add-In (HKLM\...\{D59BE1F3-37E5-4409-B7DE-63A6047895E6}) (Version: 8.0.5656 - Symantec Corporation)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (Version: 013.000.1986 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (Version: 013.000.0492 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (Version: 013.000.0168 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (Version: 013.000.0135 - Intuit Inc.) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.9.15 - Tweaking.com)
Ultimate Codec Packages (HKCU\...\Ultimate Codec Packages) (Version:  - ) <==== ATTENTION
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Windows (KB971513) (HKLM\...\KB971513) (Version:  - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951618-v2) (HKLM\...\KB951618-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB980182) (Version: 1 - Microsoft Corporation) Hidden
UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden
User Profile Hive Cleanup Service (HKLM\...\{7D15B945-2725-4443-AB3F-D900556612FE}) (Version: 1.6.36 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
WebEx Productivity Tools (HKLM\...\{F7AB02E5-098D-4067-9283-4A7BF8B8E190}) (Version: 2.29.3220 - Cisco WebEx LLC)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WhoCrashed 5.01 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
WIDCOMM Bluetooth Software (HKLM\...\{F48BE301-EC78-4686-B580-EE4934558798}) (Version: 5.6.0.3101 - Dell)
WIMGAPI (HKLM\...\{721ABC3B-5F12-4332-9C0C-C11424EF666C}) (Version: 1.0.0.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
Windows Rights Management Client Backwards Compatibility SP2 (HKLM\...\{EC905264-BCFE-423B-9C42-C3A106266790}) (Version: 5.2.95 - Microsoft)
Windows Rights Management Client with Service Pack 2 (HKLM\...\{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}) (Version: 5.2.95 - Microsoft)
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
Could not list Restore Points. Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
2008-04-25 11:16 - 2008-04-14 07:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\EZLyrics Update.job => C:\Program Files\EZLyrics\ezlyrics.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Nightly.job => C:\Program Files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe
Task: C:\WINDOWS\Tasks\Safe Saver-chromeinstaller.job => C:\Program Files\Safe Saver\Safe Saver-chromeinstaller.exe
Task: C:\WINDOWS\Tasks\Safe Saver-codedownloader.job => C:\Program Files\Safe Saver\Safe Saver-codedownloader.exe
Task: C:\WINDOWS\Tasks\Safe Saver-enabler.job => C:\Program Files\Safe Saver\Safe Saver-enabler.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Safe Saver-updater.job => C:\Program Files\Safe Saver\Safe Saver-updater.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-06-14 10:10 - 2011-06-14 10:10 - 00135168 _____ () C:\WINDOWS\system32\LogonAgentAPI.dll
2013-06-19 10:00 - 2013-06-19 10:00 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2010-09-09 08:05 - 2009-04-13 09:20 - 00045056 _____ () C:\WINDOWS\system32\DLDOPMON.DLL
2010-09-09 08:05 - 2007-06-11 09:01 - 00049152 _____ () C:\WINDOWS\system32\DLDOOEM.DLL
2010-09-09 08:04 - 2009-04-13 09:19 - 00032768 _____ () C:\Program Files\Dell 968 AIO Printer\ipcmt.dll
2013-06-19 08:56 - 2011-02-17 19:13 - 00125952 _____ () C:\WINDOWS\system32\zlhp2600.dll
2010-09-09 08:05 - 2007-07-18 06:42 - 00113664 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\dldodrpp.dll
2010-09-09 08:12 - 2009-06-19 04:58 - 00157696 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\dleedrpp.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-14 14:55 - 2013-06-14 14:55 - 01055808 _____ () C:\Program Files\Sophos\Remote Management System\ACE.dll
2013-06-14 14:55 - 2013-06-14 14:55 - 01539136 _____ () C:\Program Files\Sophos\Remote Management System\TAO.dll
2013-06-14 14:55 - 2013-06-14 14:55 - 00183360 _____ () C:\Program Files\Sophos\Remote Management System\TAO_DynamicAny.dll
2013-06-14 14:55 - 2013-06-14 14:55 - 00760896 _____ () C:\Program Files\Sophos\Remote Management System\LIBEAY32.dll
2013-06-14 14:55 - 2013-06-14 14:55 - 00146496 _____ () C:\Program Files\Sophos\Remote Management System\SSLEAY32.dll
2013-06-14 14:55 - 2013-06-14 14:55 - 00076864 _____ () C:\Program Files\Sophos\Remote Management System\ACE_SSL.dll
2013-06-14 14:55 - 2013-06-14 14:55 - 00535616 _____ () C:\Program Files\Sophos\Remote Management System\TAO_PortableServer.dll
2013-06-14 14:55 - 2013-06-14 14:55 - 00244800 _____ () C:\Program Files\Sophos\Remote Management System\TAO_SSLIOP.dll
2013-06-14 14:55 - 2013-06-14 14:55 - 00740416 _____ () C:\Program Files\Sophos\Remote Management System\TAO_Security.dll
2013-06-14 14:55 - 2013-06-14 14:55 - 00039488 _____ () C:\Program Files\Sophos\Remote Management System\TAO_Valuetype.dll
2014-06-14 13:33 - 2014-06-14 13:31 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
2014-06-14 13:33 - 2014-06-14 13:31 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\log4cplusU.dll
2012-06-18 10:24 - 2012-06-18 10:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll
2014-06-14 13:33 - 2014-06-14 13:31 - 02557976 _____ () C:\Program Files\AVG SafeGuard toolbar\vprot.exe
2008-04-25 11:16 - 2008-04-14 07:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-25 11:16 - 2008-04-14 07:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-03-05 01:58 - 2013-03-05 01:58 - 00085504 _____ () C:\Program Files\DYMO\DYMO Label Software\DYMO.Common.dll
2011-04-27 14:22 - 2011-04-27 14:22 - 00031744 _____ () C:\Documents and Settings\k35496\Local Settings\Application Data\ATT Connect\Participant\IwRegVC90.dll
2011-04-21 12:10 - 2011-04-21 12:10 - 00418304 _____ () C:\Documents and Settings\k35496\Local Settings\Application Data\ATT Connect\Participant\exchndl.dll
2014-03-16 13:37 - 2007-10-17 16:22 - 00352256 _____ () C:\Program Files\InstantEyedropper\InstantEyedropper.exe
2014-06-14 15:55 - 2014-06-14 15:55 - 00043008 _____ () C:\Documents and Settings\k35496\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy7t9i1.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Documents and Settings\k35496\Application Data\Dropbox\bin\libcef.dll
2014-06-11 21:41 - 2014-06-05 08:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-11 21:41 - 2014-06-05 08:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-11 21:41 - 2014-06-05 08:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-06-11 21:41 - 2014-06-05 08:58 - 14612296 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
2011-10-05 03:52 - 2011-10-05 03:52 - 00756048 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-04-13 14:24 - 2014-02-10 13:44 - 04592128 _____ () C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-13 14:24 - 2014-02-10 13:44 - 00112128 _____ () C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BF3D62E7
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/15/2014 10:19:32 AM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3
 
Error: (06/15/2014 10:17:17 AM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.
 
Error: (06/15/2014 10:15:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37896609
 
Error: (06/15/2014 10:15:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37896609
 
Error: (06/15/2014 10:15:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/14/2014 11:44:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18265
 
Error: (06/14/2014 11:44:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18265
 
Error: (06/14/2014 11:44:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/14/2014 11:44:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16312
 
Error: (06/14/2014 11:44:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16312
 
 
System errors:
=============
Error: (06/15/2014 01:42:21 PM) (Source: DCOM) (EventID: 10005) (User: KCI)
Description: DCOM got error "%%1083" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (06/15/2014 01:40:48 PM) (Source: DCOM) (EventID: 10005) (User: KCI)
Description: DCOM got error "%%1083" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (06/15/2014 01:40:46 PM) (Source: DCOM) (EventID: 10005) (User: KCI)
Description: DCOM got error "%%1083" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (06/15/2014 01:40:46 PM) (Source: DCOM) (EventID: 10005) (User: KCI)
Description: DCOM got error "%%1083" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (06/15/2014 01:40:46 PM) (Source: DCOM) (EventID: 10005) (User: KCI)
Description: DCOM got error "%%1083" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (06/15/2014 01:40:28 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1083" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (06/15/2014 01:40:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{000C101C-0000-0000-C000-000000000046}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool.
 
Error: (06/15/2014 01:36:54 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1083" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (06/15/2014 01:36:54 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1083" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (06/15/2014 01:36:54 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1083" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
 
Microsoft Office Sessions:
=========================
Error: (04/11/2014 01:26:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 214 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error: (04/11/2014 01:21:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 800674 seconds with 53820 seconds of active time.  This session ended with a crash.
 
Error: (04/02/2014 00:03:20 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 192705 seconds with 13860 seconds of active time.  This session ended with a crash.
 
Error: (03/30/2014 11:35:07 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 440956 seconds with 18180 seconds of active time.  This session ended with a crash.
 
Error: (03/16/2014 05:42:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 268070 seconds with 23940 seconds of active time.  This session ended with a crash.
 
Error: (03/13/2014 03:14:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 229958 seconds with 19980 seconds of active time.  This session ended with a crash.
 
Error: (03/10/2014 11:05:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 123583 seconds with 6120 seconds of active time.  This session ended with a crash.
 
Error: (02/19/2014 11:37:49 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 749627 seconds with 12900 seconds of active time.  This session ended with a crash.
 
Error: (01/21/2014 05:06:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 354525 seconds with 18180 seconds of active time.  This session ended with a crash.
 
Error: (12/29/2013 04:34:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1032181 seconds with 57360 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 97%
Total physical RAM: 3317.78 MB
Available physical RAM: 95.62 MB
Total Pagefile: 6002.77 MB
Available Pagefile: 486.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.39 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:232.88 GB) (Free:112.07 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 331CBCB1)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,605 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:23 PM

Posted 15 June 2014 - 02:19 PM

Hi Stolen, 

Good news, I see no malware on your system, just some OpenCandy leftovers we can remove with a script.

 

Before doing that, are you using AVG search and toolbar? If you like it/use it no need to remove it, however it is sometimes bundled as well, in which case you can uninstall it using Programs and Features.

 

Also, I know XP is still very popular, but please be aware its no longer being updated and the first major vulnerability that is discovered, may put it at serious risk. 


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Stolen

Stolen
  • Topic Starter

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:23 PM

Posted 15 June 2014 - 03:03 PM

:bananas:

 

OH and no...I do not want AVG and do not use it, so yes, let's remove that. I don't want any plugs ins or anything else weird. If i need a script, let me know, and will do it. Will go take a look at what I can remove under Programs/Features.  

 

Very happy to know things look clean. 

 

Regarding XP, yes, for this machine, XP is still supported (or managed) through a 3rd-party contract so we are protected as some companies are not able to migrate yet to another OS due to compatibility issues with certain internal systems and programs. So while I am not specifically in the know on the how and details, there are ways obtain continued support or protection. 



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,605 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:23 PM

Posted 15 June 2014 - 03:55 PM

I'd recommend you to uninstall SpyBot and SuperAntiSpyware as well, it is not really efficient against todays malware and uses quite a bit of resources.

 

Please open Add/Remove programs (Windows key + R > appwiz.cpl > ENTER).

Click on any AVG-related entry you see and select Uninstall/Remove.

 

Follow the steps to uninstall the program and repeat this for Spybot/SAS if you choose to uninstall them.

 

When done, restart the computer and post me a new FRST log.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Stolen

Stolen
  • Topic Starter

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:23 PM

Posted 19 June 2014 - 06:28 PM

TYSM Elise  :notme:

 

OK I removed what I could and did a restart. I also seemed to have picked up (today) a Mysearch.conduit and a Mysearch.AVG both of which open when I open Chrome. I was attempting (without success) to install a Gimp plugin today. 

 

Computer is taking a long time to boot up but probably due to so many weird processes that start. 

 

Here is the most recent FRST log from today. TY I will look for you tmw :) 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-06-2014
Ran by K35496 (administrator) on USL2LX2RM1 on 19-06-2014 18:18:31
Running from C:\Documents and Settings\k35496\My Documents\Downloads\FRST-OlderVersion\FRST-OlderVersion
Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Check Point Software Tech Ltd) C:\WINDOWS\system32\Prot_srv.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\WINDOWS\system32\dldocoms.exe
( ) C:\WINDOWS\system32\dleecoms.exe
(Sanford, L.P.) C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe
(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(O2Micro International) C:\WINDOWS\system32\drivers\o2flash.exe
(Check Point Software Tech Ltd) C:\WINDOWS\system32\pstartSr.exe
(LogMeIn, Inc.) C:\Program Files\RemotelyAnywhere\x86\ramaint.exe
(LogMeIn, Inc.) C:\Program Files\RemotelyAnywhere\x86\RemotelyAnywhere.exe
(Sophos Limited) C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Remote Management System\RouterNT.exe
(Windows ® Codename Longhorn DDK provider) C:\Program Files\UPHClean\uphclean.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwtracepktwpp.exe
(Andrea Electronics Corporation) C:\WINDOWS\system32\AESTFltr.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Captaris, Inc.) C:\Program Files\RightFax\Client\FAXCTRL.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Check Point Software Technologies LTD) C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Check Point Software Tech Ltd) C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\CarbonitePreinstaller.exe
(Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Sanford, L.P.) C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe
(Cisco WebEx LLC) C:\Program Files\WebEx\Productivity Tools\PTIM.exe
(Cisco WebEx LLC) C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe
(AT&T Inc.) C:\Documents and Settings\k35496\Local Settings\Application Data\ATT Connect\Participant\pull.exe
() C:\Program Files\InstantEyedropper\InstantEyedropper.exe
(BitTorrent Inc.) C:\Documents and Settings\k35496\Application Data\uTorrent\uTorrent.exe
(Cisco WebEx LLC) C:\Program Files\WebEx\Productivity Tools\ptSrv.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
(Dropbox, Inc.) C:\Documents and Settings\k35496\Application Data\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AESTFltr] => C:\WINDOWS\system32\AESTFltr.exe [737280 2011-02-14] (Andrea Electronics Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM\...\Run: [DellBtrEvent] => D:\Program Files\Dell\Reader 2.0\DellBtrEvent.exe
HKLM\...\Run: [Dell 968 AIO Printer Fax Server] => C:\Program Files\Dell 968 AIO Printer\fm3032.exe [311976 2009-04-27] ()
HKLM\...\Run: [RightFAX Print-to-Fax Driver] => C:\Program Files\RightFax\Client\FaxCtrl.exe [94208 2004-10-22] (Captaris, Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19576424 2010-09-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [505720 2011-12-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMcTray.dll [111208 2011-06-05] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [13887592 2011-06-05] (NVIDIA Corporation)
HKLM\...\Run: [NVHotkey] => C:\WINDOWS\system32\nvHotkey.dll [288872 2011-06-05] (NVIDIA Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2011-02-14] (IDT, Inc.)
HKLM\...\Run: [RemotelyAnywhere GUI] => C:\Program Files\RemotelyAnywhere\x86\RAGui.exe [63064 2007-04-05] (LogMeIn, Inc.)
HKLM\...\Run: [Check Point Endpoint Tray Application] => C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe [70144 2010-06-02] (Check Point Software Technologies LTD)
HKLM\...\Run: [Pointsec Tray] => C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe [860496 2011-06-14] (Check Point Software Tech Ltd)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [AT&T Communication Manager] => C:\Program Files\AT&T\Communication Manager\ATTCM.exe [883272 2009-12-04] (ATT)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [DLSService] => "C:\Program Files\DYMO\DYMO Label Software\DLSService.exe"
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2010-09-09] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM\...\Run: [CarboniteSetupLite] => C:\Program Files\Carbonite\CarbonitePreinstaller.exe [318096 2009-08-04] (Carbonite, Inc.)
HKLM\...\Run: [MaxMenuMgr] => C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-26] (Seagate LLC)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-06-19] (Cisco Systems, Inc.)
HKLM\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files\Sophos\AutoUpdate\almon.exe [1617704 2014-05-21] (Sophos Limited)
HKLM\...\Run: [vProt] => "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"
Winlogon\Notify\RAinit: C:\WINDOWS\system32\RAinit.dll (LogMeIn, Inc.)
HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 0
HKLM\...\Policies\Explorer: [NoToolbarCustomize] 0
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21739304 2008-07-23] (Skype Technologies S.A.)
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Run: [DymoQuickPrint] => C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe [1866544 2013-03-05] (Sanford, L.P.)
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Run: [PTIM.exe] => C:\Program Files\WebEx\Productivity Tools\PTIM.exe [408592 2013-04-24] (Cisco WebEx LLC)
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Run: [PTOneClick] => C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe [370704 2013-04-24] (Cisco WebEx LLC)
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Run: [Push Client] => C:\Documents and Settings\k35496\Local Settings\Application Data\ATT Connect\Participant\pull.exe [966944 2011-04-27] (AT&T Inc.)
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Run: [instanteyedropper] => C:\Program Files\InstantEyedropper\InstantEyedropper.exe [352256 2007-10-17] ()
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Run: [uTorrent] => C:\Documents and Settings\k35496\Application Data\uTorrent\uTorrent.exe [1267536 2014-06-12] (BitTorrent Inc.)
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Policies\Explorer: [Btn_Home] 0
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Policies\Explorer: [Btn_Fullscreen] 0
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Policies\Explorer: [Btn_Tools] 0
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Policies\Explorer: [Btn_Print] 0
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Policies\Explorer: [Btn_Edit] 0
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Policies\Explorer: [Btn_Cut] 0
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Policies\Explorer: [Btn_Copy] 0
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Policies\Explorer: [Btn_Paste] 0
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\Policies\Explorer: [Btn_Encoding] 0
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\MountPoints2: {8f8c40b6-d78c-11e2-a45c-70f1a18a104d} - E:\WIN\setup.exe
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\MountPoints2: {f0a3306b-cc97-11e3-a497-70f1a18a104d} - E:\TL_Bootstrap.exe
HKU\S-1-5-21-1345612739-1987932012-794563710-64767\...\MountPoints2: {ff09d982-ec22-11e3-a4a0-70f1a18a104d} - E:\win\setup.exe -phs
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk
ShortcutTarget: Dell ControlPoint System Manager.lnk -> C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Documents and Settings\k35496\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\k35496\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\k35496\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
Startup: C:\Documents and Settings\k35496\Start Menu\Programs\Startup\Seagate 2GEXX6TG Product Registration.lnk
ShortcutTarget: Seagate 2GEXX6TG Product Registration.lnk -> C:\Documents and Settings\k35496\Application Data\Leadertech\PowerRegister\Seagate 2GEXX6TG Product Registration.exe (Leader Technologies/Seagate)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kcicentral.kci.com/tools/Pages/default.aspx
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://kcicentral.kci.com/Pages/default.aspx
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {793316FC-43AF-429D-9385-116DC9470D7B} URL = http://www.google.com
SearchScopes: HKCU - DefaultScope {793316FC-43AF-429D-9385-116DC9470D7B} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {793316FC-43AF-429D-9385-116DC9470D7B} URL = 
SearchScopes: HKCU - {9F4716C1-DE93-45EB-8E24-158C82203123} URL = http://www.google.com
BHO: No Name - {11111111-1111-1111-1111-110311321154} -  No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll No File
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} http://aquire-codebase.vipasuite.com/codebase101/OrgPubX.cab
DPF: {CAFECAFE-0013-0001-0029-ABCDEFABCDEF} 
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 02 C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 03 C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 04 C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 05 bmnet.dll File Not found ()
Winsock: Catalog9 06 bmnet.dll File Not found ()
Winsock: Catalog9 07 bmnet.dll File Not found ()
Winsock: Catalog9 13 C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No File
FF Plugin: @dymo.com/DymoLabelFramework - C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
 
Chrome: 
=======
CHR HomePage: hxxp://mysearch.avg.com?cid={9CE41CA1-C128-45E2-9D7F-14D83E36C6D5}&mid=c1d081b8db3c47d387e7a1b8e76ef9be-f7ad66ae266a9328b385d3d0421c02eab5ef78cb&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-06-14 13:34:09&v=18.1.0.443&pid=safeguard&sg=&sap=hp
CHR StartupUrls: "hxxp://mysearch.avg.com?cid={9CE41CA1-C128-45E2-9D7F-14D83E36C6D5}&mid=c1d081b8db3c47d387e7a1b8e76ef9be-f7ad66ae266a9328b385d3d0421c02eab5ef78cb&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-06-14 13:34:09&v=18.1.0.443&pid=safeguard&sg=&sap=hp"
CHR DefaultSearchKeyword: mysearch.avg.com
CHR DefaultSearchURL: http://mysearch.avg.com/search?cid={9CE41CA1-C128-45E2-9D7F-14D83E36C6D5}&mid=c1d081b8db3c47d387e7a1b8e76ef9be-f7ad66ae266a9328b385d3d0421c02eab5ef78cb&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-06-14 13:34:09&v=18.1.0.443&pid=safeguard&sg=&sap=dsp&q={searchTerms}
CHR Extension: (Google Docs) - C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-14]
CHR Extension: (Google Wallet) - C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
 
========================== Services (Whitelisted) =================
 
S3 ATTRcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [121416 2009-12-04] (SmithMicro Inc.)
S2 buttonsvc32; c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [278304 2009-11-20] (Dell Inc.)
S2 CcmExec; C:\WINDOWS\system32\CCM\CcmExec.exe [764768 2009-09-18] (Microsoft Corporation)
R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [812448 2009-12-17] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [27040 2009-12-17] (Broadcom Corporation)
S2 dcpsysmgrsvc; c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [376608 2009-12-10] (Dell Inc.)
S2 dldoCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe [99568 2007-10-05] ()
R2 dldo_device; C:\WINDOWS\system32\dldocoms.exe [595184 2007-10-05] ( )
S2 dleeCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dleeserv.exe [98984 2009-07-01] ()
R2 dlee_device; C:\WINDOWS\system32\dleecoms.exe [602792 2009-07-01] ( )
R2 DymoPnpService; C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2013-03-05] (Sanford, L.P.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2013-06-17] (Macrovision Europe Ltd.) [File not signed]
R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [189736 2009-09-26] (Seagate Technology LLC)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-07-28] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 O2FLASH; C:\WINDOWS\system32\DRIVERS\o2flash.exe [72296 2010-02-10] (O2Micro International)
R2 Pointsec; C:\WINDOWS\system32\Prot_srv.exe [659792 2011-06-14] (Check Point Software Tech Ltd)
R2 Pointsec_start; C:\WINDOWS\system32\pstartSr.exe [233808 2011-06-14] (Check Point Software Tech Ltd)
R2 RAMaint; C:\Program Files\RemotelyAnywhere\x86\RaMaint.exe [111952 2008-07-03] (LogMeIn, Inc.)
R2 RemotelyAnywhere; C:\Program Files\RemotelyAnywhere\x86\RemotelyAnywhere.exe [63064 2007-04-05] (LogMeIn, Inc.)
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [216640 2013-06-14] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [139840 2013-06-14] (Sophos Limited)
S3 smstsmgr; C:\WINDOWS\system32\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
R2 Sophos Agent; C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe [289856 2013-06-14] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [341800 2014-05-21] (Sophos Limited)
R3 Sophos Device Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe [601664 2013-07-05] (Sophos Limited)
R2 Sophos Message Router; C:\Program Files\Sophos\Remote Management System\RouterNT.exe [818240 2013-06-14] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-06-14] (Sophos Limited)
S2 swi_update; C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_update.exe [1459264 2013-06-14] (Sophos Limited)
R2 UPHClean; C:\Program Files\UPHClean\uphclean.exe [399872 2010-09-13] (Windows ® Codename Longhorn DDK provider) [File not signed]
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [557968 2013-06-19] (Cisco Systems, Inc.)
R2 vToolbarUpdater18.1.7; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1808408 2014-06-15] (AVG Secure Search)
S4 STacSV; c:\drivers\audio\r267815\payload\wdm\stacsv.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 Acceler; C:\WINDOWS\System32\DRIVERS\Accelern.sys [43888 2010-12-13] (ST Microelectronics)
S3 acsint; C:\WINDOWS\System32\DRIVERS\acsint.sys [39888 2013-06-19] (Cisco Systems, Inc.)
S3 acsmux; C:\WINDOWS\System32\DRIVERS\acsmux.sys [58320 2013-06-19] (Cisco Systems, Inc.)
R3 AESTAud; C:\WINDOWS\System32\drivers\AESTAud.sys [113664 2011-02-14] (Andrea Electronics Corporation)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 anvsnddrv; C:\WINDOWS\System32\drivers\anvsnddrv.sys [32896 2011-11-28] (AnvSoft Inc.) [File not signed]
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-06-15] (AVG Technologies)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [3360256 2011-01-17] (Broadcom Corporation)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [909864 2010-02-19] (Broadcom Corporation.)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [51752 2011-11-08] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 cvusbdrv; C:\WINDOWS\System32\Drivers\cvusbdrv.sys [33832 2011-12-21] (Broadcom Corporation)
S3 e1cexpress; C:\WINDOWS\System32\DRIVERS\e1c5132.sys [193704 2011-11-08] (Intel Corporation)
R3 e1kexpress; C:\WINDOWS\System32\DRIVERS\e1k5132.sys [168616 2011-12-21] (Intel Corporation)
S3 ialm; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [1754912 2010-04-25] (Intel Corporation) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation) [File not signed]
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [30880 2009-10-14] (Intel Corporation )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NETwNx32; C:\WINDOWS\System32\DRIVERS\NETwNx32.sys [7391744 2011-01-04] (Intel Corporation) [File not signed]
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [119528 2011-11-08] (NVIDIA Corporation)
S3 O2MDFRDR; C:\WINDOWS\System32\DRIVERS\O2MDFxp.sys [60192 2011-01-04] (O2Micro )
S3 O2SDJRDR; C:\WINDOWS\System32\DRIVERS\o2sdjxp.sys [63136 2011-01-04] (O2Micro )
S3 prepdrvr; C:\WINDOWS\system32\CCM\prepdrv.sys [20848 2009-09-18] (Microsoft Corporation)
R0 prot_2k; C:\WINDOWS\system32\Drivers\prot_2k.sys [223440 2011-06-14] (Check Point Software Tech Ltd)
R2 RAInfo; C:\Program Files\RemotelyAnywhere\x86\RaInfo.sys [12856 2008-01-23] (LogMeIn, Inc.)
R3 ramirr; C:\WINDOWS\System32\DRIVERS\ramirr.sys [10168 2007-04-17] (LogMeIn, Inc.)
R2 RARfsDriver; C:\WINDOWS\system32\drivers\RARfsDriver.sys [46000 2007-04-05] (LogMeIn, Inc.)
S2 risdpcie; C:\WINDOWS\System32\DRIVERS\risdpe86.sys [59904 2010-03-21] (REDC) [File not signed]
S3 RSPCIESTOR; C:\WINDOWS\System32\DRIVERS\RtsPStor.sys [232448 2010-08-12] (Realtek Semiconductor Corp.) [File not signed]
R1 SAVOnAccessControl; C:\WINDOWS\System32\DRIVERS\savonaccesscontrol.sys [155392 2013-06-14] (Sophos Limited)
R1 SAVOnAccessFilter; C:\WINDOWS\System32\DRIVERS\savonaccessfilter.sys [24832 2013-06-14] (Sophos Limited)
R3 sdcfilter; C:\WINDOWS\System32\DRIVERS\sdcfilter.sys [33696 2013-06-14] (Sophos Limited)
R1 SKMScan; C:\WINDOWS\System32\DRIVERS\skmscan.sys [31736 2013-06-14] (Sophos Plc)
R3 smsmdd; C:\WINDOWS\System32\DRIVERS\smsmdm.sys [12448 2008-10-20] (Microsoft Corporation)
S4 SophosBootDriver; C:\WINDOWS\System32\DRIVERS\SophosBootDriver.sys [14976 2013-06-14] (Sophos Plc)
R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [17648 2010-08-20] (ST Microelectronics)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1656499 2011-02-14] (IDT, Inc.)
S3 swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [28288 2009-01-14] ()
S3 SWNC8UA3; C:\WINDOWS\System32\DRIVERS\swnc8ua3.sys [190080 2009-03-31] (Sierra Wireless Inc.)
S3 SWUMXA3; C:\WINDOWS\System32\DRIVERS\swumxa3.sys [148096 2009-05-04] (Sierra Wireless Inc.)
R1 tcpipBM; C:\WINDOWS\system32\Drivers\tcpipBM.sys [24064 2009-12-04] (Bytemobile, Inc.) [File not signed]
S3 usbbus; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [12416 2007-08-23] (LG Electronics Inc.)
S3 UsbDiag; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [19840 2007-08-23] (LG Electronics Inc.)
S3 USBModem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [21632 2007-08-23] (LG Electronics Inc.)
U2 CertPropSvc; 
S1 DVMIO; \??\D:\Program Files\Dell\Reader 2.0\dvmio.sys [X]
S4 RARfsClientNP; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-19 12:26 - 2014-06-19 12:26 - 00040516 _____ () C:\Documents and Settings\k35496\Local Settings\Application Data\recently-used.xbel
2014-06-19 12:24 - 2014-06-19 12:24 - 00000000 ____D () C:\Documents and Settings\k35496\Local Settings\Application Data\fontconfig
2014-06-16 10:16 - 2014-06-16 10:16 - 00026489 _____ () C:\Documents and Settings\k35496\My Documents\Office Relocation Request Form Jun 16 2014.xlsx
2014-06-15 13:35 - 2014-06-19 18:18 - 00000000 ____D () C:\FRST
2014-06-15 13:33 - 2014-06-19 18:18 - 00001013 _____ () C:\Documents and Settings\k35496\Desktop\Shortcut to FRST (1).exe.lnk
2014-06-14 13:34 - 2014-06-15 15:16 - 00042784 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2014-06-14 13:33 - 2014-06-16 10:30 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-06-14 13:33 - 2014-06-14 13:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2014-06-14 13:31 - 2014-06-14 13:31 - 00000000 ____D () C:\Documents and Settings\k35496\Application Data\OpenCandy
2014-06-14 13:29 - 2014-06-14 13:30 - 31485368 _____ (Any-Video-Converter.com ) C:\Documents and Settings\k35496\Desktop\avc-free.exe
2014-06-14 12:44 - 2014-06-14 12:44 - 00000000 ____D () C:\Documents and Settings\k35496\My Documents\Any Video Converter Professional
2014-06-14 12:42 - 2014-06-14 12:42 - 34184288 _____ (Any-Video-Converter.com ) C:\Documents and Settings\k35496\Desktop\any-video-converter.exe
2014-06-10 20:03 - 2014-06-10 20:03 - 00000000 ____D () C:\Program Files\AviSynth 2.5
2014-06-10 20:03 - 2009-09-27 09:39 - 00415744 ___SH (The Public) C:\WINDOWS\system32\avisynth.dll
2014-06-10 20:03 - 2005-07-14 12:31 - 00032256 ___SH () C:\WINDOWS\system32\AVSredirect.dll
2014-06-10 20:03 - 2004-02-22 10:11 - 00764416 ___SH (Abysmal Software) C:\WINDOWS\system32\devil.dll
2014-06-10 20:03 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\system32\yv12vfw.dll
2014-06-10 20:03 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\system32\i420vfw.dll
2014-06-09 22:02 - 2014-06-09 22:02 - 00000000 ____D () C:\Documents and Settings\k35496\My Documents\eRightSoft
2014-06-09 21:57 - 2014-06-09 21:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPER © - by eRightSoft
2014-06-09 21:57 - 2014-02-13 14:21 - 00000493 __RSH () C:\WINDOWS\system32\LAVFilters.Dependencies.manifest
2014-06-09 21:57 - 2014-02-13 14:20 - 03057808 __RSH (FFmpeg Project) C:\WINDOWS\system32\avcodec-lav-55.dll
2014-06-09 21:57 - 2014-02-13 14:20 - 00539280 __RSH (FFmpeg Project) C:\WINDOWS\system32\avformat-lav-55.dll
2014-06-09 21:57 - 2014-02-13 14:20 - 00313520 __RSH (1f0.de - Hendrik Leppkes) C:\WINDOWS\system32\HLvideo.dll
2014-06-09 21:57 - 2014-02-13 14:20 - 00202384 __RSH (1f0.de - Hendrik Leppkes) C:\WINDOWS\system32\HLsplit.dll
2014-06-09 21:57 - 2014-02-13 14:20 - 00180368 __RSH (FFmpeg Project) C:\WINDOWS\system32\avutil-lav-52.dll
2014-06-09 21:57 - 2014-02-13 14:20 - 00152720 __RSH (Intel Corp.) C:\WINDOWS\system32\IntelQuickSyncDecoder.dll
2014-06-09 21:57 - 2014-02-13 14:20 - 00122512 __RSH (1f0.de - Hendrik Leppkes) C:\WINDOWS\system32\HLaudio.dll
2014-06-09 21:57 - 2014-02-13 14:20 - 00110224 __RSH () C:\WINDOWS\system32\libbluray.dll
2014-06-09 21:57 - 2014-02-13 14:20 - 00109200 __RSH (FFmpeg Project) C:\WINDOWS\system32\swscale-lav-2.dll
2014-06-09 21:57 - 2014-02-13 14:20 - 00098960 __RSH (FFmpeg Project) C:\WINDOWS\system32\avfilter-lav-3.dll
2014-06-09 21:57 - 2014-02-13 14:20 - 00059536 __RSH (FFmpeg Project) C:\WINDOWS\system32\avresample-lav-1.dll
2014-06-09 21:57 - 2012-10-05 19:54 - 00188416 __RSH () C:\WINDOWS\system32\winDCE32.dll
2014-06-09 21:57 - 2012-07-11 23:00 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Olepau32.ax
2014-06-09 21:57 - 2011-02-11 10:26 - 00112128 __RSH () C:\WINDOWS\system32\OptimFROG.dll
2014-06-09 21:57 - 2009-08-10 23:00 - 00352768 __RSH () C:\WINDOWS\system32\ac3DX.ax
2014-06-09 21:57 - 2005-02-22 17:55 - 00081920 __RSH () C:\WINDOWS\system32\aac_parser.ax
2014-06-09 21:57 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\WINDOWS\system32\drvc.dll
2014-06-09 21:57 - 2004-04-27 16:03 - 00017408 __RSH (RadLight) C:\WINDOWS\system32\RLOFRDec.ax
2014-06-09 21:56 - 2014-06-09 21:56 - 00000000 ____D () C:\Program Files\eRightSoft
2014-06-09 21:54 - 2014-06-09 21:54 - 00001809 _____ () C:\Documents and Settings\k35496\Desktop\Continue installation  - SUPER © Installation.lnk
2014-06-09 20:53 - 2014-06-09 21:38 - 67155686 _____ (eRightSoft ) C:\Documents and Settings\k35496\Desktop\SUPERsetup.exe
2014-06-05 02:19 - 2014-06-05 02:19 - 02956401 _____ () C:\Documents and Settings\k35496\My Documents\20140605_001228.mp4
2014-06-04 20:36 - 2014-06-04 20:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CDex
2014-06-04 20:35 - 2014-06-06 09:07 - 00000000 ____D () C:\Program Files\CDex
2014-06-04 20:35 - 2014-06-04 20:35 - 08697544 _____ (Georgy Berdyshev) C:\Documents and Settings\k35496\Desktop\CDex-win32-1.70-b4-2009.exe
2014-06-04 10:32 - 2014-06-04 10:32 - 41945432 _____ (Apple Inc.) C:\Documents and Settings\k35496\Desktop\QuickTimeInstaller.exe
2014-06-04 09:39 - 2006-09-25 17:58 - 00014640 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2014-06-04 09:38 - 2014-06-04 09:39 - 00111895 _____ () C:\WINDOWS\MSCompPackV1.log
2014-06-04 09:37 - 2014-06-04 09:38 - 00120850 _____ () C:\WINDOWS\wmp11.log
2014-06-04 09:36 - 2014-06-04 09:37 - 00131675 _____ () C:\WINDOWS\WMFDist11.log
2014-06-04 09:36 - 2014-06-04 09:36 - 00001553 _____ () C:\WINDOWS\Wudf01000Inst.log
2014-06-04 09:35 - 2014-06-04 09:35 - 25740256 _____ (Microsoft Corporation) C:\Documents and Settings\k35496\Desktop\wmp11-windowsxp-x86-enu.exe
2014-05-26 13:24 - 2014-05-26 13:24 - 00001239 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Illustrator CS3.lnk
2014-05-26 13:22 - 2014-05-26 13:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ALM
2014-05-26 13:20 - 2014-05-26 13:20 - 00000948 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Stock Photos CS3.lnk
2014-05-26 13:17 - 2014-05-26 13:17 - 00001106 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
2014-05-26 13:17 - 2014-05-26 13:17 - 00000917 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS3.lnk
2014-05-26 13:13 - 2014-05-26 13:13 - 00000824 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS3.lnk
 
==================== One Month Modified Files and Folders =======
 
2014-06-19 18:19 - 2013-06-17 12:36 - 00000000 ____D () C:\Documents and Settings\k35496\Local Settings\Temp
2014-06-19 18:18 - 2014-06-15 13:35 - 00000000 ____D () C:\FRST
2014-06-19 18:18 - 2014-06-15 13:33 - 00001013 _____ () C:\Documents and Settings\k35496\Desktop\Shortcut to FRST (1).exe.lnk
2014-06-19 18:17 - 2014-04-05 21:06 - 00000000 ____D () C:\Documents and Settings\k35496\Application Data\uTorrent
2014-06-19 18:00 - 2013-07-28 12:00 - 00001178 _____ () C:\WINDOWS\Tasks\Safe Saver-updater.job
2014-06-19 17:59 - 2013-07-28 11:59 - 00001876 _____ () C:\WINDOWS\Tasks\Safe Saver-chromeinstaller.job
2014-06-19 17:59 - 2013-07-28 11:59 - 00001182 _____ () C:\WINDOWS\Tasks\Safe Saver-codedownloader.job
2014-06-19 17:59 - 2013-07-28 11:59 - 00001082 _____ () C:\WINDOWS\Tasks\Safe Saver-enabler.job
2014-06-19 17:54 - 2010-09-09 14:26 - 05243071 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\OfflineVaultPH.log
2014-06-19 17:53 - 2014-03-27 16:08 - 00000000 ____D () C:\Documents and Settings\k35496\Application Data\DropboxMaster
2014-06-19 17:53 - 2013-07-28 11:31 - 00000000 ___RD () C:\Documents and Settings\k35496\My Documents\Dropbox
2014-06-19 17:53 - 2013-07-28 11:27 - 00000000 ____D () C:\Documents and Settings\k35496\Application Data\Dropbox
2014-06-19 17:53 - 2013-06-17 15:03 - 00000000 ____D () C:\Documents and Settings\k35496\Application Data\Skype
2014-06-19 17:51 - 2012-01-26 16:08 - 00212509 _____ () C:\WINDOWS\system32\nvModes.dat
2014-06-19 17:51 - 2012-01-26 16:08 - 00212509 _____ () C:\WINDOWS\system32\nvModes.001
2014-06-19 17:50 - 2008-04-25 16:28 - 01448904 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-19 17:49 - 2013-07-04 22:50 - 00000352 _____ () C:\WINDOWS\Tasks\EZLyrics Update.job
2014-06-19 17:49 - 2013-06-17 16:35 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-19 17:49 - 2008-04-25 11:16 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-19 17:48 - 2008-04-25 16:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-19 17:48 - 2008-04-25 04:25 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-06-19 17:48 - 2008-04-25 04:25 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-06-19 17:46 - 2014-01-25 21:42 - 03997696 _____ () C:\WINDOWS\system32\config\ACVPN.evt
2014-06-19 17:46 - 2013-06-17 12:36 - 00000178 ___SH () C:\Documents and Settings\k35496\ntuser.ini
2014-06-19 17:46 - 2013-06-14 14:53 - 00065536 _____ () C:\WINDOWS\system32\config\Pointsec.evt
2014-06-19 17:46 - 2008-04-25 16:32 - 00032572 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-19 17:45 - 2013-11-07 23:42 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-19 17:45 - 2013-07-12 21:21 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-06-19 17:45 - 2013-07-12 21:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-06-19 17:38 - 2013-07-04 22:54 - 00000000 ____D () C:\Documents and Settings\k35496\.gimp-2.8
2014-06-19 17:38 - 2013-06-17 16:35 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-19 17:26 - 2013-06-17 12:39 - 05243008 _____ () C:\Documents and Settings\k35496\Local Settings\Application Data\OfflineVaultPH.log
2014-06-19 12:26 - 2014-06-19 12:26 - 00040516 _____ () C:\Documents and Settings\k35496\Local Settings\Application Data\recently-used.xbel
2014-06-19 12:25 - 2013-06-17 08:33 - 00000000 ____D () C:\k35496
2014-06-19 12:20 - 2013-07-04 22:48 - 00000000 ____D () C:\Program Files\GIMP 2
2014-06-19 12:17 - 2013-07-06 23:25 - 00000742 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\GIMP 2.lnk
2014-06-19 11:16 - 2013-07-06 23:37 - 00000000 ____D () C:\Documents and Settings\k35496\Local Settings\Application Data\gtk-2.0
2014-06-19 11:15 - 2014-01-15 17:11 - 00000000 ____D () C:\Documents and Settings\k35496\.gimp-2.6
2014-06-19 11:12 - 2013-06-17 12:36 - 00000000 ____D () C:\Documents and Settings\k35496\Local Settings\Application Data\Adobe
2014-06-19 11:12 - 2010-09-09 07:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-06-19 11:00 - 2008-04-25 04:21 - 01650176 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-06-19 10:57 - 2013-06-14 14:51 - 00000000 ____D () C:\Program Files\RemotelyAnywhere
2014-06-19 10:48 - 2013-12-28 21:28 - 00000000 ____D () C:\Documents and Settings\k35496\Desktop\my stuff dec 28 2013
2014-06-19 10:36 - 2014-02-04 18:10 - 00000000 ____D () C:\Documents and Settings\k35496\Application Data\mIRC
2014-06-18 23:00 - 2013-06-14 15:07 - 00000530 _____ () C:\WINDOWS\Tasks\Nightly.job
2014-06-18 22:20 - 2014-02-04 18:10 - 00000000 ____D () C:\Program Files\mIRC
2014-06-18 18:31 - 2012-01-26 04:05 - 00000608 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2014-06-18 08:22 - 2013-08-01 18:27 - 00352857 _____ () C:\WINDOWS\setupapi.log
2014-06-16 10:30 - 2014-06-14 13:33 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-06-16 10:16 - 2014-06-16 10:16 - 00026489 _____ () C:\Documents and Settings\k35496\My Documents\Office Relocation Request Form Jun 16 2014.xlsx
2014-06-16 09:36 - 2013-08-01 16:55 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-06-15 15:16 - 2014-06-14 13:34 - 00042784 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2014-06-15 14:46 - 2013-06-17 12:36 - 00095512 _____ () C:\Documents and Settings\k35496\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-06-14 19:53 - 2013-07-04 22:48 - 00000000 ____D () C:\Documents and Settings\k35496\Local Settings\Application Data\AVG SafeGuard toolbar
2014-06-14 18:48 - 2014-03-25 08:51 - 00000000 ____D () C:\Documents and Settings\k35496\Desktop\Programs I use
2014-06-14 15:46 - 2014-04-13 14:49 - 15104184 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-06-14 15:46 - 2010-09-09 07:32 - 00065536 _____ () C:\WINDOWS\system32\config\ODiag.evt
2014-06-14 14:25 - 2013-08-24 19:21 - 00007680 _____ () C:\Documents and Settings\k35496\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-14 13:33 - 2014-06-14 13:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2014-06-14 13:33 - 2013-07-04 22:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
2014-06-14 13:31 - 2014-06-14 13:31 - 00000000 ____D () C:\Documents and Settings\k35496\Application Data\OpenCandy
2014-06-14 13:30 - 2014-06-14 13:29 - 31485368 _____ (Any-Video-Converter.com ) C:\Documents and Settings\k35496\Desktop\avc-free.exe
2014-06-14 12:44 - 2014-06-14 12:44 - 00000000 ____D () C:\Documents and Settings\k35496\My Documents\Any Video Converter Professional
2014-06-14 12:43 - 2013-07-20 19:37 - 00000000 ____D () C:\Program Files\AnvSoft
2014-06-14 12:43 - 2013-07-20 19:37 - 00000000 ____D () C:\Documents and Settings\k35496\Application Data\AnvSoft
2014-06-14 12:43 - 2013-07-20 19:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AnvSoft
2014-06-14 12:42 - 2014-06-14 12:42 - 34184288 _____ (Any-Video-Converter.com ) C:\Documents and Settings\k35496\Desktop\any-video-converter.exe
2014-06-14 12:38 - 2010-09-09 07:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-06-11 21:41 - 2013-06-17 16:42 - 00001819 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-06-10 20:03 - 2014-06-10 20:03 - 00000000 ____D () C:\Program Files\AviSynth 2.5
2014-06-09 22:02 - 2014-06-09 22:02 - 00000000 ____D () C:\Documents and Settings\k35496\My Documents\eRightSoft
2014-06-09 21:57 - 2014-06-09 21:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPER © - by eRightSoft
2014-06-09 21:56 - 2014-06-09 21:56 - 00000000 ____D () C:\Program Files\eRightSoft
2014-06-09 21:54 - 2014-06-09 21:54 - 00001809 _____ () C:\Documents and Settings\k35496\Desktop\Continue installation  - SUPER © Installation.lnk
2014-06-09 21:38 - 2014-06-09 20:53 - 67155686 _____ (eRightSoft ) C:\Documents and Settings\k35496\Desktop\SUPERsetup.exe
2014-06-08 10:29 - 2013-08-12 11:45 - 00000716 _____ () C:\WINDOWS\setupact.log
2014-06-06 09:07 - 2014-06-04 20:35 - 00000000 ____D () C:\Program Files\CDex
2014-06-05 13:25 - 2013-08-21 08:22 - 00000794 _____ () C:\Documents and Settings\k35496\Start Menu\Programs\Windows Media Player.lnk
2014-06-05 13:25 - 2013-08-21 08:22 - 00000788 _____ () C:\Documents and Settings\k35496\Desktop\Windows Media Player.lnk
2014-06-05 13:25 - 2013-08-01 16:26 - 00023906 _____ () C:\WINDOWS\wmsetup.log
2014-06-05 10:13 - 2013-06-17 12:36 - 00000000 ____D () C:\Documents and Settings\k35496\Application Data\Adobe
2014-06-05 02:19 - 2014-06-05 02:19 - 02956401 _____ () C:\Documents and Settings\k35496\My Documents\20140605_001228.mp4
2014-06-04 20:36 - 2014-06-04 20:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CDex
2014-06-04 20:36 - 2012-12-18 08:27 - 00000000 ____D () C:\Temp
2014-06-04 20:35 - 2014-06-04 20:35 - 08697544 _____ (Georgy Berdyshev) C:\Documents and Settings\k35496\Desktop\CDex-win32-1.70-b4-2009.exe
2014-06-04 10:44 - 2013-08-12 11:45 - 00055119 _____ () C:\WINDOWS\spupdsvc.log
2014-06-04 10:44 - 2008-04-25 16:29 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb
2014-06-04 10:44 - 2008-04-25 16:29 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb
2014-06-04 10:32 - 2014-06-04 10:32 - 41945432 _____ (Apple Inc.) C:\Documents and Settings\k35496\Desktop\QuickTimeInstaller.exe
2014-06-04 09:39 - 2014-06-04 09:38 - 00111895 _____ () C:\WINDOWS\MSCompPackV1.log
2014-06-04 09:38 - 2014-06-04 09:37 - 00120850 _____ () C:\WINDOWS\wmp11.log
2014-06-04 09:38 - 2013-08-12 11:44 - 00045292 _____ () C:\WINDOWS\updspapi.log
2014-06-04 09:38 - 2011-03-17 08:00 - 00000000 ____D () C:\Program Files\Windows Media Connect 2
2014-06-04 09:37 - 2014-06-04 09:36 - 00131675 _____ () C:\WINDOWS\WMFDist11.log
2014-06-04 09:36 - 2014-06-04 09:36 - 00001553 _____ () C:\WINDOWS\Wudf01000Inst.log
2014-06-04 09:35 - 2014-06-04 09:35 - 25740256 _____ (Microsoft Corporation) C:\Documents and Settings\k35496\Desktop\wmp11-windowsxp-x86-enu.exe
2014-06-03 12:41 - 2013-06-26 05:31 - 00003128 _____ () C:\WINDOWS\smartkeydiagnostics.txt
2014-06-02 20:52 - 2013-06-14 15:49 - 00000000 __SHD () C:\WINDOWS\CSC
2014-05-30 10:25 - 2013-06-17 09:28 - 00149504 ___SH () C:\Documents and Settings\k35496\Desktop\Thumbs.db
2014-05-27 18:25 - 2013-06-17 08:55 - 00000000 ____D () C:\Documents and Settings\k35496\My Documents\KCI Administrative docs
2014-05-27 17:48 - 2013-07-28 11:28 - 00000000 ____D () C:\Documents and Settings\k35496\Start Menu\Programs\Dropbox
2014-05-26 13:24 - 2014-05-26 13:24 - 00001239 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Illustrator CS3.lnk
2014-05-26 13:22 - 2014-05-26 13:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ALM
2014-05-26 13:22 - 2013-06-17 08:47 - 00000000 ____D () C:\Program Files\Adobe
2014-05-26 13:21 - 2013-06-17 08:47 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-26 13:20 - 2014-05-26 13:20 - 00000948 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Stock Photos CS3.lnk
2014-05-26 13:17 - 2014-05-26 13:17 - 00001106 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
2014-05-26 13:17 - 2014-05-26 13:17 - 00000917 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS3.lnk
2014-05-26 13:13 - 2014-05-26 13:13 - 00000824 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS3.lnk
2014-05-21 07:29 - 2013-06-14 15:06 - 00029992 _____ (Sophos Limited) C:\WINDOWS\system32\SophosBootTasks.exe
2014-05-20 10:44 - 2013-06-17 12:36 - 00000000 ____D () C:\Documents and Settings\k35496
 
Some content of TEMP:
====================
C:\Documents and Settings\k35496\Local Settings\Temp\ChangeIcon.exe
C:\Documents and Settings\k35496\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplujlv8.dll
C:\Documents and Settings\k35496\Local Settings\Temp\mirc732.exe
C:\Documents and Settings\k35496\Local Settings\Temp\oi_{A0A6EDFA-3113-4D2E-A38D-D76341AC58D6}.exe
C:\Documents and Settings\k35496\Local Settings\Temp\sam__2268_il515232.exe
C:\Documents and Settings\k35496\Local Settings\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,605 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:23 PM

Posted 20 June 2014 - 01:47 AM

Hi there,
Lets see if AdwCleaner will get all adware. Please post a report for cleaning so that we know what exactly it will clean. :)

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • When the scan is done click on Report. A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Stolen

Stolen
  • Topic Starter

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:23 PM

Posted 20 June 2014 - 10:51 AM

Hiya :)

 

Adware by Xplode log posted below. 

 

Computer running update:

 

On restart, it took 3 minutes from unlock for desktop processes to start appearing. Took 5 minutes for all to load. 

 

Opened Chrome, it crashed, then reopened, and it defaulted to AVG. I did go to Chrome:Settings:ManageSearchEngines and deleted all that appeared there except Google, so I think that will prevent the AVG from coming up again. I have no unusual extensions checked. 

 

Doubled checked AVG is not listed in Add/Remove Programs, then did a Search inside my OS for AVG and it found many different files, most appearing in a Temp folder but some are application data

 

Here is log. and THANK YOU :)

 

# AdwCleaner v3.212 - Report created 20/06/2014 at 10:15:11
# Updated 05/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : K35496 - USL2LX2RM1
# Running from : C:\Documents and Settings\k35496\Desktop\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\d
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311321154}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311321154}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN41686322752749428&ctid=CT3279415&UM=2
Deleted [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=AA070026B9E705DD&affID=119351&tsp=4957
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www2.nhk.or.jp/cgisearch/wbs/query.cgi?col=top&ct=&st=&ql=&charset=utf-8&qt={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Extension] : fjoijdanhaiflhibkljeklcghcmmfffh
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
 
[ File : C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [19642 octets] - [20/06/2014 10:01:46]
AdwCleaner[S0].txt - [7048 octets] - [20/06/2014 10:15:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7108 octets] ##########


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,605 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:23 PM

Posted 20 June 2014 - 11:59 AM

ADwcleaner found the AVG objects as well, so please rerun it and select the Clean option. Post the created log and restart afterwards. Let me know how things are running after that.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,605 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:23 PM

Posted 11 July 2014 - 01:47 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users