Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Possible ZA Infection [Solved]

Started by pystryker , Jan 20 2014 12:03 PM

This topic is locked

#1
pystryker

Posted 20 January 2014 - 12:03 PM

Trusted Helper

Malware Removal
3,912 posts

Ok, fellow helpers and students, get your giggles out of the way now, as I'll be speaking to myself in this thread.

OTL logfile created on: 1/20/2014 8:07:30 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 69.43% Memory free
4.83 Gb Paging File | 4.09 Gb Available in Paging File | 84.69% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.97 Gb Total Space | 115.84 Gb Free Space | 77.76% Space Free | Partition Type: NTFS
Drive E: | 7.59 Gb Total Space | 7.31 Gb Free Space | 96.39% Space Free | Partition Type: FAT32

Computer Name: PASTORSTUDY | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/19 16:23:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2014/01/02 18:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2013/12/30 15:19:43 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/11/15 17:41:18 | 000,249,856 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2011/10/18 08:01:24 | 002,678,784 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2011/09/09 16:01:16 | 001,804,648 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
PRC - [2011/09/09 15:49:30 | 000,643,944 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
PRC - [2009/02/04 20:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/03 05:18:54 | 000,335,872 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe

========== Modules (No Company Name) ==========

MOD - [2014/01/02 18:45:04 | 003,558,400 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/12/30 15:19:43 | 003,559,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/10/18 17:55:02 | 025,100,288 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Dropbox\bin\libcef.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2007/07/23 14:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll

========== Services (SafeList) ==========

SRV - [2013/12/30 15:19:43 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/11/15 17:41:18 | 000,249,856 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ckyykpsf.sys -- (ckyykpsf)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2014/01/19 02:29:14 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\xuyctkjm.sys -- (xuyctkjm)
DRV - [2013/04/04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008/07/15 22:03:18 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k)
DRV - [2008/07/15 21:40:58 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2007/07/23 14:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 14:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 14:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 14:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 14:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 14:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 14:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 14:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 13:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 13:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchr...om/?c=2644&t=01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://findgala.com/...q={searchTerms}
IE - HKCU\..\SearchScopes\{4E8A57D2-761C-4BE1-BF8E-57741640B371}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{5F549A18-9B56-42B9-A3AF-3C1664B64294}: "URL" = http://www.google.co...1I7ADFA_enUS468
IE - HKCU\..\SearchScopes\{645701DB-0A59-AE3F-8D62-BAA040AFB663}: "URL" = http://www.bing.com/...007&form=ZGAIDF
IE - HKCU\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/...=MSSEDF&pc=MSSE
IE - HKCU\..\SearchScopes\{CF01412E-D00C-4DF0-8C2E-6FFCB3A5F57D}: "URL" = http://search.yahoo....0120104,0,0,0,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20121044,6859,0,62,0"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: addon%40defaulttab.com:2.3
FF - prefs.js..extensions.enabledAddons: links%40rivalgaming.com:1.0.0
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.9.20130409112616
FF - prefs.js..extensions.enabledAddons: wwbmpstwrg%40wwbmpstwrg.org:2.9.2.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com...94&searchterm="
FF - prefs.js..keyword.URL: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\User\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/01/25 13:26:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2014/01/01 18:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\extensions
[2013/04/10 20:34:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/07/04 05:25:02 | 000,000,000 | ---D | M] (RivalGaming) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\extensions\[email protected]
[2013/12/28 21:53:30 | 000,050,916 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\extensions\[email protected]
[2013/02/25 08:56:21 | 000,021,487 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\extensions\[email protected]
[2013/07/15 18:08:22 | 000,005,341 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\extensions\[email protected]
[2014/01/20 08:04:47 | 000,001,977 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\searchplugins\search-here.xml
[2013/12/30 15:19:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/30 15:19:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: RivalGaming Addon (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\adhmhclafdhfabmmglbcngpddpdeijgd\npRivalGamingGC.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: RivalGaming = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\adhmhclafdhfabmmglbcngpddpdeijgd\
CHR - Extension: We-Care Reminder = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.15_0\
CHR - Extension: We-Care Reminder = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.15_0\.bak
CHR - Extension: Yontoo = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RivalGaming Games) - {26D675AC-D925-4bbf-A720-62C2AA4A81EB} - C:\Documents and Settings\User\Local Settings\Application Data\RivalGaming\RivalGaming.dll (RivalGaming)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACSTRAY] C:\WINACS\ACSTRAY.EXE ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HPWQTOOLBOX] C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O4 - HKCU..\Run: [eilxkjmh] regsvr32.exe /s "C:\Documents and Settings\All Users\Application Data\eilxkjmh.dat" File not found
O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [SFworks Update] C:\WINDOWS\System32\regsvr32.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1345479047437 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1242920394031 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{718D8461-4689-46E1-8962-59FB910AA6E6}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 15:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/20 08:04:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2014/01/13 14:33:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2014/01/13 14:22:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Administrative Tools
[2014/01/10 10:32:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2014/01/01 18:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\SFworks
[2013/12/30 15:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[61 C:\Documents and Settings\User\My Documents\*.tmp files -> C:\Documents and Settings\User\My Documents\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/20 07:31:04 | 000,000,088 | ---- | M] () -- C:\WINDOWS\System32\ddjf.sgk
[2014/01/19 20:40:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2014/01/19 18:50:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2014/01/19 16:23:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2014/01/19 14:00:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2014/01/19 10:10:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2014/01/19 02:29:13 | 000,061,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\2e4a26ea88a549bb.sys
[2014/01/19 02:26:20 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/01/15 22:58:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/15 22:58:37 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2014/01/15 22:58:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/15 22:58:17 | 3209,654,272 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/15 22:50:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/01/15 11:44:26 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Office Word 2003.lnk
[2014/01/14 09:23:43 | 000,000,000 | --S- | M] () -- C:\WINDOWS\System32\xrzwggj.egs
[2014/01/13 14:28:53 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2014/01/10 15:48:58 | 000,001,023 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Dropbox.lnk
[2014/01/10 15:48:25 | 000,001,005 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Dropbox.lnk
[2014/01/10 10:35:47 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/01/10 10:34:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/01/02 18:11:14 | 000,000,000 | --S- | M] () -- C:\WINDOWS\System32\ghabqew.nmu
[2013/12/31 15:17:57 | 000,028,672 | ---- | M] () -- C:\WINDOWS\System32\lbuld.vhy
[2013/12/31 15:17:57 | 000,000,097 | ---- | M] () -- C:\WINDOWS\System32\amxiufh.ibo
[2013/12/31 15:06:30 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\lmtk.qya
[2013/12/31 14:50:47 | 000,101,213 | --S- | M] () -- C:\WINDOWS\System32\hzlxz.hfu
[61 C:\Documents and Settings\User\My Documents\*.tmp files -> C:\Documents and Settings\User\My Documents\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/14 09:23:43 | 000,000,000 | --S- | C] () -- C:\WINDOWS\System32\xrzwggj.egs
[2014/01/14 09:14:13 | 3209,654,272 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/13 14:38:33 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/01/10 15:48:58 | 000,001,023 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Dropbox.lnk
[2014/01/02 18:11:14 | 000,000,000 | --S- | C] () -- C:\WINDOWS\System32\ghabqew.nmu
[2013/12/31 15:17:57 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\lbuld.vhy
[2013/12/31 15:06:52 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\ddjf.sgk
[2013/12/31 15:06:30 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\amxiufh.ibo
[2013/12/31 15:06:30 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\lmtk.qya
[2013/12/31 14:50:47 | 000,101,213 | --S- | C] () -- C:\WINDOWS\System32\hzlxz.hfu
[2013/10/22 08:52:00 | 000,000,614 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2013/09/15 18:34:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2013/09/15 18:34:42 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2013/09/15 18:34:41 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM11A.DAT
[2013/08/13 18:54:47 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\User\ntuser.pol
[2013/03/04 18:46:12 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/02/20 16:37:34 | 000,002,771 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\7865428.js
[2013/02/20 16:37:33 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\7865428.pad
[2012/12/19 16:26:05 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\User\Application Data\mbam.context.scan
[2012/12/19 15:52:16 | 000,061,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\2e4a26ea88a549bb.sys
[2012/12/19 15:51:33 | 000,016,002 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2012/12/19 15:51:33 | 000,016,002 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2012/11/06 18:25:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\scrub2k.exe
[2012/11/06 18:25:08 | 000,000,397 | ---- | C] () -- C:\WINDOWS\hpw9800k.ini
[2012/11/06 18:24:22 | 000,000,092 | ---- | C] () -- C:\WINDOWS\hpdj9800.ini
[2012/11/06 18:24:18 | 000,001,487 | ---- | C] () -- C:\WINDOWS\mariner.ini
[2012/11/03 19:56:34 | 000,333,456 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3998656779-3110518549-2724662597-1005-0.dat
[2012/11/03 19:56:34 | 000,268,494 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/07/09 09:54:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/15 18:34:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

========== ZeroAccess Check ==========

[2010/12/09 09:15:09 | 000,002,048 | -HS- | M] () -- C:\WINDOWS\Installer\{d162c655-94d1-f359-bd28-5b52e8eb0cb6}\@
[2010/12/09 09:15:09 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{d162c655-94d1-f359-bd28-5b52e8eb0cb6}\L
[2012/11/08 14:56:07 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{d162c655-94d1-f359-bd28-5b52e8eb0cb6}\U
[2012/11/08 14:56:07 | 000,000,928 | ---- | M] () -- C:\WINDOWS\Installer\{d162c655-94d1-f359-bd28-5b52e8eb0cb6}\U\00000001.@
[2012/12/19 17:46:25 | 000,002,048 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\{d162c655-94d1-f359-bd28-5b52e8eb0cb6}\@
[2010/12/09 09:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\User\Local Settings\Application Data\{d162c655-94d1-f359-bd28-5b52e8eb0cb6}\L
[2010/12/09 09:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\User\Local Settings\Application Data\{d162c655-94d1-f359-bd28-5b52e8eb0cb6}\U
[2008/04/25 15:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"" = SHELL32.dll -- [2011/01/21 08:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/03/02 17:04:03 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = wbemess.dll -- [2008/04/14 06:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/04/04 14:40:07 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\AALPVS
[2009/05/22 13:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACSTechnologies
[2012/04/04 14:40:12 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\d7eb7b
[2010/12/28 11:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gEdIi08200
[2014/01/20 08:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2014/01/13 15:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2009/05/22 13:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ACSTechnologies
[2012/04/04 14:41:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\User\Application Data\Advanced Antispyware Solution
[2013/11/08 09:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DefaultTab
[2014/01/20 01:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Dropbox
[2009/05/13 21:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search
[2009/05/21 09:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Search

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 514 bytes -> C:\WINDOWS\System32\drivers\gtdfkgza.sys:changelist
@Alternate Data Stream - 1488 bytes -> C:\WINDOWS\System32\drivers\xuyctkjm.sys:changelist

< End of report >

OTL Extras logfile created on: 1/20/2014 8:07:30 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 69.43% Memory free
4.83 Gb Paging File | 4.09 Gb Available in Paging File | 84.69% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.97 Gb Total Space | 115.84 Gb Free Space | 77.76% Space Free | Partition Type: NTFS
Drive E: | 7.59 Gb Total Space | 7.31 Gb Free Space | 96.39% Space Free | Partition Type: FAT32

Computer Name: PASTORSTUDY | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669B49D6-BCA8-4F7C-9248-CE5677750285}" = HP Officejet Pro 8600 Product Improvement Study
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7171B206-5C5A-4B7F-B9E1-1F1827FC769F}" = HL-5470DW
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BB045C3-D5E4-4620-B536-DC11AACD5942}" = Broadcom Management Programs
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C55C629-6C4F-48A9-8840-C897DF6187ED}" = HP Officejet Pro 8600 Basic Device Software
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Help
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE33EC58-5DFB-4560-9D33-1E7942E0554F}" = HP Deskjet 9800
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"HDMI" = Intel® Graphics Media Accelerator Driver
"hp Deskjet 9800 series" = HP Deskjet 9800 Series
"ie8" = Windows Internet Explorer 8
"LAN-Fax Utilities" = LAN-Fax Utilities
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/13/2014 6:12:05 PM | Computer Name = PASTORSTUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/13/2014 6:12:05 PM | Computer Name = PASTORSTUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/13/2014 6:12:05 PM | Computer Name = PASTORSTUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/13/2014 6:12:05 PM | Computer Name = PASTORSTUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/13/2014 6:12:11 PM | Computer Name = PASTORSTUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/13/2014 6:12:11 PM | Computer Name = PASTORSTUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/13/2014 6:12:11 PM | Computer Name = PASTORSTUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/13/2014 6:13:39 PM | Computer Name = PASTORSTUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/13/2014 6:25:28 PM | Computer Name = PASTORSTUDY | Source = Microsoft Security Client | ID = 5000
Description =

Error - 1/14/2014 11:27:24 AM | Computer Name = PASTORSTUDY | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module urlmon.dll, version 8.0.6001.18702, fault address 0x00026ff0.

[ Application Events ]
Error - 1/13/2014 6:12:05 PM | Computer Name = PASTORSTUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/13/2014 6:12:05 PM | Computer Name = PASTORSTUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/13/2014 6:12:05 PM | Computer Name = PASTORSTUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/13/2014 6:12:05 PM | Computer Name = PASTORSTUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/13/2014 6:12:11 PM | Computer Name = PASTORSTUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/13/2014 6:12:11 PM | Computer Name = PASTORSTUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/13/2014 6:12:11 PM | Computer Name = PASTORSTUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/13/2014 6:13:39 PM | Computer Name = PASTORSTUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/13/2014 6:25:28 PM | Computer Name = PASTORSTUDY | Source = Microsoft Security Client | ID = 5000
Description =

Error - 1/14/2014 11:27:24 AM | Computer Name = PASTORSTUDY | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module urlmon.dll, version 8.0.6001.18702, fault address 0x00026ff0.

[ Application Events ]
Error - 1/13/2014 6:12:05 PM | Computer Name = PASTORSTUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/13/2014 6:12:05 PM | Computer Name = PASTORSTUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/13/2014 6:12:05 PM | Computer Name = PASTORSTUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/13/2014 6:12:05 PM | Computer Name = PASTORSTUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/13/2014 6:12:11 PM | Computer Name = PASTORSTUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/13/2014 6:12:11 PM | Computer Name = PASTORSTUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/13/2014 6:12:11 PM | Computer Name = PASTORSTUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/13/2014 6:13:39 PM | Computer Name = PASTORSTUDY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 1/13/2014 6:25:28 PM | Computer Name = PASTORSTUDY | Source = Microsoft Security Client | ID = 5000
Description =

Error - 1/14/2014 11:27:24 AM | Computer Name = PASTORSTUDY | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module urlmon.dll, version 8.0.6001.18702, fault address 0x00026ff0.

[ System Events ]
Error - 1/16/2014 12:59:53 AM | Computer Name = PASTORSTUDY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MpFilter

Error - 1/16/2014 1:08:28 AM | Computer Name = PASTORSTUDY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.165.1783.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 1/17/2014 1:08:26 AM | Computer Name = PASTORSTUDY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.165.1783.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 1/17/2014 1:08:27 AM | Computer Name = PASTORSTUDY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.165.1783.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 1/18/2014 1:08:26 AM | Computer Name = PASTORSTUDY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.165.1783.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 1/18/2014 1:08:27 AM | Computer Name = PASTORSTUDY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.165.1783.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 1/19/2014 1:08:26 AM | Computer Name = PASTORSTUDY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.165.1783.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 1/19/2014 1:08:27 AM | Computer Name = PASTORSTUDY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.165.1783.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 1/19/2014 4:26:21 AM | Computer Name = PASTORSTUDY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.165.1783.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 1/20/2014 1:08:26 AM | Computer Name = PASTORSTUDY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.165.1783.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

[ System Events ]
Error - 1/16/2014 12:59:53 AM | Computer Name = PASTORSTUDY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MpFilter

Error - 1/16/2014 1:08:28 AM | Computer Name = PASTORSTUDY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.165.1783.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 1/17/2014 1:08:26 AM | Computer Name = PASTORSTUDY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.165.1783.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 1/17/2014 1:08:27 AM | Computer Name = PASTORSTUDY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.165.1783.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 1/18/2014 1:08:26 AM | Computer Name = PASTORSTUDY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.165.1783.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 1/18/2014 1:08:27 AM | Computer Name = PASTORSTUDY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.165.1783.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 1/19/2014 1:08:26 AM | Computer Name = PASTORSTUDY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.165.1783.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 1/19/2014 1:08:27 AM | Computer Name = PASTORSTUDY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.165.1783.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 1/19/2014 4:26:21 AM | Computer Name = PASTORSTUDY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.165.1783.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 1/20/2014 1:08:26 AM | Computer Name = PASTORSTUDY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.165.1783.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

< End of report >

#2
pystryker

Posted 20 January 2014 - 12:05 PM

Trusted Helper

Topic Starter
Malware Removal
3,912 posts

To anyone viewing this topic, I'll be working on this one as it belongs to my pastor.

#3
godawgs

Posted 20 January 2014 - 04:09 PM

Teacher

Retired Staff
8,228 posts

Please disregard. :blush:

#4
pystryker

Posted 20 January 2014 - 04:37 PM

Trusted Helper

Topic Starter
Malware Removal
3,912 posts

Hey godawgs

I'm working on this one as both the victim and helper this time. :-)
I have a thread going in cmf. Essexboy also thinks something newer and worse may be on this one along with ZA.

#5
godawgs

Posted 20 January 2014 - 04:46 PM

Teacher

Retired Staff
8,228 posts

I'm sorry. I didn't realize that. Please disregard my post and continue with Martin. Hope everything gets resolved.

#6
pystryker

Posted 20 January 2014 - 04:48 PM

Trusted Helper

Topic Starter
Malware Removal
3,912 posts

I'm sorry. I didn't realize that. Please disregard my post and continue with Martin. Hope everything gets resolved.

No worries, thanks for looking out for me.

#7
pystryker

Posted 22 January 2014 - 06:56 PM

Trusted Helper

Topic Starter
Malware Removal
3,912 posts

I'm only able to post the ComboFix Log at this time. The machine is in a startup and shutdown loop and I couldn't get to the MBAR logs. Which did find 6 infections. The machine doesn't stay on long enough to get to the logs.

ComboFix 14-01-16.03 - User 01/20/2014 15:54:10.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.2757 [GMT -6:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Advanced Antispyware Solution *Enabled/Updated* {40D2020A-A364-49FE-8A3B-B71F3CE24C98}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Advanced Antispyware Solution *Enabled* {660B1FD7-1146-44E4-8329-350027D33AEC}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\m8bb80cbic8j7xrsqt_o\us_sres.data
c:\documents and settings\All Users\Application Data\7865428.js
c:\documents and settings\All Users\Application Data\7865428.pad
c:\documents and settings\All Users\Application Data\d7eb7b
c:\documents and settings\All Users\Application Data\d7eb7b\7643.mof
c:\documents and settings\All Users\Application Data\d7eb7b\AAS.ico
c:\documents and settings\User\Application Data\Advanced Antispyware Solution
c:\documents and settings\User\Application Data\Advanced Antispyware Solution\Instructions.ini
c:\documents and settings\User\Local Settings\Application Data\RivalGaming\RiVAlgaming.dll
c:\documents and settings\User\My Documents\~WRL0006.tmp
c:\documents and settings\User\My Documents\~WRL0196.tmp
c:\documents and settings\User\My Documents\~WRL0329.tmp
c:\documents and settings\User\My Documents\~WRL0395.tmp
c:\documents and settings\User\My Documents\~WRL0456.tmp
c:\documents and settings\User\My Documents\~WRL0457.tmp
c:\documents and settings\User\My Documents\~WRL0550.tmp
c:\documents and settings\User\My Documents\~WRL0612.tmp
c:\documents and settings\User\My Documents\~WRL0615.tmp
c:\documents and settings\User\My Documents\~WRL0682.tmp
c:\documents and settings\User\My Documents\~WRL0754.tmp
c:\documents and settings\User\My Documents\~WRL0973.tmp
c:\documents and settings\User\My Documents\~WRL0975.tmp
c:\documents and settings\User\My Documents\~WRL0977.tmp
c:\documents and settings\User\My Documents\~WRL0998.tmp
c:\documents and settings\User\My Documents\~WRL1069.tmp
c:\documents and settings\User\My Documents\~WRL1131.tmp
c:\documents and settings\User\My Documents\~WRL1313.tmp
c:\documents and settings\User\My Documents\~WRL1331.tmp
c:\documents and settings\User\My Documents\~WRL1455.tmp
c:\documents and settings\User\My Documents\~WRL1502.tmp
c:\documents and settings\User\My Documents\~WRL1512.tmp
c:\documents and settings\User\My Documents\~WRL1513.tmp
c:\documents and settings\User\My Documents\~WRL1552.tmp
c:\documents and settings\User\My Documents\~WRL1683.tmp
c:\documents and settings\User\My Documents\~WRL1691.tmp
c:\documents and settings\User\My Documents\~WRL1717.tmp
c:\documents and settings\User\My Documents\~WRL1772.tmp
c:\documents and settings\User\My Documents\~WRL1858.tmp
c:\documents and settings\User\My Documents\~WRL1888.tmp
c:\documents and settings\User\My Documents\~WRL1922.tmp
c:\documents and settings\User\My Documents\~WRL2021.tmp
c:\documents and settings\User\My Documents\~WRL2098.tmp
c:\documents and settings\User\My Documents\~WRL2127.tmp
c:\documents and settings\User\My Documents\~WRL2163.tmp
c:\documents and settings\User\My Documents\~WRL2193.tmp
c:\documents and settings\User\My Documents\~WRL2382.tmp
c:\documents and settings\User\My Documents\~WRL2417.tmp
c:\documents and settings\User\My Documents\~WRL2479.tmp
c:\documents and settings\User\My Documents\~WRL2571.tmp
c:\documents and settings\User\My Documents\~WRL2928.tmp
c:\documents and settings\User\My Documents\~WRL2938.tmp
c:\documents and settings\User\My Documents\~WRL2972.tmp
c:\documents and settings\User\My Documents\~WRL3103.tmp
c:\documents and settings\User\My Documents\~WRL3255.tmp
c:\documents and settings\User\My Documents\~WRL3299.tmp
c:\documents and settings\User\My Documents\~WRL3386.tmp
c:\documents and settings\User\My Documents\~WRL3411.tmp
c:\documents and settings\User\My Documents\~WRL3596.tmp
c:\documents and settings\User\My Documents\~WRL3675.tmp
c:\documents and settings\User\My Documents\~WRL3679.tmp
c:\documents and settings\User\My Documents\~WRL3693.tmp
c:\documents and settings\User\My Documents\~WRL3728.tmp
c:\documents and settings\User\My Documents\~WRL3783.tmp
c:\documents and settings\User\My Documents\~WRL3878.tmp
c:\documents and settings\User\My Documents\~WRL3914.tmp
c:\documents and settings\User\My Documents\~WRL3921.tmp
c:\documents and settings\User\My Documents\~WRL4006.tmp
c:\documents and settings\User\My Documents\~WRL4010.tmp
c:\documents and settings\User\My Documents\~WRL4059.tmp
c:\documents and settings\User\My Documents\~WRL4096.tmp
c:\documents and settings\User\Recent\ANTIGEN.dll
c:\documents and settings\User\Recent\cb.drv
c:\documents and settings\User\Recent\cb.exe
c:\documents and settings\User\Recent\cid.exe
c:\documents and settings\User\Recent\CLSV.drv
c:\documents and settings\User\Recent\ddv.sys
c:\documents and settings\User\Recent\fan.sys
c:\documents and settings\User\Recent\fix.dll
c:\documents and settings\User\Recent\fix.exe
c:\documents and settings\User\Recent\fix.tmp
c:\documents and settings\User\Recent\FS.exe
c:\documents and settings\User\Recent\kernel32.exe
c:\documents and settings\User\Recent\PE.sys
c:\documents and settings\User\Recent\PE.tmp
c:\documents and settings\User\Recent\SICKBOY.exe
c:\documents and settings\User\Recent\tjd.tmp
c:\documents and settings\User\WINDOWS
c:\windows\dasetup.log
c:\windows\system32\config\systemprofile\Application Data\ssecurity.exe
c:\windows\system32\config\systemprofile\Application Data\wincreen.jpg
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\SET102.tmp
c:\windows\system32\SET106.tmp
c:\windows\system32\SET10E.tmp
c:\windows\wininit.ini
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DEFAULTTABSEARCH
-------\Legacy_SYSHOST32
.
.
((((((((((((((((((((((((( Files Created from 2013-12-22 to 2014-01-22 )))))))))))))))))))))))))))))))
.
.
2014-01-22 23:26 . 2014-01-22 23:26 40392 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD62870F-73E8-4EF4-BE9B-179700EEFFB3}\MpKsl7011a1a6.sys
2014-01-20 21:16 . 2014-01-20 21:16 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2014-01-20 19:12 . 2014-01-20 19:12 -------- d-----w- c:\program files\AzTools
2014-01-20 05:08 . 2013-12-16 07:54 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD62870F-73E8-4EF4-BE9B-179700EEFFB3}\mpengine.dll
2014-01-13 21:00 . 2013-12-16 07:54 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-13 20:33 . 2014-01-13 20:38 -------- d-----w- c:\windows\system32\MpEngineStore
2014-01-10 16:32 . 2014-01-10 16:33 -------- dc-h--w- c:\windows\ie8
2014-01-02 00:09 . 2014-01-12 00:32 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\SFworks
2013-12-31 21:33 . 2013-12-31 21:33 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-02-09 . 2ECBAFB14034C9FAF695A931F78EEF5B . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . EE0817C3D4CB472391B485E707CCCD85 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-07-16 1044480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-19 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-19 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-19 141848]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ACSTRAY"="c:\winacs\ACSTRAY.EXE" [2008-04-08 1475072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-08-14 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"HPWQTOOLBOX"="c:\program files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe" [2005-06-03 335872]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2011-10-18 2678784]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\User\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [5/14/2009 12:35 AM 24064]
R1 MpKsl7011a1a6;MpKsl7011a1a6;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD62870F-73E8-4EF4-BE9B-179700EEFFB3}\MpKsl7011a1a6.sys [1/22/2014 5:26 PM 40392]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/19/2012 5:53 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/28/2010 11:29 AM 701512]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [9/15/2013 6:34 PM 249856]
R3 k57w2k;Broadcom NetLink ™ Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [5/14/2009 12:35 AM 176640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/28/2010 11:29 AM 22856]
S1 ckyykpsf;ckyykpsf;\??\c:\windows\system32\drivers\ckyykpsf.sys --> c:\windows\system32\drivers\ckyykpsf.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL7011A1A6
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-20 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 21:53]
.
2014-01-20 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 21:53]
.
2014-01-20 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 21:53]
.
2014-01-19 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 21:53]
.
2014-01-22 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 21:01]
.
2014-01-22 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mysearchresults.com/?c=2644&t=01
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/
FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKCU-Run-DW7 - c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe
HKCU-Run-SFworks Update - c:\documents and settings\User\Local Settings\Application Data\SFworks\stmhudpxjazngw.dll
HKCU-Run-eilxkjmh - c:\documents and settings\All Users\Application Data\eilxkjmh.dat
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-22 17:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3516)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\igfxsrvc.exe
c:\documents and settings\User\Application Data\Dropbox\bin\Dropbox.exe
c:\program files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
c:\windows\system32\SearchProtocolHost.exe
c:\program files\Common Files\InstallShield\UpdateService\agent.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2014-01-22 17:36:48 - machine was rebooted
ComboFix-quarantined-files.txt 2014-01-22 23:36
.
Pre-Run: 127,338,962,944 bytes free
Post-Run: 135,251,759,104 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0BD0C29E19DE3F62DE9D4A117C39E8F6
CDB4DE4BBD714F152979DA2DCBEF57EB

#8
pystryker

Posted 26 January 2014 - 05:40 PM

Trusted Helper

Topic Starter
Malware Removal
3,912 posts

Success! Finally able to get a FRST log after using Reatogo PE.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2014 04
Ran by SYSTEM on REATOGO on 26-01-2014 17:25:28
Running from B:\Documents and Settings\Default User\Desktop
Microsoft Windows XP (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2008-07-15] (Analog Devices, Inc.)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [148888 2009-03-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [ACSTRAY] - C:\WINACS\ACSTRAY.EXE [1475072 2008-04-08] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2012-08-14] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [HPWQTOOLBOX] - C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe [335872 2005-06-03] (Hewlett-Packard Company)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2678784 2011-10-18] (Brother Industries, Ltd.)
HKLM\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\Administrator\...\Run: [ISUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [ 2006-09-11] (Macrovision Corporation)
HKU\Default User\...\Run: [ISUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [ 2006-09-11] (Macrovision Corporation)
HKU\User\...\Run: [ISUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [ 2006-09-11] (Macrovision Corporation)
HKU\User\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [ 2011-09-09] (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> B:\Documents and Settings\Default User\Application Data\Dropbox\bin\Dropbox.exe (No File)

========================== Services (Whitelisted) =================

S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [249856 2011-11-15] (Brother Industries, Ltd.)
S2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-03-09] (Sun Microsystems, Inc.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S2 DLABMFSM; C:\Windows\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)
S2 DLABOIOM; C:\Windows\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)
S2 DLADResM; C:\Windows\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)
S2 DLAIFS_M; C:\Windows\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)
S2 DLAOPIOM; C:\Windows\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)
S2 DLAPoolM; C:\Windows\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)
S2 DLAUDFAM; C:\Windows\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)
S2 DLAUDF_M; C:\Windows\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)
S3 k57w2k; C:\Windows\System32\DRIVERS\k57xp32.sys [176640 2008-07-15] (Broadcom Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S0 SFAUDIO; C:\Windows\System32\drivers\sfaudio.sys [24064 2008-07-15] (Sonic Focus, Inc)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 ckyykpsf; \??\C:\WINDOWS\system32\drivers\ckyykpsf.sys [x]
S1 MpKsl8c30adc4; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF939C90-7D16-4C1E-89D3-FB4098570A56}\MpKsl8c30adc4.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-26 17:25 - 2014-01-26 17:25 - 00000000 ____D C:\FRST
2014-01-25 12:27 - 2014-01-25 12:27 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\PCHealth
2014-01-25 12:15 - 2014-01-25 12:15 - 00000000 __HDC C:\Windows\$NtUninstallKB2868626$
2014-01-25 12:10 - 2014-01-25 12:10 - 00000000 __HDC C:\Windows\$NtUninstallKB2712808$
2014-01-25 12:04 - 2014-01-25 12:04 - 00137781 _____ C:\Windows\KB2834886.log
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2834886$
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2758857$
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2691442$
2014-01-25 12:02 - 2014-01-25 12:02 - 00137129 _____ C:\Windows\KB2900986.log
2014-01-25 12:02 - 2014-01-25 12:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2900986$
2014-01-25 11:59 - 2014-01-25 11:59 - 00000000 __HDC C:\Windows\$NtUninstallKB2847311$
2014-01-25 11:54 - 2014-01-25 11:54 - 00139715 _____ C:\Windows\KB2898785-IE8.log
2014-01-25 11:54 - 2014-01-25 11:54 - 00000000 __HDC C:\Windows\$NtUninstallKB2802968$
2014-01-25 11:54 - 2014-01-25 11:54 - 00000000 __HDC C:\Windows\$NtUninstallKB2655992$
2014-01-25 11:53 - 2014-01-25 11:53 - 00131354 _____ C:\Windows\KB2862335.log
2014-01-25 11:53 - 2014-01-25 11:53 - 00000000 __HDC C:\Windows\$NtUninstallKB2898715$
2014-01-25 11:53 - 2014-01-25 11:53 - 00000000 __HDC C:\Windows\$NtUninstallKB2862335$
2014-01-25 11:52 - 2014-01-25 11:52 - 00128905 _____ C:\Windows\KB2834904-v2.log
2014-01-25 11:52 - 2014-01-25 11:52 - 00000000 __HDC C:\Windows\$NtUninstallKB2834904-v2_WM11$
2014-01-25 11:52 - 2014-01-25 11:52 - 00000000 __HDC C:\Windows\$NtUninstallKB2780091$
2014-01-25 11:50 - 2014-01-25 11:50 - 00130889 _____ C:\Windows\KB2904266.log
2014-01-25 11:50 - 2014-01-25 11:50 - 00000000 __HDC C:\Windows\$NtUninstallKB2904266$
2014-01-25 11:50 - 2014-01-25 11:50 - 00000000 __HDC C:\Windows\$NtUninstallKB2876217$
2014-01-25 11:50 - 2014-01-25 11:50 - 00000000 __HDC C:\Windows\$NtUninstallKB2845187$
2014-01-25 11:47 - 2014-01-25 11:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2864063$
2014-01-25 11:46 - 2014-01-25 11:46 - 00000000 __HDC C:\Windows\$NtUninstallKB2719985$
2014-01-25 11:45 - 2014-01-25 11:45 - 00000000 __HDC C:\Windows\$NtUninstallKB2862152$
2014-01-25 11:45 - 2014-01-25 11:45 - 00000000 __HDC C:\Windows\$NtUninstallKB2850869$
2014-01-25 11:45 - 2014-01-25 11:45 - 00000000 __HDC C:\Windows\$NtUninstallKB2770660$
2014-01-25 11:43 - 2014-01-25 11:43 - 00000000 __HDC C:\Windows\$NtUninstallKB2876331$
2014-01-25 11:42 - 2014-01-25 11:42 - 00013024 _____ C:\Windows\KB2807986.log
2014-01-25 11:42 - 2014-01-25 11:42 - 00000000 __HDC C:\Windows\$NtUninstallKB2893294$
2014-01-25 11:42 - 2014-01-25 11:42 - 00000000 __HDC C:\Windows\$NtUninstallKB2859537$
2014-01-25 11:42 - 2014-01-25 11:42 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$
2014-01-25 11:42 - 2014-01-25 11:42 - 00000000 __HDC C:\Windows\$NtUninstallKB2807986$
2014-01-25 11:42 - 2014-01-25 11:42 - 00000000 __HDC C:\Windows\$NtUninstallKB2757638$
2014-01-25 11:40 - 2014-01-25 11:40 - 00011402 _____ C:\Windows\KB2698365.log
2014-01-25 11:40 - 2014-01-25 11:40 - 00000000 __HDC C:\Windows\$NtUninstallKB2893984$
2014-01-25 11:40 - 2014-01-25 11:40 - 00000000 __HDC C:\Windows\$NtUninstallKB2892075$
2014-01-25 11:40 - 2014-01-25 11:40 - 00000000 __HDC C:\Windows\$NtUninstallKB2749655$
2014-01-25 11:40 - 2014-01-25 11:40 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
2014-01-25 11:40 - 2014-01-25 11:40 - 00000000 __HDC C:\Windows\$NtUninstallKB2705219-v2$
2014-01-25 11:40 - 2014-01-25 11:40 - 00000000 __HDC C:\Windows\$NtUninstallKB2698365$
2014-01-25 11:39 - 2014-01-25 11:39 - 00009097 _____ C:\Windows\KB2723135-v2.log
2014-01-25 11:39 - 2014-01-25 11:39 - 00000000 __HDC C:\Windows\$NtUninstallKB2862330$
2014-01-25 11:39 - 2014-01-25 11:39 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$
2014-01-25 11:39 - 2014-01-25 11:39 - 00000000 __HDC C:\Windows\$NtUninstallKB2723135-v2$
2014-01-25 11:30 - 2014-01-25 11:30 - 00000000 ____D C:\Windows\System32\MRT
2014-01-25 11:24 - 2014-01-25 11:24 - 00000000 __HDC C:\Windows\$NtUninstallKB2914368$
2014-01-25 11:23 - 2014-01-25 11:24 - 00007084 _____ C:\Windows\KB2914368.log
2014-01-22 19:07 - 2014-01-25 12:15 - 00146046 _____ C:\Windows\KB2868626.log
2014-01-22 19:07 - 2014-01-25 12:10 - 00147544 _____ C:\Windows\KB2712808.log
2014-01-22 19:05 - 2014-01-25 12:04 - 00148087 _____ C:\Windows\KB2691442.log
2014-01-22 19:05 - 2014-01-25 12:04 - 00147189 _____ C:\Windows\KB2758857.log
2014-01-22 19:04 - 2014-01-25 11:59 - 00143852 _____ C:\Windows\KB2847311.log
2014-01-22 19:04 - 2014-01-25 11:54 - 00145673 _____ C:\Windows\KB2655992.log
2014-01-22 19:04 - 2014-01-25 11:54 - 00144995 _____ C:\Windows\KB2802968.log
2014-01-22 19:03 - 2014-01-25 11:53 - 00138223 _____ C:\Windows\KB2898715.log
2014-01-22 19:03 - 2014-01-25 11:52 - 00139421 _____ C:\Windows\KB2780091.log
2014-01-22 19:03 - 2013-07-02 21:12 - 00025088 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hidparse.sys
2014-01-22 19:03 - 2013-07-02 21:12 - 00025088 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hidparse.sys
2014-01-22 19:03 - 2013-07-02 20:59 - 00014976 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbscan.sys
2014-01-22 19:03 - 2013-07-02 20:59 - 00014976 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbscan.sys
2014-01-22 19:02 - 2014-01-25 11:50 - 00137227 _____ C:\Windows\KB2876217.log
2014-01-22 19:02 - 2014-01-25 11:50 - 00136914 _____ C:\Windows\KB2845187.log
2014-01-22 19:01 - 2014-01-25 11:47 - 00136408 _____ C:\Windows\KB2864063.log
2014-01-22 19:00 - 2014-01-25 11:46 - 00020497 _____ C:\Windows\KB2719985.log
2014-01-22 19:00 - 2014-01-25 11:45 - 00017595 _____ C:\Windows\KB2862152.log
2014-01-22 19:00 - 2014-01-25 11:45 - 00016767 _____ C:\Windows\KB2850869.log
2014-01-22 19:00 - 2014-01-25 11:43 - 00017072 _____ C:\Windows\KB2876331.log
2014-01-22 18:59 - 2014-01-25 11:42 - 00018878 _____ C:\Windows\KB2820917.log
2014-01-22 18:59 - 2014-01-25 11:42 - 00017996 _____ C:\Windows\KB2859537.log
2014-01-22 18:59 - 2014-01-25 11:42 - 00017702 _____ C:\Windows\KB2757638.log
2014-01-22 18:59 - 2014-01-25 11:42 - 00015890 _____ C:\Windows\KB2893294.log
2014-01-22 18:59 - 2014-01-25 11:40 - 00017193 _____ C:\Windows\KB2749655.log
2014-01-22 18:59 - 2014-01-25 11:40 - 00016143 _____ C:\Windows\KB2705219-v2.log
2014-01-22 18:59 - 2014-01-25 11:40 - 00014960 _____ C:\Windows\KB2893984.log
2014-01-22 18:59 - 2014-01-25 11:40 - 00014370 _____ C:\Windows\KB2727528.log
2014-01-22 18:59 - 2014-01-25 11:40 - 00013681 _____ C:\Windows\KB2892075.log
2014-01-22 18:59 - 2013-02-11 19:32 - 00012928 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usb8023x.sys
2014-01-22 18:59 - 2013-02-11 19:32 - 00012928 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usb8023x.sys
2014-01-22 18:59 - 2013-02-11 19:32 - 00012928 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usb8023.sys
2014-01-22 18:59 - 2013-02-11 19:32 - 00012928 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usb8023.sys
2014-01-22 18:58 - 2014-01-25 11:39 - 00015786 _____ C:\Windows\KB2813345.log
2014-01-22 18:58 - 2013-08-08 19:55 - 00032384 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbccgp.sys
2014-01-22 18:58 - 2013-08-08 19:55 - 00032384 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbccgp.sys
2014-01-22 18:58 - 2013-08-08 19:55 - 00005376 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbd.sys
2014-01-22 18:58 - 2013-08-08 19:55 - 00005376 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbd.sys
2014-01-22 18:58 - 2009-03-18 06:02 - 00030336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbehci.sys
2014-01-22 18:58 - 2009-03-18 06:02 - 00030336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbehci.sys
2014-01-22 18:44 - 2014-01-22 18:44 - 00104664 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-01-22 18:43 - 2014-01-22 19:33 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-01-22 18:43 - 2014-01-22 19:17 - 00000000 ____D C:\Documents and Settings\User\Desktop\mbar
2014-01-22 18:36 - 2014-01-22 18:36 - 00016277 _____ C:\ComboFix.txt
2014-01-20 19:23 - 2014-01-20 19:23 - 00008192 ____H C:\Windows\System32\config\SECURITY.tmp.LOG
2014-01-20 19:23 - 2014-01-20 19:23 - 00008192 ____H C:\Windows\System32\config\default.tmp.LOG
2014-01-20 19:23 - 2014-01-20 19:23 - 00000000 ____H C:\Windows\System32\config\system.tmp.LOG
2014-01-20 19:23 - 2014-01-20 19:23 - 00000000 ____H C:\Windows\System32\config\software.tmp.LOG
2014-01-20 19:23 - 2014-01-20 19:23 - 00000000 ____H C:\Windows\System32\config\SAM.tmp.LOG
2014-01-20 14:56 - 2014-01-20 14:56 - 00000000 _RSHD C:\cmdcons
2014-01-20 14:56 - 2009-05-21 10:04 - 00000211 _____ C:\Boot.bak
2014-01-20 14:56 - 2004-08-04 00:00 - 00260272 __RSH C:\cmldr
2014-01-20 14:50 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-20 14:50 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-20 14:50 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-20 14:50 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-20 14:50 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-20 14:50 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-01-20 14:50 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-20 14:50 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-20 14:50 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-20 14:42 - 2014-01-20 14:42 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\User\Desktop\mbar-1.07.0.1008.exe
2014-01-20 14:21 - 2014-01-22 18:44 - 00000000 ____D C:\Qoobox
2014-01-20 14:20 - 2014-01-22 18:33 - 00000000 ____D C:\Windows\erdnt
2014-01-20 14:20 - 2014-01-20 14:20 - 05167985 ____R (Swearware) C:\Documents and Settings\User\Desktop\ComboFix.exe
2014-01-20 14:12 - 2014-01-20 14:12 - 05509039 _____ ( ) C:\Documents and Settings\User\Desktop\BluelineFull.exe
2014-01-20 14:12 - 2014-01-20 14:12 - 00000675 _____ C:\Documents and Settings\All Users\Desktop\Blueline.lnk
2014-01-20 14:12 - 2014-01-20 14:12 - 00000000 ____D C:\Program Files\AzTools
2014-01-20 09:55 - 2014-01-20 10:01 - 00067966 _____ C:\Documents and Settings\User\Desktop\OTL.Txt
2014-01-20 09:55 - 2014-01-20 09:55 - 00063776 _____ C:\Documents and Settings\User\Desktop\Extras.Txt
2014-01-20 09:04 - 2014-01-19 17:23 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe
2014-01-19 11:27 - 2014-01-19 11:27 - 01221120 _____ (Farbar) C:\Windows\FRST.EXE
2014-01-14 10:23 - 2014-01-14 10:23 - 00000000 ____S C:\Windows\System32\xrzwggj.egs
2014-01-13 16:04 - 2014-01-13 16:04 - 00090112 _____ C:\Windows\Minidump\Mini011314-04.dmp
2014-01-13 15:57 - 2014-01-13 15:57 - 00090112 _____ C:\Windows\Minidump\Mini011314-03.dmp
2014-01-13 15:44 - 2014-01-13 15:44 - 00090112 _____ C:\Windows\Minidump\Mini011314-02.dmp
2014-01-13 15:42 - 2014-01-13 15:41 - 00090112 _____ C:\Windows\Minidump\Mini011314-01.dmp
2014-01-13 15:33 - 2014-01-13 15:38 - 00000000 ____D C:\Windows\System32\MpEngineStore
2014-01-10 11:32 - 2014-01-10 11:33 - 00000000 __HDC C:\Windows\ie8
2014-01-10 11:24 - 2014-01-10 11:26 - 00029947 _____ C:\Windows\ie8Uninst.log
2014-01-02 19:11 - 2014-01-02 19:11 - 00000000 ____S C:\Windows\System32\ghabqew.nmu
2014-01-01 19:09 - 2014-01-11 19:32 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\SFworks
2013-12-31 16:17 - 2013-12-31 16:17 - 00028672 _____ C:\Windows\System32\lbuld.vhy
2013-12-31 16:06 - 2014-01-22 18:26 - 00000085 _____ C:\Windows\System32\ddjf.sgk
2013-12-31 16:06 - 2013-12-31 16:17 - 00000097 _____ C:\Windows\System32\amxiufh.ibo
2013-12-31 16:06 - 2013-12-31 16:06 - 00000064 _____ C:\Windows\System32\lmtk.qya
2013-12-31 15:50 - 2013-12-31 15:50 - 00101213 ____S C:\Windows\System32\hzlxz.hfu
2013-12-30 16:19 - 2013-12-30 16:19 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-01-26 18:18 - 2009-05-21 10:04 - 00000278 ___SH C:\Documents and Settings\User\ntuser.ini
2014-01-26 18:18 - 2008-04-25 16:32 - 00032468 _____ C:\Windows\SchedLgU.Txt
2014-01-26 18:18 - 2008-04-25 16:28 - 01268405 _____ C:\Windows\WindowsUpdate.log
2014-01-26 18:18 - 2008-04-25 04:25 - 00000275 _____ C:\Windows\wiadebug.log
2014-01-26 17:25 - 2014-01-26 17:25 - 00000000 ____D C:\FRST
2014-01-26 15:28 - 2013-03-04 19:48 - 00000000 ____D C:\Documents and Settings\User\Application Data\HpUpdate
2014-01-26 11:39 - 2012-11-05 23:46 - 00000000 ___RD C:\Documents and Settings\User\My Documents\Dropbox
2014-01-26 11:39 - 2012-11-05 23:43 - 00000000 ____D C:\Documents and Settings\User\Application Data\Dropbox
2014-01-25 12:27 - 2014-01-25 12:27 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\PCHealth
2014-01-25 12:27 - 2008-04-25 16:34 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-25 12:23 - 2008-04-25 11:16 - 00002206 _____ C:\Windows\System32\wpa.dbl
2014-01-25 12:22 - 2008-04-25 04:25 - 00000049 _____ C:\Windows\wiaservc.log
2014-01-25 12:20 - 2009-05-13 23:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2014-01-25 12:20 - 2008-04-25 04:21 - 00270984 _____ C:\Windows\System32\FNTCACHE.DAT
2014-01-25 12:17 - 2008-04-25 04:22 - 00637148 _____ C:\Windows\System32\PerfStringBackup.INI
2014-01-25 12:15 - 2014-01-25 12:15 - 00000000 __HDC C:\Windows\$NtUninstallKB2868626$
2014-01-25 12:15 - 2014-01-22 19:07 - 00146046 _____ C:\Windows\KB2868626.log
2014-01-25 12:15 - 2009-05-13 22:45 - 00142351 _____ C:\Windows\updspapi.log
2014-01-25 12:15 - 2008-04-25 04:22 - 01873394 _____ C:\Windows\iis6.log
2014-01-25 12:15 - 2008-04-25 04:22 - 01696723 _____ C:\Windows\FaxSetup.log
2014-01-25 12:15 - 2008-04-25 04:22 - 00824218 _____ C:\Windows\ocgen.log
2014-01-25 12:15 - 2008-04-25 04:22 - 00778645 _____ C:\Windows\tsoc.log
2014-01-25 12:15 - 2008-04-25 04:22 - 00567219 _____ C:\Windows\comsetup.log
2014-01-25 12:15 - 2008-04-25 04:22 - 00523516 _____ C:\Windows\msmqinst.log
2014-01-25 12:15 - 2008-04-25 04:22 - 00343889 _____ C:\Windows\ntdtcsetup.log
2014-01-25 12:15 - 2008-04-25 04:22 - 00295704 _____ C:\Windows\netfxocm.log
2014-01-25 12:15 - 2008-04-25 04:22 - 00116899 _____ C:\Windows\MedCtrOC.log
2014-01-25 12:15 - 2008-04-25 04:22 - 00093553 _____ C:\Windows\ocmsn.log
2014-01-25 12:15 - 2008-04-25 04:22 - 00084953 _____ C:\Windows\tabletoc.log
2014-01-25 12:15 - 2008-04-25 04:22 - 00084730 _____ C:\Windows\msgsocm.log
2014-01-25 12:15 - 2008-04-25 04:22 - 00001374 _____ C:\Windows\imsins.log
2014-01-25 12:10 - 2014-01-25 12:10 - 00000000 __HDC C:\Windows\$NtUninstallKB2712808$
2014-01-25 12:10 - 2014-01-22 19:07 - 00147544 _____ C:\Windows\KB2712808.log
2014-01-25 12:10 - 2008-04-25 04:22 - 00001374 _____ C:\Windows\imsins.BAK
2014-01-25 12:04 - 2014-01-25 12:04 - 00137781 _____ C:\Windows\KB2834886.log
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2834886$
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2758857$
2014-01-25 12:04 - 2014-01-25 12:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2691442$
2014-01-25 12:04 - 2014-01-22 19:05 - 00148087 _____ C:\Windows\KB2691442.log
2014-01-25 12:04 - 2014-01-22 19:05 - 00147189 _____ C:\Windows\KB2758857.log
2014-01-25 12:02 - 2014-01-25 12:02 - 00137129 _____ C:\Windows\KB2900986.log
2014-01-25 12:02 - 2014-01-25 12:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2900986$
2014-01-25 11:59 - 2014-01-25 11:59 - 00000000 __HDC C:\Windows\$NtUninstallKB2847311$
2014-01-25 11:59 - 2014-01-22 19:04 - 00143852 _____ C:\Windows\KB2847311.log
2014-01-25 11:54 - 2014-01-25 11:54 - 00139715 _____ C:\Windows\KB2898785-IE8.log
2014-01-25 11:54 - 2014-01-25 11:54 - 00000000 __HDC C:\Windows\$NtUninstallKB2802968$
2014-01-25 11:54 - 2014-01-25 11:54 - 00000000 __HDC C:\Windows\$NtUninstallKB2655992$
2014-01-25 11:54 - 2014-01-22 19:04 - 00145673 _____ C:\Windows\KB2655992.log
2014-01-25 11:54 - 2014-01-22 19:04 - 00144995 _____ C:\Windows\KB2802968.log
2014-01-25 11:53 - 2014-01-25 11:53 - 00131354 _____ C:\Windows\KB2862335.log
2014-01-25 11:53 - 2014-01-25 11:53 - 00000000 __HDC C:\Windows\$NtUninstallKB2898715$
2014-01-25 11:53 - 2014-01-25 11:53 - 00000000 __HDC C:\Windows\$NtUninstallKB2862335$
2014-01-25 11:53 - 2014-01-22 19:03 - 00138223 _____ C:\Windows\KB2898715.log
2014-01-25 11:53 - 2009-05-14 05:37 - 00546125 _____ C:\Windows\setupapi.log
2014-01-25 11:52 - 2014-01-25 11:52 - 00128905 _____ C:\Windows\KB2834904-v2.log
2014-01-25 11:52 - 2014-01-25 11:52 - 00000000 __HDC C:\Windows\$NtUninstallKB2834904-v2_WM11$
2014-01-25 11:52 - 2014-01-25 11:52 - 00000000 __HDC C:\Windows\$NtUninstallKB2780091$
2014-01-25 11:52 - 2014-01-22 19:03 - 00139421 _____ C:\Windows\KB2780091.log
2014-01-25 11:50 - 2014-01-25 11:50 - 00130889 _____ C:\Windows\KB2904266.log
2014-01-25 11:50 - 2014-01-25 11:50 - 00000000 __HDC C:\Windows\$NtUninstallKB2904266$
2014-01-25 11:50 - 2014-01-25 11:50 - 00000000 __HDC C:\Windows\$NtUninstallKB2876217$
2014-01-25 11:50 - 2014-01-25 11:50 - 00000000 __HDC C:\Windows\$NtUninstallKB2845187$
2014-01-25 11:50 - 2014-01-22 19:02 - 00137227 _____ C:\Windows\KB2876217.log
2014-01-25 11:50 - 2014-01-22 19:02 - 00136914 _____ C:\Windows\KB2845187.log
2014-01-25 11:50 - 2009-05-13 22:45 - 00248936 _____ C:\Windows\System32\TZLog.log
2014-01-25 11:47 - 2014-01-25 11:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2864063$
2014-01-25 11:47 - 2014-01-22 19:01 - 00136408 _____ C:\Windows\KB2864063.log
2014-01-25 11:46 - 2014-01-25 11:46 - 00000000 __HDC C:\Windows\$NtUninstallKB2719985$
2014-01-25 11:46 - 2014-01-22 19:00 - 00020497 _____ C:\Windows\KB2719985.log
2014-01-25 11:45 - 2014-01-25 11:45 - 00000000 __HDC C:\Windows\$NtUninstallKB2862152$
2014-01-25 11:45 - 2014-01-25 11:45 - 00000000 __HDC C:\Windows\$NtUninstallKB2850869$
2014-01-25 11:45 - 2014-01-25 11:45 - 00000000 __HDC C:\Windows\$NtUninstallKB2770660$
2014-01-25 11:45 - 2014-01-22 19:00 - 00017595 _____ C:\Windows\KB2862152.log
2014-01-25 11:45 - 2014-01-22 19:00 - 00016767 _____ C:\Windows\KB2850869.log
2014-01-25 11:43 - 2014-01-25 11:43 - 00000000 __HDC C:\Windows\$NtUninstallKB2876331$
2014-01-25 11:43 - 2014-01-22 19:00 - 00017072 _____ C:\Windows\KB2876331.log
2014-01-25 11:42 - 2014-01-25 11:42 - 00013024 _____ C:\Windows\KB2807986.log
2014-01-25 11:42 - 2014-01-25 11:42 - 00000000 __HDC C:\Windows\$NtUninstallKB2893294$
2014-01-25 11:42 - 2014-01-25 11:42 - 00000000 __HDC C:\Windows\$NtUninstallKB2859537$
2014-01-25 11:42 - 2014-01-25 11:42 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$
2014-01-25 11:42 - 2014-01-25 11:42 - 00000000 __HDC C:\Windows\$NtUninstallKB2807986$
2014-01-25 11:42 - 2014-01-25 11:42 - 00000000 __HDC C:\Windows\$NtUninstallKB2757638$
2014-01-25 11:42 - 2014-01-22 18:59 - 00018878 _____ C:\Windows\KB2820917.log
2014-01-25 11:42 - 2014-01-22 18:59 - 00017996 _____ C:\Windows\KB2859537.log
2014-01-25 11:42 - 2014-01-22 18:59 - 00017702 _____ C:\Windows\KB2757638.log
2014-01-25 11:42 - 2014-01-22 18:59 - 00015890 _____ C:\Windows\KB2893294.log
2014-01-25 11:42 - 2009-05-13 22:45 - 00000000 ___HD C:\Windows\$hf_mig$
2014-01-25 11:41 - 2008-04-25 11:16 - 00000603 _____ C:\Windows\win.ini
2014-01-25 11:40 - 2014-01-25 11:40 - 00011402 _____ C:\Windows\KB2698365.log
2014-01-25 11:40 - 2014-01-25 11:40 - 00000000 __HDC C:\Windows\$NtUninstallKB2893984$
2014-01-25 11:40 - 2014-01-25 11:40 - 00000000 __HDC C:\Windows\$NtUninstallKB2892075$
2014-01-25 11:40 - 2014-01-25 11:40 - 00000000 __HDC C:\Windows\$NtUninstallKB2749655$
2014-01-25 11:40 - 2014-01-25 11:40 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
2014-01-25 11:40 - 2014-01-25 11:40 - 00000000 __HDC C:\Windows\$NtUninstallKB2705219-v2$
2014-01-25 11:40 - 2014-01-25 11:40 - 00000000 __HDC C:\Windows\$NtUninstallKB2698365$
2014-01-25 11:40 - 2014-01-22 18:59 - 00017193 _____ C:\Windows\KB2749655.log
2014-01-25 11:40 - 2014-01-22 18:59 - 00016143 _____ C:\Windows\KB2705219-v2.log
2014-01-25 11:40 - 2014-01-22 18:59 - 00014960 _____ C:\Windows\KB2893984.log
2014-01-25 11:40 - 2014-01-22 18:59 - 00014370 _____ C:\Windows\KB2727528.log
2014-01-25 11:40 - 2014-01-22 18:59 - 00013681 _____ C:\Windows\KB2892075.log
2014-01-25 11:39 - 2014-01-25 11:39 - 00009097 _____ C:\Windows\KB2723135-v2.log
2014-01-25 11:39 - 2014-01-25 11:39 - 00000000 __HDC C:\Windows\$NtUninstallKB2862330$
2014-01-25 11:39 - 2014-01-25 11:39 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$
2014-01-25 11:39 - 2014-01-25 11:39 - 00000000 __HDC C:\Windows\$NtUninstallKB2723135-v2$
2014-01-25 11:39 - 2014-01-22 18:58 - 00015786 _____ C:\Windows\KB2813345.log
2014-01-25 11:36 - 2011-04-17 19:00 - 00017192 _____ C:\Windows\KB2510531-IE8.log
2014-01-25 11:36 - 2008-04-25 16:39 - 00000000 ____D C:\Windows\System32\XPSViewer
2014-01-25 11:32 - 2014-01-25 11:30 - 00000000 ____D C:\Windows\System32\MRT
2014-01-25 11:24 - 2014-01-25 11:24 - 00000000 __HDC C:\Windows\$NtUninstallKB2914368$
2014-01-25 11:24 - 2014-01-25 11:23 - 00007084 _____ C:\Windows\KB2914368.log
2014-01-22 19:33 - 2014-01-22 18:43 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-01-22 19:28 - 2012-12-19 18:21 - 00000000 __SHD C:\Windows\CSC
2014-01-22 19:17 - 2014-01-22 18:43 - 00000000 ____D C:\Documents and Settings\User\Desktop\mbar
2014-01-22 19:17 - 2012-07-09 10:54 - 00001324 _____ C:\Windows\System32\d3d9caps.dat
2014-01-22 19:17 - 2010-09-19 19:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2141007$
2014-01-22 19:03 - 2008-04-25 11:16 - 00000000 __SHD C:\Documents and Settings\User\Local Settings\Application Data\{d162c655-94d1-f359-bd28-5b52e8eb0cb6}
2014-01-22 18:44 - 2014-01-22 18:44 - 00104664 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-01-22 18:44 - 2014-01-20 14:21 - 00000000 ____D C:\Qoobox
2014-01-22 18:36 - 2014-01-22 18:36 - 00016277 _____ C:\ComboFix.txt
2014-01-22 18:33 - 2014-01-20 14:20 - 00000000 ____D C:\Windows\erdnt
2014-01-22 18:27 - 2008-04-25 11:16 - 00000227 _____ C:\Windows\system.ini
2014-01-22 18:26 - 2013-12-31 16:06 - 00000085 _____ C:\Windows\System32\ddjf.sgk
2014-01-20 19:23 - 2014-01-20 19:23 - 00008192 ____H C:\Windows\System32\config\SECURITY.tmp.LOG
2014-01-20 19:23 - 2014-01-20 19:23 - 00008192 ____H C:\Windows\System32\config\default.tmp.LOG
2014-01-20 19:23 - 2014-01-20 19:23 - 00000000 ____H C:\Windows\System32\config\system.tmp.LOG
2014-01-20 19:23 - 2014-01-20 19:23 - 00000000 ____H C:\Windows\System32\config\software.tmp.LOG
2014-01-20 19:23 - 2014-01-20 19:23 - 00000000 ____H C:\Windows\System32\config\SAM.tmp.LOG
2014-01-20 17:05 - 2012-10-30 11:09 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\RivalGaming
2014-01-20 16:16 - 2008-04-25 04:21 - 04980736 _____ C:\Windows\System32\config\system.bak
2014-01-20 16:16 - 2008-04-25 04:21 - 00524288 _____ C:\Windows\System32\config\default.bak
2014-01-20 14:56 - 2014-01-20 14:56 - 00000000 _RSHD C:\cmdcons
2014-01-20 14:56 - 2008-04-25 11:16 - 00000327 __RSH C:\boot.ini
2014-01-20 14:53 - 2008-04-25 04:21 - 34078720 _____ C:\Windows\System32\config\software.bak
2014-01-20 14:53 - 2008-04-25 04:21 - 00057344 _____ C:\Windows\System32\config\SECURITY.bak
2014-01-20 14:53 - 2008-04-25 04:21 - 00028672 _____ C:\Windows\System32\config\SAM.bak
2014-01-20 14:47 - 2008-04-25 16:32 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2014-01-20 14:42 - 2014-01-20 14:42 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\User\Desktop\mbar-1.07.0.1008.exe
2014-01-20 14:20 - 2014-01-20 14:20 - 05167985 ____R (Swearware) C:\Documents and Settings\User\Desktop\ComboFix.exe
2014-01-20 14:12 - 2014-01-20 14:12 - 05509039 _____ ( ) C:\Documents and Settings\User\Desktop\BluelineFull.exe
2014-01-20 14:12 - 2014-01-20 14:12 - 00000675 _____ C:\Documents and Settings\All Users\Desktop\Blueline.lnk
2014-01-20 14:12 - 2014-01-20 14:12 - 00000000 ____D C:\Program Files\AzTools
2014-01-20 10:01 - 2014-01-20 09:55 - 00067966 _____ C:\Documents and Settings\User\Desktop\OTL.Txt
2014-01-20 09:55 - 2014-01-20 09:55 - 00063776 _____ C:\Documents and Settings\User\Desktop\Extras.Txt
2014-01-19 17:23 - 2014-01-20 09:04 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe
2014-01-19 11:27 - 2014-01-19 11:27 - 01221120 _____ (Farbar) C:\Windows\FRST.EXE
2014-01-19 02:32 - 2011-04-23 11:08 - 00231584 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-01-17 16:30 - 2012-01-23 11:19 - 00000000 ____D C:\Program Files\Google
2014-01-15 12:44 - 2009-05-26 11:16 - 00002497 _____ C:\Documents and Settings\User\Desktop\Microsoft Office Word 2003.lnk
2014-01-14 10:23 - 2014-01-14 10:23 - 00000000 ____S C:\Windows\System32\xrzwggj.egs
2014-01-14 10:13 - 2010-10-17 19:03 - 00000000 __HDC C:\Windows\$NtUninstallKB979687$
2014-01-13 16:34 - 2012-01-25 14:26 - 00000000 ____D C:\Program Files\Yahoo!
2014-01-13 16:34 - 2012-01-25 14:26 - 00000000 ____D C:\Documents and Settings\User\Application Data\Yahoo!
2014-01-13 16:34 - 2010-04-01 09:57 - 00000000 ____D C:\Program Files\Common Files\Intuit
2014-01-13 16:34 - 2010-04-01 09:56 - 00000000 ____D C:\Program Files\TurboTax
2014-01-13 16:33 - 2012-01-25 14:37 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\The Weather Channel
2014-01-13 16:32 - 2013-12-12 12:37 - 00000000 ____D C:\Program Files\Citrix
2014-01-13 16:31 - 2012-01-25 14:26 - 00000000 ____D C:\Program Files\FinalMediaPlayer
2014-01-13 16:31 - 2012-01-23 11:20 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Google
2014-01-13 16:31 - 2012-01-23 11:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google
2014-01-13 16:30 - 2013-12-12 12:37 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Citrix
2014-01-13 16:29 - 2012-01-25 14:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WeCareReminder
2014-01-13 16:22 - 2012-11-03 20:56 - 00333456 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3998656779-3110518549-2724662597-1005-0.dat
2014-01-13 16:22 - 2012-11-03 20:56 - 00268494 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-01-13 16:04 - 2014-01-13 16:04 - 00090112 _____ C:\Windows\Minidump\Mini011314-04.dmp
2014-01-13 16:04 - 2010-12-28 09:49 - 00000000 ____D C:\Windows\Minidump
2014-01-13 15:57 - 2014-01-13 15:57 - 00090112 _____ C:\Windows\Minidump\Mini011314-03.dmp
2014-01-13 15:44 - 2014-01-13 15:44 - 00090112 _____ C:\Windows\Minidump\Mini011314-02.dmp
2014-01-13 15:41 - 2014-01-13 15:42 - 00090112 _____ C:\Windows\Minidump\Mini011314-01.dmp
2014-01-13 15:38 - 2014-01-13 15:33 - 00000000 ____D C:\Windows\System32\MpEngineStore
2014-01-13 15:28 - 2011-04-23 11:03 - 00001945 _____ C:\Windows\epplauncher.mif
2014-01-13 15:28 - 2011-04-23 11:03 - 00000000 ____D C:\Program Files\Microsoft Security Client
2014-01-13 15:15 - 2009-05-14 05:39 - 00001250 _____ C:\Windows\setupact.log
2014-01-13 12:10 - 2010-04-01 09:58 - 00000000 ____D C:\Program Files\ItsDeductible2005
2014-01-11 19:32 - 2014-01-01 19:09 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\SFworks
2014-01-10 16:48 - 2012-11-05 23:46 - 00001005 _____ C:\Documents and Settings\User\Desktop\Dropbox.lnk
2014-01-10 11:35 - 2009-05-21 11:51 - 00070756 _____ C:\Windows\spupdsvc.log
2014-01-10 11:35 - 2008-04-25 04:17 - 00000000 ____D C:\Windows\Help
2014-01-10 11:34 - 2009-05-21 12:19 - 00115429 _____ C:\Windows\ie8.log
2014-01-10 11:34 - 2009-05-21 12:04 - 00101550 _____ C:\Windows\ie8_main.log
2014-01-10 11:33 - 2014-01-10 11:32 - 00000000 __HDC C:\Windows\ie8
2014-01-10 11:33 - 2008-04-25 04:17 - 00000000 ____D C:\Windows\Media
2014-01-10 11:26 - 2014-01-10 11:24 - 00029947 _____ C:\Windows\ie8Uninst.log
2014-01-10 11:26 - 2009-05-21 12:20 - 00000000 ____D C:\Windows\ie8updates
2014-01-06 17:20 - 2009-05-21 10:43 - 83425928 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-01-06 09:27 - 2011-06-19 19:09 - 00000000 __HDC C:\Windows\$NtUninstallKB2535512$
2014-01-02 19:11 - 2014-01-02 19:11 - 00000000 ____S C:\Windows\System32\ghabqew.nmu
2013-12-31 16:17 - 2013-12-31 16:17 - 00028672 _____ C:\Windows\System32\lbuld.vhy
2013-12-31 16:17 - 2013-12-31 16:06 - 00000097 _____ C:\Windows\System32\amxiufh.ibo
2013-12-31 16:06 - 2013-12-31 16:06 - 00000064 _____ C:\Windows\System32\lmtk.qya
2013-12-31 16:06 - 2012-08-20 11:12 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-31 15:50 - 2013-12-31 15:50 - 00101213 ____S C:\Windows\System32\hzlxz.hfu
2013-12-30 16:19 - 2013-12-30 16:19 - 00000000 ____D C:\Program Files\Mozilla Firefox

ZeroAccess:
C:\Documents and Settings\User\Local Settings\Application Data\{d162c655-94d1-f359-bd28-5b52e8eb0cb6}

Files to move or delete:
====================
C:\Documents and Settings\NetworkService\foculnyzisyadbilqbv.exe
C:\Documents and Settings\NetworkService\unmonquzvn.exe
C:\Documents and Settings\NetworkService\vmyxbibarcteomj.exe
C:\Documents and Settings\NetworkService\wqeknfettfdildk.exe
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2008-04-25 11:16] - [2009-02-09 07:10] - 0401408 ____A (Microsoft Corporation) ee0817c3d4cb472391b485e707cccd85

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2014-01-26 12:00 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1748

RP: -> 2014-01-26 11:26 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1747

RP: -> 2014-01-25 11:22 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1746

RP: -> 2014-01-22 19:17 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1745

RP: -> 2014-01-22 19:08 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1744

RP: -> 2014-01-19 21:02 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1743

RP: -> 2014-01-18 20:02 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1742

RP: -> 2014-01-17 19:03 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1741

RP: -> 2014-01-16 18:18 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1740

RP: -> 2014-01-15 17:42 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1739

RP: -> 2014-01-14 16:59 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1738

RP: -> 2014-01-13 16:33 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1737

RP: -> 2014-01-13 16:30 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1736

RP: -> 2014-01-13 16:29 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1735

RP: -> 2014-01-13 13:58 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1732

RP: -> 2014-01-12 13:16 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1731

RP: -> 2014-01-11 12:21 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1730

RP: -> 2014-01-10 11:33 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1729

RP: -> 2014-01-09 12:10 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1728

RP: -> 2014-01-08 12:05 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1727

RP: -> 2014-01-07 11:12 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1726

RP: -> 2014-01-06 10:21 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1725

RP: -> 2014-01-04 16:17 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1724

RP: -> 2014-01-03 15:31 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1723

RP: -> 2014-01-02 13:18 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1722

RP: -> 2014-01-01 13:04 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1721

RP: -> 2013-12-31 13:03 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1720

RP: -> 2013-12-30 12:11 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1719

RP: -> 2013-12-29 11:52 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1718

RP: -> 2013-12-28 10:52 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1717

RP: -> 2013-12-27 09:52 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1716

RP: -> 2013-12-26 08:52 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1715

RP: -> 2013-12-25 07:52 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1714

RP: -> 2013-12-24 06:52 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1713

RP: -> 2013-12-23 05:52 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1712

RP: -> 2013-12-22 04:52 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1711

RP: -> 2013-12-21 03:52 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1710

RP: -> 2013-12-20 02:52 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1709

RP: -> 2013-12-19 01:52 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1708

RP: -> 2013-12-18 00:52 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1707

RP: -> 2013-12-16 23:52 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1706

RP: -> 2013-12-15 22:52 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1705

RP: -> 2013-12-14 21:52 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1704

RP: -> 2013-12-13 21:39 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1703

RP: -> 2013-12-12 21:37 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1702

RP: -> 2013-12-11 20:39 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1701

RP: -> 2013-12-10 19:39 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1700

RP: -> 2013-12-09 18:39 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1699

RP: -> 2013-12-08 17:39 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1698

RP: -> 2013-12-07 14:41 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1697

RP: -> 2013-12-06 13:41 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1696

RP: -> 2013-12-05 12:41 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1695

RP: -> 2013-12-04 11:41 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1694

RP: -> 2013-12-03 10:41 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1693

RP: -> 2013-12-02 09:41 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1692

RP: -> 2013-12-01 08:49 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1691

RP: -> 2013-11-30 08:49 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1690

RP: -> 2013-11-29 07:49 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1689

RP: -> 2013-11-28 06:49 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1688

RP: -> 2013-11-27 05:49 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1687

RP: -> 2013-11-26 04:49 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1686

RP: -> 2013-11-25 03:49 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1685

RP: -> 2013-11-24 02:49 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1684

RP: -> 2013-11-23 01:49 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1683

RP: -> 2013-11-22 00:49 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1682

RP: -> 2013-11-20 23:49 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1681

RP: -> 2013-11-19 22:59 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1680

RP: -> 2013-11-18 21:59 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1679

RP: -> 2013-11-17 20:59 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1678

RP: -> 2013-11-16 19:59 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1677

RP: -> 2013-11-15 18:59 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1676

RP: -> 2013-11-14 18:25 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1675

RP: -> 2013-11-13 18:16 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1674

RP: -> 2013-11-12 17:59 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1673

RP: -> 2013-11-11 16:59 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1672

RP: -> 2013-11-10 16:28 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1671

RP: -> 2013-11-09 11:59 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1670

RP: -> 2013-11-08 11:12 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1669

RP: -> 2013-11-05 19:02 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1668

RP: -> 2013-11-04 18:21 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1667

RP: -> 2013-11-03 15:09 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1666

RP: -> 2013-11-02 14:02 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1665

RP: -> 2013-11-01 13:02 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1664

RP: -> 2013-10-31 12:19 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1663

RP: -> 2013-10-30 10:03 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1662

RP: -> 2013-10-29 09:44 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1661

RP: -> 2013-10-28 09:35 - 028672 C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\Fifoed\snapshot\_REGISTRY_MACHINE_SAM

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 3060.9 MB
Available physical RAM: 2782.26 MB
Total Pagefile: 2885.61 MB
Available Pagefile: 2807.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 2000.15 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: (OS) (Fixed) (Total:148.97 GB) (Free:122.77 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Removable) (Total:7.59 GB) (Free:7.31 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=8 GB) - (Type=0B)

==================== End Of Log ============================

#9
pystryker

Posted 27 January 2014 - 08:46 PM

Trusted Helper

Topic Starter
Malware Removal
3,912 posts

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
Right-click in the open notepad and select Paste).
Save it on the desktop as fixlist.txt

Start
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
S1 ckyykpsf; \??\C:\WINDOWS\system32\drivers\ckyykpsf.sys [x]
C:\WINDOWS\system32\drivers\ckyykpsf.sys
2014-01-14 10:23 - 2014-01-14 10:23 - 00000000 ____S C:\Windows\System32\xrzwggj.egs
2014-01-02 19:11 - 2014-01-02 19:11 - 00000000 ____S C:\Windows\System32\ghabqew.nmu
2013-12-31 16:17 - 2013-12-31 16:17 - 00028672 _____ C:\Windows\System32\lbuld.vhy
2013-12-31 16:06 - 2014-01-22 18:26 - 00000085 _____ C:\Windows\System32\ddjf.sgk
2013-12-31 16:06 - 2013-12-31 16:17 - 00000097 _____ C:\Windows\System32\amxiufh.ibo
2013-12-31 16:06 - 2013-12-31 16:06 - 00000064 _____ C:\Windows\System32\lmtk.qya
2013-12-31 15:50 - 2013-12-31 15:50 - 00101213 ____S C:\Windows\System32\hzlxz.hfu
2014-01-22 18:26 - 2013-12-31 16:06 - 00000085 _____ C:\Windows\System32\ddjf.sgk
C:\Documents and Settings\User\Local Settings\Application Data\{d162c655-94d1-f359-bd28-5b52e8eb0cb6}
C:\Documents and Settings\NetworkService\foculnyzisyadbilqbv.exe
C:\Documents and Settings\NetworkService\unmonquzvn.exe
C:\Documents and Settings\NetworkService\vmyxbibarcteomj.exe
C:\Documents and Settings\NetworkService\wqeknfettfdildk.exe
C:\Windows\Tasks\At*.job

Replace: c:\windows\$NtUninstallKB956572$\rpcss.dll c:\windows\system32\rpcss.dll
Replace: c:\windows\$NtUninstallKB956572$\rpcss.dll c:\windows\system32\dllcache\rpcss.dll
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.

[b]Things I need to see in your next post:

fixlog.txt

#10
pystryker

Posted 29 January 2014 - 07:53 PM

Trusted Helper

Topic Starter
Malware Removal
3,912 posts

Good progress! The machine is now booting normally into the desktop with no errors. The contents of the fixlog are below, along with a new FRST scan.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-01-2014 04
Ran by SYSTEM at 2014-01-29 18:06:53 Run:1
Running from B:\Documents and Settings\Default User\Desktop
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
Start
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
S1 ckyykpsf; \??\C:\WINDOWS\system32\drivers\ckyykpsf.sys [x]
C:\WINDOWS\system32\drivers\ckyykpsf.sys
2014-01-14 10:23 - 2014-01-14 10:23 - 00000000 ____S C:\Windows\System32\xrzwggj.egs
2014-01-02 19:11 - 2014-01-02 19:11 - 00000000 ____S C:\Windows\System32\ghabqew.nmu
2013-12-31 16:17 - 2013-12-31 16:17 - 00028672 _____ C:\Windows\System32\lbuld.vhy
2013-12-31 16:06 - 2014-01-22 18:26 - 00000085 _____ C:\Windows\System32\ddjf.sgk
2013-12-31 16:06 - 2013-12-31 16:17 - 00000097 _____ C:\Windows\System32\amxiufh.ibo
2013-12-31 16:06 - 2013-12-31 16:06 - 00000064 _____ C:\Windows\System32\lmtk.qya
2013-12-31 15:50 - 2013-12-31 15:50 - 00101213 ____S C:\Windows\System32\hzlxz.hfu
2014-01-22 18:26 - 2013-12-31 16:06 - 00000085 _____ C:\Windows\System32\ddjf.sgk
C:\Documents and Settings\User\Local Settings\Application Data\{d162c655-94d1-f359-bd28-5b52e8eb0cb6}
C:\Documents and Settings\NetworkService\foculnyzisyadbilqbv.exe
C:\Documents and Settings\NetworkService\unmonquzvn.exe
C:\Documents and Settings\NetworkService\vmyxbibarcteomj.exe
C:\Documents and Settings\NetworkService\wqeknfettfdildk.exe
C:\Windows\Tasks\At*.job

Replace: c:\windows\$NtUninstallKB956572$\rpcss.dll c:\windows\system32\rpcss.dll
Replace: c:\windows\$NtUninstallKB956572$\rpcss.dll c:\windows\system32\dllcache\rpcss.dll
End
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
ckyykpsf => Service deleted successfully.
"C:\WINDOWS\system32\drivers\ckyykpsf.sys" => File/Directory not found.
C:\Windows\System32\xrzwggj.egs => Moved successfully.
C:\Windows\System32\ghabqew.nmu => Moved successfully.
C:\Windows\System32\lbuld.vhy => Moved successfully.
C:\Windows\System32\ddjf.sgk => Moved successfully.
C:\Windows\System32\amxiufh.ibo => Moved successfully.
C:\Windows\System32\lmtk.qya => Moved successfully.
C:\Windows\System32\hzlxz.hfu => Moved successfully.
"C:\Windows\System32\ddjf.sgk" => File/Directory not found.
C:\Documents and Settings\User\Local Settings\Application Data\{d162c655-94d1-f359-bd28-5b52e8eb0cb6} => Moved successfully.
C:\Documents and Settings\NetworkService\foculnyzisyadbilqbv.exe => Moved successfully.
C:\Documents and Settings\NetworkService\unmonquzvn.exe => Moved successfully.
C:\Documents and Settings\NetworkService\vmyxbibarcteomj.exe => Moved successfully.
C:\Documents and Settings\NetworkService\wqeknfettfdildk.exe => Moved successfully.
C:\Windows\Tasks\At*.job => Moved successfully.
c:\windows\system32\rpcss.dll => Moved successfully.
c:\windows\$NtUninstallKB956572$\rpcss.dll copied successfully to c:\windows\system32\rpcss.dll
c:\windows\system32\dllcache\rpcss.dll => Moved successfully.
c:\windows\$NtUninstallKB956572$\rpcss.dll copied successfully to c:\windows\system32\dllcache\rpcss.dll

==== End of Fixlog ====

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2014 01
Ran by User (administrator) on PASTORSTUDY on 29-01-2014 18:34:10
Running from C:\Documents and Settings\User\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
() C:\WINACS\ACSTRAY.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Dropbox, Inc.) C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-4971963f.exe
() C:\Documents and Settings\NetworkService\Local Settings\temp\b7f2d7fbcd20a4ff8df08a668840629f\MPSigStub.exe
(Microsoft Corporation) \\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2008-07-15] (Analog Devices, Inc.)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [148888 2009-03-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [ACSTRAY] - C:\WINACS\ACSTRAY.EXE [1475072 2008-04-08] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2012-08-14] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [HPWQTOOLBOX] - C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe [335872 2005-06-03] (Hewlett-Packard Company)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2678784 2011-10-18] (Brother Industries, Ltd.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [ISUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKCU\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1804648 2011-09-09] (Hewlett-Packard Co.)
HKU\Administrator\...\Run: [ISUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [ 2006-09-11] (Macrovision Corporation)
HKU\Default User\...\Run: [ISUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [ 2006-09-11] (Macrovision Corporation)
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchr...om/?c=2644&t=01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://findgala.com/...q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://findgala.com/...q={searchTerms}
SearchScopes: HKCU - {4E8A57D2-761C-4BE1-BF8E-57741640B371} URL = http://www.mysearchr...q={searchTerms}
SearchScopes: HKCU - {645701DB-0A59-AE3F-8D62-BAA040AFB663} URL = http://www.bing.com/...007&form=ZGAIDF
SearchScopes: HKCU - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKCU - {CF01412E-D00C-4DF0-8C2E-6FFCB3A5F57D} URL = http://search.yahoo....0120104,0,0,0,0
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1242920394031
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default
FF user.js: detected! => C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\user.js
FF NewTab: about:blank
FF DefaultSearchEngine: Yahoo
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.user_pref("browser.search.order.2", "");: user_pref("browser.search.order.2", "");
FF SelectedSearchEngine: Yahoo
FF Homepage: https://www.yahoo.com/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\User\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\searchplugins\search-here.xml
FF Extension: RivalGaming - C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] [2013-07-04]
FF Extension: EpicPlay Games - C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] [2012-01-25]
FF Extension: RivalGaming - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\Extensions\[email protected] [2013-07-04]
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-04-10]
FF Extension: Default Tab - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\Extensions\[email protected] [2012-10-30]
FF Extension: Video Downloader - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\Extensions\[email protected] [2013-07-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2013-03-04]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (RivalGaming Addon) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\adhmhclafdhfabmmglbcngpddpdeijgd\npRivalGamingGC.dll (RivalGaming)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java™ Platform SE 6 U13) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (RivalGaming) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\adhmhclafdhfabmmglbcngpddpdeijgd [2012-10-30]
CHR Extension: (We-Care Reminder) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm [2012-05-14]
CHR Extension: (Yontoo) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc [2012-11-06]
CHR HKLM\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files\DefaultTab\DefaultTab.crx [2012-11-06]

========================== Services (Whitelisted) =================

R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [249856 2011-11-15] (Brother Industries, Ltd.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-03-09] (Sun Microsystems, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)
R2 DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)
R2 DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)
R2 DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)
R2 DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)
R2 DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)
R2 DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)
R2 DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)
R3 k57w2k; C:\WINDOWS\System32\DRIVERS\k57xp32.sys [176640 2008-07-15] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-07-15] (Sonic Focus, Inc)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 MpKsl8c30adc4; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF939C90-7D16-4C1E-89D3-FB4098570A56}\MpKsl8c30adc4.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-29 18:34 - 2014-01-29 18:34 - 00018248 _____ C:\Documents and Settings\User\Desktop\FRST.txt
2014-01-29 18:33 - 2014-01-29 18:33 - 01137152 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-01-26 16:25 - 2014-01-29 18:34 - 00000000 ____D C:\FRST
2014-01-25 11:27 - 2014-01-25 11:27 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\PCHealth
2014-01-25 11:15 - 2014-01-25 11:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2014-01-25 11:10 - 2014-01-25 11:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2712808$
2014-01-25 11:04 - 2014-01-25 11:04 - 00137781 _____ C:\WINDOWS\KB2834886.log
2014-01-25 11:04 - 2014-01-25 11:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2014-01-25 11:04 - 2014-01-25 11:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2758857$
2014-01-25 11:04 - 2014-01-25 11:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2691442$
2014-01-25 11:02 - 2014-01-25 11:02 - 00137129 _____ C:\WINDOWS\KB2900986.log
2014-01-25 11:02 - 2014-01-25 11:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2014-01-25 10:59 - 2014-01-25 10:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2014-01-25 10:54 - 2014-01-25 10:54 - 00139715 _____ C:\WINDOWS\KB2898785-IE8.log
2014-01-25 10:54 - 2014-01-25 10:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2802968$
2014-01-25 10:54 - 2014-01-25 10:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2655992$
2014-01-25 10:53 - 2014-01-25 10:53 - 00131354 _____ C:\WINDOWS\KB2862335.log
2014-01-25 10:53 - 2014-01-25 10:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2014-01-25 10:53 - 2014-01-25 10:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2014-01-25 10:52 - 2014-01-25 10:52 - 00128905 _____ C:\WINDOWS\KB2834904-v2.log
2014-01-25 10:52 - 2014-01-25 10:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2014-01-25 10:52 - 2014-01-25 10:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$
2014-01-25 10:50 - 2014-01-25 10:50 - 00130889 _____ C:\WINDOWS\KB2904266.log
2014-01-25 10:50 - 2014-01-25 10:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2014-01-25 10:50 - 2014-01-25 10:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2014-01-25 10:50 - 2014-01-25 10:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2014-01-25 10:47 - 2014-01-25 10:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2014-01-25 10:46 - 2014-01-25 10:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2719985$
2014-01-25 10:45 - 2014-01-25 10:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2014-01-25 10:45 - 2014-01-25 10:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2014-01-25 10:45 - 2014-01-25 10:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$
2014-01-25 10:43 - 2014-01-25 10:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2014-01-25 10:42 - 2014-01-25 10:42 - 00013024 _____ C:\WINDOWS\KB2807986.log
2014-01-25 10:42 - 2014-01-25 10:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2014-01-25 10:42 - 2014-01-25 10:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2014-01-25 10:42 - 2014-01-25 10:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$
2014-01-25 10:42 - 2014-01-25 10:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$
2014-01-25 10:42 - 2014-01-25 10:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2757638$
2014-01-25 10:40 - 2014-01-25 10:40 - 00011402 _____ C:\WINDOWS\KB2698365.log
2014-01-25 10:40 - 2014-01-25 10:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2014-01-25 10:40 - 2014-01-25 10:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2014-01-25 10:40 - 2014-01-25 10:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2749655$
2014-01-25 10:40 - 2014-01-25 10:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2727528$
2014-01-25 10:40 - 2014-01-25 10:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2705219-v2$
2014-01-25 10:40 - 2014-01-25 10:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2698365$
2014-01-25 10:39 - 2014-01-25 10:39 - 00009097 _____ C:\WINDOWS\KB2723135-v2.log
2014-01-25 10:39 - 2014-01-25 10:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2014-01-25 10:39 - 2014-01-25 10:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$
2014-01-25 10:39 - 2014-01-25 10:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2723135-v2$
2014-01-25 10:30 - 2014-01-25 10:32 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-25 10:24 - 2014-01-25 10:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-25 10:23 - 2014-01-25 10:24 - 00007084 _____ C:\WINDOWS\KB2914368.log
2014-01-22 18:07 - 2014-01-25 11:15 - 00146046 _____ C:\WINDOWS\KB2868626.log
2014-01-22 18:07 - 2014-01-25 11:10 - 00147544 _____ C:\WINDOWS\KB2712808.log
2014-01-22 18:05 - 2014-01-25 11:04 - 00148087 _____ C:\WINDOWS\KB2691442.log
2014-01-22 18:05 - 2014-01-25 11:04 - 00147189 _____ C:\WINDOWS\KB2758857.log
2014-01-22 18:04 - 2014-01-25 10:59 - 00143852 _____ C:\WINDOWS\KB2847311.log
2014-01-22 18:04 - 2014-01-25 10:54 - 00145673 _____ C:\WINDOWS\KB2655992.log
2014-01-22 18:04 - 2014-01-25 10:54 - 00144995 _____ C:\WINDOWS\KB2802968.log
2014-01-22 18:03 - 2014-01-25 10:53 - 00138223 _____ C:\WINDOWS\KB2898715.log
2014-01-22 18:03 - 2014-01-25 10:52 - 00139421 _____ C:\WINDOWS\KB2780091.log
2014-01-22 18:03 - 2013-07-02 20:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2014-01-22 18:03 - 2013-07-02 19:59 - 00014976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys
2014-01-22 18:02 - 2014-01-25 10:50 - 00137227 _____ C:\WINDOWS\KB2876217.log
2014-01-22 18:02 - 2014-01-25 10:50 - 00136914 _____ C:\WINDOWS\KB2845187.log
2014-01-22 18:01 - 2014-01-25 10:47 - 00136408 _____ C:\WINDOWS\KB2864063.log
2014-01-22 18:00 - 2014-01-25 10:46 - 00020497 _____ C:\WINDOWS\KB2719985.log
2014-01-22 18:00 - 2014-01-25 10:45 - 00017595 _____ C:\WINDOWS\KB2862152.log
2014-01-22 18:00 - 2014-01-25 10:45 - 00016767 _____ C:\WINDOWS\KB2850869.log
2014-01-22 18:00 - 2014-01-25 10:43 - 00017072 _____ C:\WINDOWS\KB2876331.log
2014-01-22 17:59 - 2014-01-25 10:42 - 00018878 _____ C:\WINDOWS\KB2820917.log
2014-01-22 17:59 - 2014-01-25 10:42 - 00017996 _____ C:\WINDOWS\KB2859537.log
2014-01-22 17:59 - 2014-01-25 10:42 - 00017702 _____ C:\WINDOWS\KB2757638.log
2014-01-22 17:59 - 2014-01-25 10:42 - 00015890 _____ C:\WINDOWS\KB2893294.log
2014-01-22 17:59 - 2014-01-25 10:40 - 00017193 _____ C:\WINDOWS\KB2749655.log
2014-01-22 17:59 - 2014-01-25 10:40 - 00016143 _____ C:\WINDOWS\KB2705219-v2.log
2014-01-22 17:59 - 2014-01-25 10:40 - 00014960 _____ C:\WINDOWS\KB2893984.log
2014-01-22 17:59 - 2014-01-25 10:40 - 00014370 _____ C:\WINDOWS\KB2727528.log
2014-01-22 17:59 - 2014-01-25 10:40 - 00013681 _____ C:\WINDOWS\KB2892075.log
2014-01-22 17:59 - 2013-02-11 18:32 - 00012928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023x.sys
2014-01-22 17:59 - 2013-02-11 18:32 - 00012928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023.sys
2014-01-22 17:58 - 2014-01-25 10:39 - 00015786 _____ C:\WINDOWS\KB2813345.log
2014-01-22 17:58 - 2013-08-08 18:55 - 00032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2014-01-22 17:58 - 2013-08-08 18:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2014-01-22 17:58 - 2009-03-18 05:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2014-01-22 17:43 - 2014-01-22 18:33 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-22 17:43 - 2014-01-22 18:17 - 00000000 ____D C:\Documents and Settings\User\Desktop\mbar
2014-01-22 17:36 - 2014-01-22 17:36 - 00016277 _____ C:\ComboFix.txt
2014-01-20 18:23 - 2014-01-20 18:23 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-01-20 18:23 - 2014-01-20 18:23 - 00008192 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2014-01-20 18:23 - 2014-01-20 18:23 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2014-01-20 18:23 - 2014-01-20 18:23 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2014-01-20 18:23 - 2014-01-20 18:23 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-01-20 13:56 - 2014-01-20 13:56 - 00000000 _RSHD C:\cmdcons
2014-01-20 13:56 - 2009-05-21 09:04 - 00000211 _____ C:\Boot.bak
2014-01-20 13:56 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2014-01-20 13:50 - 2011-06-26 00:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2014-01-20 13:50 - 2010-11-07 11:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2014-01-20 13:50 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-01-20 13:50 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-01-20 13:50 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-01-20 13:50 - 2000-08-30 18:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-01-20 13:50 - 2000-08-30 18:00 - 00098816 _____ C:\WINDOWS\sed.exe
2014-01-20 13:50 - 2000-08-30 18:00 - 00080412 _____ C:\WINDOWS\grep.exe
2014-01-20 13:50 - 2000-08-30 18:00 - 00068096 _____ C:\WINDOWS\zip.exe
2014-01-20 13:42 - 2014-01-20 13:42 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\User\Desktop\mbar-1.07.0.1008.exe
2014-01-20 13:21 - 2014-01-22 17:44 - 00000000 ____D C:\Qoobox
2014-01-20 13:20 - 2014-01-22 17:33 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-20 13:20 - 2014-01-20 13:20 - 05167985 ____R (Swearware) C:\Documents and Settings\User\Desktop\ComboFix.exe
2014-01-20 13:12 - 2014-01-20 13:12 - 05509039 _____ ( ) C:\Documents and Settings\User\Desktop\BluelineFull.exe
2014-01-20 13:12 - 2014-01-20 13:12 - 00000675 _____ C:\Documents and Settings\All Users\Desktop\Blueline.lnk
2014-01-20 13:12 - 2014-01-20 13:12 - 00000000 ____D C:\Program Files\AzTools
2014-01-20 08:55 - 2014-01-20 09:01 - 00067966 _____ C:\Documents and Settings\User\Desktop\OTL.Txt
2014-01-20 08:55 - 2014-01-20 08:55 - 00063776 _____ C:\Documents and Settings\User\Desktop\Extras.Txt
2014-01-20 08:04 - 2014-01-19 16:23 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe
2014-01-19 10:27 - 2014-01-19 10:27 - 01221120 _____ (Farbar) C:\WINDOWS\FRST.EXE
2014-01-13 15:04 - 2014-01-13 15:04 - 00090112 _____ C:\WINDOWS\Minidump\Mini011314-04.dmp
2014-01-13 14:57 - 2014-01-13 14:57 - 00090112 _____ C:\WINDOWS\Minidump\Mini011314-03.dmp
2014-01-13 14:44 - 2014-01-13 14:44 - 00090112 _____ C:\WINDOWS\Minidump\Mini011314-02.dmp
2014-01-13 14:42 - 2014-01-13 14:41 - 00090112 _____ C:\WINDOWS\Minidump\Mini011314-01.dmp
2014-01-13 14:38 - 2014-01-29 18:34 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-01-13 14:33 - 2014-01-13 14:38 - 00000000 ____D C:\WINDOWS\system32\MpEngineStore
2014-01-10 10:32 - 2014-01-10 10:33 - 00000000 __HDC C:\WINDOWS\ie8
2014-01-10 10:24 - 2014-01-10 10:26 - 00029947 _____ C:\WINDOWS\ie8Uninst.log
2014-01-01 18:09 - 2014-01-11 18:32 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\SFworks
2013-12-30 15:19 - 2013-12-30 15:19 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-01-29 18:34 - 2014-01-29 18:34 - 00018248 _____ C:\Documents and Settings\User\Desktop\FRST.txt
2014-01-29 18:34 - 2014-01-26 16:25 - 00000000 ____D C:\FRST
2014-01-29 18:34 - 2014-01-13 14:38 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-01-29 18:33 - 2014-01-29 18:33 - 01137152 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-01-29 18:33 - 2008-04-25 15:34 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2014-01-29 18:33 - 2008-04-25 15:28 - 01316578 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-29 18:32 - 2008-04-25 03:22 - 00618566 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-29 18:27 - 2012-11-05 22:46 - 00000000 ___RD C:\Documents and Settings\User\My Documents\Dropbox
2014-01-29 18:27 - 2012-11-05 22:43 - 00000000 ____D C:\Documents and Settings\User\Application Data\Dropbox
2014-01-29 18:25 - 2010-07-19 08:39 - 00000236 _____ C:\WINDOWS\Tasks\OGALogon.job
2014-01-29 18:25 - 2008-04-25 10:16 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-29 18:25 - 2008-04-25 03:25 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-29 18:25 - 2008-04-25 03:25 - 00000049 _____ C:\WINDOWS\wiaservc.log
2014-01-29 18:24 - 2008-04-25 15:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-29 17:06 - 2008-04-25 15:32 - 00000000 __SHD C:\Documents and Settings\NetworkService
2014-01-26 17:18 - 2009-05-21 09:04 - 00000278 ___SH C:\Documents and Settings\User\ntuser.ini
2014-01-26 17:18 - 2008-04-25 15:32 - 00032468 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-26 14:28 - 2013-03-04 18:48 - 00000000 ____D C:\Documents and Settings\User\Application Data\HpUpdate
2014-01-25 11:27 - 2014-01-25 11:27 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\PCHealth
2014-01-25 11:20 - 2009-05-13 22:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2014-01-25 11:20 - 2008-04-25 03:21 - 00270984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-25 11:15 - 2014-01-25 11:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2014-01-25 11:15 - 2014-01-22 18:07 - 00146046 _____ C:\WINDOWS\KB2868626.log
2014-01-25 11:15 - 2009-05-13 21:45 - 00142351 _____ C:\WINDOWS\updspapi.log
2014-01-25 11:15 - 2008-04-25 03:22 - 01873394 _____ C:\WINDOWS\iis6.log
2014-01-25 11:15 - 2008-04-25 03:22 - 01696723 _____ C:\WINDOWS\FaxSetup.log
2014-01-25 11:15 - 2008-04-25 03:22 - 00824218 _____ C:\WINDOWS\ocgen.log
2014-01-25 11:15 - 2008-04-25 03:22 - 00778645 _____ C:\WINDOWS\tsoc.log
2014-01-25 11:15 - 2008-04-25 03:22 - 00567219 _____ C:\WINDOWS\comsetup.log
2014-01-25 11:15 - 2008-04-25 03:22 - 00523516 _____ C:\WINDOWS\msmqinst.log
2014-01-25 11:15 - 2008-04-25 03:22 - 00343889 _____ C:\WINDOWS\ntdtcsetup.log
2014-01-25 11:15 - 2008-04-25 03:22 - 00295704 _____ C:\WINDOWS\netfxocm.log
2014-01-25 11:15 - 2008-04-25 03:22 - 00116899 _____ C:\WINDOWS\MedCtrOC.log
2014-01-25 11:15 - 2008-04-25 03:22 - 00093553 _____ C:\WINDOWS\ocmsn.log
2014-01-25 11:15 - 2008-04-25 03:22 - 00084953 _____ C:\WINDOWS\tabletoc.log
2014-01-25 11:15 - 2008-04-25 03:22 - 00084730 _____ C:\WINDOWS\msgsocm.log
2014-01-25 11:15 - 2008-04-25 03:22 - 00001374 _____ C:\WINDOWS\imsins.log
2014-01-25 11:10 - 2014-01-25 11:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2712808$
2014-01-25 11:10 - 2014-01-22 18:07 - 00147544 _____ C:\WINDOWS\KB2712808.log
2014-01-25 11:10 - 2008-04-25 03:22 - 00001374 _____ C:\WINDOWS\imsins.BAK
2014-01-25 11:04 - 2014-01-25 11:04 - 00137781 _____ C:\WINDOWS\KB2834886.log
2014-01-25 11:04 - 2014-01-25 11:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2014-01-25 11:04 - 2014-01-25 11:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2758857$
2014-01-25 11:04 - 2014-01-25 11:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2691442$
2014-01-25 11:04 - 2014-01-22 18:05 - 00148087 _____ C:\WINDOWS\KB2691442.log
2014-01-25 11:04 - 2014-01-22 18:05 - 00147189 _____ C:\WINDOWS\KB2758857.log
2014-01-25 11:02 - 2014-01-25 11:02 - 00137129 _____ C:\WINDOWS\KB2900986.log
2014-01-25 11:02 - 2014-01-25 11:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2014-01-25 10:59 - 2014-01-25 10:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2014-01-25 10:59 - 2014-01-22 18:04 - 00143852 _____ C:\WINDOWS\KB2847311.log
2014-01-25 10:54 - 2014-01-25 10:54 - 00139715 _____ C:\WINDOWS\KB2898785-IE8.log
2014-01-25 10:54 - 2014-01-25 10:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2802968$
2014-01-25 10:54 - 2014-01-25 10:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2655992$
2014-01-25 10:54 - 2014-01-22 18:04 - 00145673 _____ C:\WINDOWS\KB2655992.log
2014-01-25 10:54 - 2014-01-22 18:04 - 00144995 _____ C:\WINDOWS\KB2802968.log
2014-01-25 10:53 - 2014-01-25 10:53 - 00131354 _____ C:\WINDOWS\KB2862335.log
2014-01-25 10:53 - 2014-01-25 10:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2014-01-25 10:53 - 2014-01-25 10:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2014-01-25 10:53 - 2014-01-22 18:03 - 00138223 _____ C:\WINDOWS\KB2898715.log
2014-01-25 10:53 - 2009-05-14 04:37 - 00546125 _____ C:\WINDOWS\setupapi.log
2014-01-25 10:52 - 2014-01-25 10:52 - 00128905 _____ C:\WINDOWS\KB2834904-v2.log
2014-01-25 10:52 - 2014-01-25 10:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2014-01-25 10:52 - 2014-01-25 10:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$
2014-01-25 10:52 - 2014-01-22 18:03 - 00139421 _____ C:\WINDOWS\KB2780091.log
2014-01-25 10:50 - 2014-01-25 10:50 - 00130889 _____ C:\WINDOWS\KB2904266.log
2014-01-25 10:50 - 2014-01-25 10:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2014-01-25 10:50 - 2014-01-25 10:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2014-01-25 10:50 - 2014-01-25 10:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2014-01-25 10:50 - 2014-01-22 18:02 - 00137227 _____ C:\WINDOWS\KB2876217.log
2014-01-25 10:50 - 2014-01-22 18:02 - 00136914 _____ C:\WINDOWS\KB2845187.log
2014-01-25 10:50 - 2009-05-13 21:45 - 00248936 _____ C:\WINDOWS\system32\TZLog.log
2014-01-25 10:47 - 2014-01-25 10:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2014-01-25 10:47 - 2014-01-22 18:01 - 00136408 _____ C:\WINDOWS\KB2864063.log
2014-01-25 10:46 - 2014-01-25 10:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2719985$
2014-01-25 10:46 - 2014-01-22 18:00 - 00020497 _____ C:\WINDOWS\KB2719985.log
2014-01-25 10:46 - 2010-06-06 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-01-25 10:45 - 2014-01-25 10:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2014-01-25 10:45 - 2014-01-25 10:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2014-01-25 10:45 - 2014-01-25 10:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$
2014-01-25 10:45 - 2014-01-22 18:00 - 00017595 _____ C:\WINDOWS\KB2862152.log
2014-01-25 10:45 - 2014-01-22 18:00 - 00016767 _____ C:\WINDOWS\KB2850869.log
2014-01-25 10:43 - 2014-01-25 10:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2014-01-25 10:43 - 2014-01-22 18:00 - 00017072 _____ C:\WINDOWS\KB2876331.log
2014-01-25 10:42 - 2014-01-25 10:42 - 00013024 _____ C:\WINDOWS\KB2807986.log
2014-01-25 10:42 - 2014-01-25 10:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2014-01-25 10:42 - 2014-01-25 10:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2014-01-25 10:42 - 2014-01-25 10:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$
2014-01-25 10:42 - 2014-01-25 10:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$
2014-01-25 10:42 - 2014-01-25 10:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2757638$
2014-01-25 10:42 - 2014-01-22 17:59 - 00018878 _____ C:\WINDOWS\KB2820917.log
2014-01-25 10:42 - 2014-01-22 17:59 - 00017996 _____ C:\WINDOWS\KB2859537.log
2014-01-25 10:42 - 2014-01-22 17:59 - 00017702 _____ C:\WINDOWS\KB2757638.log
2014-01-25 10:42 - 2014-01-22 17:59 - 00015890 _____ C:\WINDOWS\KB2893294.log
2014-01-25 10:42 - 2009-05-13 21:45 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2014-01-25 10:41 - 2008-04-25 10:16 - 00000603 _____ C:\WINDOWS\win.ini
2014-01-25 10:40 - 2014-01-25 10:40 - 00011402 _____ C:\WINDOWS\KB2698365.log
2014-01-25 10:40 - 2014-01-25 10:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2014-01-25 10:40 - 2014-01-25 10:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2014-01-25 10:40 - 2014-01-25 10:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2749655$
2014-01-25 10:40 - 2014-01-25 10:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2727528$
2014-01-25 10:40 - 2014-01-25 10:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2705219-v2$
2014-01-25 10:40 - 2014-01-25 10:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2698365$
2014-01-25 10:40 - 2014-01-22 17:59 - 00017193 _____ C:\WINDOWS\KB2749655.log
2014-01-25 10:40 - 2014-01-22 17:59 - 00016143 _____ C:\WINDOWS\KB2705219-v2.log
2014-01-25 10:40 - 2014-01-22 17:59 - 00014960 _____ C:\WINDOWS\KB2893984.log
2014-01-25 10:40 - 2014-01-22 17:59 - 00014370 _____ C:\WINDOWS\KB2727528.log
2014-01-25 10:40 - 2014-01-22 17:59 - 00013681 _____ C:\WINDOWS\KB2892075.log
2014-01-25 10:39 - 2014-01-25 10:39 - 00009097 _____ C:\WINDOWS\KB2723135-v2.log
2014-01-25 10:39 - 2014-01-25 10:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2014-01-25 10:39 - 2014-01-25 10:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$
2014-01-25 10:39 - 2014-01-25 10:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2723135-v2$
2014-01-25 10:39 - 2014-01-22 17:58 - 00015786 _____ C:\WINDOWS\KB2813345.log
2014-01-25 10:36 - 2011-04-17 18:00 - 00017192 _____ C:\WINDOWS\KB2510531-IE8.log
2014-01-25 10:36 - 2008-04-25 15:39 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2014-01-25 10:32 - 2014-01-25 10:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-25 10:24 - 2014-01-25 10:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-25 10:24 - 2014-01-25 10:23 - 00007084 _____ C:\WINDOWS\KB2914368.log
2014-01-22 18:33 - 2014-01-22 17:43 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-22 18:28 - 2012-12-19 17:21 - 00000000 __SHD C:\WINDOWS\CSC
2014-01-22 18:18 - 2010-09-19 18:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2141007$
2014-01-22 18:17 - 2014-01-22 17:43 - 00000000 ____D C:\Documents and Settings\User\Desktop\mbar
2014-01-22 18:17 - 2012-07-09 09:54 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2014-01-22 17:44 - 2014-01-20 13:21 - 00000000 ____D C:\Qoobox
2014-01-22 17:36 - 2014-01-22 17:36 - 00016277 _____ C:\ComboFix.txt
2014-01-22 17:33 - 2014-01-20 13:20 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-22 17:27 - 2008-04-25 10:16 - 00000227 _____ C:\WINDOWS\system.ini
2014-01-20 18:23 - 2014-01-20 18:23 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-01-20 18:23 - 2014-01-20 18:23 - 00008192 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2014-01-20 18:23 - 2014-01-20 18:23 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2014-01-20 18:23 - 2014-01-20 18:23 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2014-01-20 18:23 - 2014-01-20 18:23 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-01-20 16:05 - 2012-10-30 10:09 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\RivalGaming
2014-01-20 15:16 - 2008-04-25 03:21 - 04980736 _____ C:\WINDOWS\system32\config\system.bak
2014-01-20 15:16 - 2008-04-25 03:21 - 00524288 _____ C:\WINDOWS\system32\config\default.bak
2014-01-20 13:56 - 2014-01-20 13:56 - 00000000 _RSHD C:\cmdcons
2014-01-20 13:56 - 2008-04-25 10:16 - 00000327 __RSH C:\boot.ini
2014-01-20 13:53 - 2008-04-25 03:21 - 34078720 _____ C:\WINDOWS\system32\config\software.bak
2014-01-20 13:53 - 2008-04-25 03:21 - 00057344 _____ C:\WINDOWS\system32\config\SECURITY.bak
2014-01-20 13:53 - 2008-04-25 03:21 - 00028672 _____ C:\WINDOWS\system32\config\SAM.bak
2014-01-20 13:47 - 2008-04-25 15:32 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2014-01-20 13:42 - 2014-01-20 13:42 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\User\Desktop\mbar-1.07.0.1008.exe
2014-01-20 13:20 - 2014-01-20 13:20 - 05167985 ____R (Swearware) C:\Documents and Settings\User\Desktop\ComboFix.exe
2014-01-20 13:12 - 2014-01-20 13:12 - 05509039 _____ ( ) C:\Documents and Settings\User\Desktop\BluelineFull.exe
2014-01-20 13:12 - 2014-01-20 13:12 - 00000675 _____ C:\Documents and Settings\All Users\Desktop\Blueline.lnk
2014-01-20 13:12 - 2014-01-20 13:12 - 00000000 ____D C:\Program Files\AzTools
2014-01-20 09:01 - 2014-01-20 08:55 - 00067966 _____ C:\Documents and Settings\User\Desktop\OTL.Txt
2014-01-20 08:55 - 2014-01-20 08:55 - 00063776 _____ C:\Documents and Settings\User\Desktop\Extras.Txt
2014-01-19 16:23 - 2014-01-20 08:04 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe
2014-01-19 10:27 - 2014-01-19 10:27 - 01221120 _____ (Farbar) C:\WINDOWS\FRST.EXE
2014-01-19 01:32 - 2011-04-23 10:08 - 00231584 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-17 15:30 - 2012-01-23 10:19 - 00000000 ____D C:\Program Files\Google
2014-01-15 11:44 - 2009-05-26 10:16 - 00002497 _____ C:\Documents and Settings\User\Desktop\Microsoft Office Word 2003.lnk
2014-01-14 09:13 - 2010-10-17 18:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979687$
2014-01-13 15:34 - 2012-01-25 13:26 - 00000000 ____D C:\Program Files\Yahoo!
2014-01-13 15:34 - 2012-01-25 13:26 - 00000000 ____D C:\Documents and Settings\User\Application Data\Yahoo!
2014-01-13 15:34 - 2010-04-01 08:57 - 00000000 ____D C:\Program Files\Common Files\Intuit
2014-01-13 15:34 - 2010-04-01 08:56 - 00000000 ____D C:\Program Files\TurboTax
2014-01-13 15:33 - 2012-01-25 13:37 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\The Weather Channel
2014-01-13 15:32 - 2013-12-12 11:37 - 00000000 ____D C:\Program Files\Citrix
2014-01-13 15:31 - 2012-01-25 13:26 - 00000000 ____D C:\Program Files\FinalMediaPlayer
2014-01-13 15:31 - 2012-01-23 10:20 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Google
2014-01-13 15:31 - 2012-01-23 10:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google
2014-01-13 15:30 - 2013-12-12 11:37 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Citrix
2014-01-13 15:29 - 2012-01-25 13:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WeCareReminder
2014-01-13 15:22 - 2012-11-03 19:56 - 00333456 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3998656779-3110518549-2724662597-1005-0.dat
2014-01-13 15:22 - 2012-11-03 19:56 - 00268494 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-01-13 15:04 - 2014-01-13 15:04 - 00090112 _____ C:\WINDOWS\Minidump\Mini011314-04.dmp
2014-01-13 15:04 - 2010-12-28 08:49 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-13 14:57 - 2014-01-13 14:57 - 00090112 _____ C:\WINDOWS\Minidump\Mini011314-03.dmp
2014-01-13 14:44 - 2014-01-13 14:44 - 00090112 _____ C:\WINDOWS\Minidump\Mini011314-02.dmp
2014-01-13 14:41 - 2014-01-13 14:42 - 00090112 _____ C:\WINDOWS\Minidump\Mini011314-01.dmp
2014-01-13 14:38 - 2014-01-13 14:33 - 00000000 ____D C:\WINDOWS\system32\MpEngineStore
2014-01-13 14:28 - 2012-05-06 18:01 - 00001700 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-01-13 14:28 - 2011-04-23 10:03 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2014-01-13 14:28 - 2011-04-23 10:03 - 00000000 ____D C:\Program Files\Microsoft Security Client
2014-01-13 14:15 - 2009-05-14 04:39 - 00001250 _____ C:\WINDOWS\setupact.log
2014-01-13 11:10 - 2010-04-01 08:58 - 00000000 ____D C:\Program Files\ItsDeductible2005
2014-01-11 18:32 - 2014-01-01 18:09 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\SFworks
2014-01-10 15:48 - 2012-11-05 22:46 - 00001005 _____ C:\Documents and Settings\User\Desktop\Dropbox.lnk
2014-01-10 15:48 - 2012-11-05 22:44 - 00000000 ____D C:\Documents and Settings\User\Start Menu\Programs\Dropbox
2014-01-10 10:35 - 2009-05-21 10:51 - 00070756 _____ C:\WINDOWS\spupdsvc.log
2014-01-10 10:35 - 2009-05-21 09:04 - 00000805 _____ C:\Documents and Settings\User\Start Menu\Programs\Internet Explorer.lnk
2014-01-10 10:35 - 2008-04-25 03:17 - 00000000 ____D C:\WINDOWS\Help
2014-01-10 10:34 - 2009-05-21 11:19 - 00115429 _____ C:\WINDOWS\ie8.log
2014-01-10 10:34 - 2009-05-21 11:04 - 00101550 _____ C:\WINDOWS\ie8_main.log
2014-01-10 10:33 - 2014-01-10 10:32 - 00000000 __HDC C:\WINDOWS\ie8
2014-01-10 10:33 - 2008-04-25 03:17 - 00000000 ____D C:\WINDOWS\Media
2014-01-10 10:26 - 2014-01-10 10:24 - 00029947 _____ C:\WINDOWS\ie8Uninst.log
2014-01-10 10:26 - 2009-05-21 11:20 - 00000000 ____D C:\WINDOWS\ie8updates
2014-01-06 16:20 - 2009-05-21 09:43 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-06 08:27 - 2011-06-19 18:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2535512$
2013-12-31 15:06 - 2012-08-20 10:12 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-30 15:19 - 2013-12-30 15:19 - 00000000 ____D C:\Program Files\Mozilla Firefox

Some content of TEMP:
====================
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-4971963f.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2008-04-25 10:16] - [2008-04-14 06:00] - 0399360 ____A (Microsoft Corporation) 2589fe6015a316c0f5d5112b4da7b509

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-01-2014 01
Ran by User at 2014-01-29 18:36:25
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Advanced Antispyware Solution (Disabled - Up to date) {40D2020A-A364-49FE-8A3B-B71F3CE24C98}
FW: Advanced Antispyware Solution (Disabled) {660B1FD7-1146-44E4-8329-350027D33AEC}

==================== Installed Programs ======================

Acrobat.com (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 (Version: 9.5.2 - Adobe Systems Incorporated)
Apple Application Support (Version: 2.1.7 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blueline 1.1.1 (Version: - )
Broadcom Management Programs (Version: 11.66.01 - Broadcom Corporation)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
HL-5470DW (Version: 1.0.2.0 - Brother Industries, Ltd.)
HP Deskjet 9800 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Deskjet 9800 Series (Version: - )
HP Officejet Pro 8600 Basic Device Software (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Update (Version: 5.003.000.004 - Hewlett-Packard)
I.R.I.S. OCR (Version: 12.3.4.0 - HP)
Intel® Graphics Media Accelerator Driver (Version: - )
Java™ 6 Update 13 (Version: 6.0.130 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
LAN-Fax Utilities (Version: - )
Microsoft .NET Framework 1.1 (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 6.0 Parser (KB927977) (Version: 6.00.3890.0 - Microsoft Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PowerDVD DX (Version: 8.2.5024 - Dell Corp.)
QuickTime (Version: 7.72.80.56 - Apple Inc.)
Roxio Activation Module (Version: 1.0 - Roxio)
Roxio Creator Audio (Version: 3.5.0 - Roxio)
Roxio Creator BDAV Plugin (Version: 3.5.0 - Roxio)
Roxio Creator Copy (Version: 3.5.0 - Roxio)
Roxio Creator Data (Version: 3.5.0 - Roxio)
Roxio Creator DE (Version: 3.5.0 - Roxio)
Roxio Creator Tools (Version: 3.5.0 - Roxio)
Roxio Drag-to-Disc (Version: 9.1 - Roxio)
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio)
Roxio Update Manager (Version: 6.0.0 - Roxio)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Sonic CinePlayer Decoder Pack (Version: 4.2.0 - Sonic Solutions)
TurboTax ItsDeductible 2005 (Version: 9.05.0000 - Intuit)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Windows (KB971513) (Version: - Microsoft Corporation)
Update for Windows XP (KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951618-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Management Framework Core (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
Windows Search 4.0 (Version: 04.00.6001.503 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden

==================== Restore Points =========================

29-10-2013 14:44:30 System Checkpoint
30-10-2013 15:03:06 System Checkpoint
31-10-2013 17:19:28 System Checkpoint
01-11-2013 18:02:59 System Checkpoint
02-11-2013 19:02:59 System Checkpoint
03-11-2013 20:09:50 System Checkpoint
04-11-2013 23:21:47 System Checkpoint
06-11-2013 00:02:59 System Checkpoint
08-11-2013 16:12:21 System Checkpoint
09-11-2013 16:59:21 System Checkpoint
10-11-2013 21:28:37 System Checkpoint
11-11-2013 21:59:21 System Checkpoint
12-11-2013 22:59:21 System Checkpoint
13-11-2013 23:16:54 System Checkpoint
14-11-2013 23:25:43 System Checkpoint
15-11-2013 23:59:12 System Checkpoint
17-11-2013 00:59:12 System Checkpoint
18-11-2013 01:59:13 System Checkpoint
19-11-2013 02:59:12 System Checkpoint
20-11-2013 03:59:13 System Checkpoint
21-11-2013 04:49:21 System Checkpoint
22-11-2013 05:49:21 System Checkpoint
23-11-2013 06:49:21 System Checkpoint
24-11-2013 07:49:21 System Checkpoint
25-11-2013 08:49:21 System Checkpoint
26-11-2013 09:49:21 System Checkpoint
27-11-2013 10:49:21 System Checkpoint
28-11-2013 11:49:10 System Checkpoint
29-11-2013 12:49:10 System Checkpoint
30-11-2013 13:49:04 System Checkpoint
01-12-2013 13:49:10 System Checkpoint
02-12-2013 14:41:15 System Checkpoint
03-12-2013 15:41:15 System Checkpoint
04-12-2013 16:41:15 System Checkpoint
05-12-2013 17:41:15 System Checkpoint
06-12-2013 18:41:15 System Checkpoint
07-12-2013 19:41:15 System Checkpoint
08-12-2013 22:39:21 System Checkpoint
09-12-2013 23:39:20 System Checkpoint
11-12-2013 00:39:20 System Checkpoint
12-12-2013 01:39:20 System Checkpoint
13-12-2013 02:37:35 System Checkpoint
14-12-2013 02:39:20 System Checkpoint
15-12-2013 02:52:22 System Checkpoint
16-12-2013 03:52:14 System Checkpoint
17-12-2013 04:52:14 System Checkpoint
18-12-2013 05:52:14 System Checkpoint
19-12-2013 06:52:14 System Checkpoint
20-12-2013 07:52:14 System Checkpoint
21-12-2013 08:52:14 System Checkpoint
22-12-2013 09:52:14 System Checkpoint
23-12-2013 10:52:03 System Checkpoint
24-12-2013 11:52:01 System Checkpoint
25-12-2013 12:52:01 System Checkpoint
26-12-2013 13:52:01 System Checkpoint
27-12-2013 14:52:01 System Checkpoint
28-12-2013 15:52:01 System Checkpoint
29-12-2013 16:52:01 System Checkpoint
30-12-2013 17:11:29 System Checkpoint
31-12-2013 18:03:37 System Checkpoint
01-01-2014 18:04:22 System Checkpoint
02-01-2014 18:18:30 System Checkpoint
03-01-2014 20:31:51 System Checkpoint
04-01-2014 21:17:13 System Checkpoint
06-01-2014 15:21:33 System Checkpoint
07-01-2014 16:12:38 System Checkpoint
08-01-2014 17:05:25 System Checkpoint
09-01-2014 17:10:37 System Checkpoint
10-01-2014 16:33:33 Installed Windows Internet Explorer 8.
11-01-2014 17:21:34 System Checkpoint
12-01-2014 18:16:16 System Checkpoint
13-01-2014 18:58:44 System Checkpoint
13-01-2014 21:20:43 Restore Operation
13-01-2014 21:24:19 Restore Operation
13-01-2014 21:29:30 Removed ASPCA Tri Reminder by We-Care.com v4.0.13.5
13-01-2014 21:30:25 Removed Citrix Online Launcher
13-01-2014 21:33:45 Removed WexTech AnswerWorks
14-01-2014 21:59:56 System Checkpoint
15-01-2014 22:42:33 System Checkpoint
16-01-2014 23:18:22 System Checkpoint
18-01-2014 00:03:06 System Checkpoint
19-01-2014 01:02:01 System Checkpoint
21-01-2014 23:14:14 System Checkpoint
23-01-2014 00:08:34 Software Distribution Service 3.0
23-01-2014 00:17:06 Malwarebytes Anti-Rootkit Restore Point
25-01-2014 16:22:12 Software Distribution Service 3.0
26-01-2014 16:26:31 System Checkpoint
26-01-2014 17:00:16 Software Distribution Service 3.0
30-01-2014 00:27:02 Software Distribution Service 3.0

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\OGALogon.job => C:\WINDOWS\system32\OGAEXEC.exe

==================== Loaded Modules (whitelisted) =============

2013-09-15 18:34 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2013-10-18 17:55 - 2013-10-18 17:55 - 25100288 _____ () C:\Documents and Settings\User\Application Data\Dropbox\bin\libcef.dll
2007-07-23 14:04 - 2007-07-23 14:04 - 00068080 _____ () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
2013-12-30 15:19 - 2013-12-30 15:19 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\WINDOWS\system32\Drivers\gtdfkgza.sys:changelist

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

Name: USB 2.0 FD
Description: USB 2.0 FD
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/26/2014 11:00:55 AM) (Source: HotFixInstaller) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2789643, P2 1033, P3 1601, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.

Error: (01/25/2014 11:14:42 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: WindowsLive.Writer.Interop, Version=14.0.8050.1202, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x800706be

Error: (01/25/2014 11:14:42 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3649 - Fatal Execution Engine Error (7A0BD156) (80131506)

Error: (01/25/2014 11:14:42 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3649 - Fatal Execution Engine Error (7A0BD156) (80131506)

Error: (01/25/2014 11:14:42 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3649 - Fatal Execution Engine Error (7A0BD156) (80131506)

Error: (01/25/2014 11:14:42 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3649 - CLR: Fatal Execution Engine Error (7A0BD156) (80131506)

Error: (01/25/2014 11:14:42 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3649 - Fatal Execution Engine Error (7A0BD156) (80131506)

Error: (01/25/2014 11:14:42 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3649 - Fatal Execution Engine Error (7A0BD156) (80131506)

Error: (01/25/2014 11:14:42 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3649 - Fatal Execution Engine Error (7A0BD156) (80131506)

Error: (01/25/2014 11:14:42 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3649 - Fatal Execution Engine Error (7A0BD156) (80131506)

System errors:
=============
Error: (01/29/2014 06:32:59 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.165.2406.0

Update Source: %NT AUTHORITY59

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/29/2014 06:32:59 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.165.2406.0

Update Source: %NT AUTHORITY59

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/29/2014 06:32:59 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.165.2406.0

Update Source: %NT AUTHORITY59

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/26/2014 05:17:59 PM) (Source: Service Control Manager) (User: )
Description: The Terminal Services service terminated unexpectedly. It has done this 1 time(s).

Error: (01/26/2014 05:17:59 PM) (Source: Service Control Manager) (User: )
Description: The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

Error: (01/26/2014 11:33:43 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.165.2406.0

Update Source: %NT AUTHORITY59

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/26/2014 11:33:43 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.165.2406.0

Update Source: %NT AUTHORITY59

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/26/2014 11:01:37 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2789643).

Error: (01/26/2014 01:52:42 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.165.2406.0

Update Source: %NT AUTHORITY59

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/26/2014 01:52:42 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.165.2406.0

Update Source: %NT AUTHORITY59

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Microsoft Office Sessions:
=========================
Error: (01/26/2014 11:00:55 AM) (Source: HotFixInstaller)(User: )
Description: visualstudio8setupmicrosoft .net framework 2.0-kb278964310331601msif9.0.40215.0installx86xp0

Error: (01/25/2014 11:14:42 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: WindowsLive.Writer.Interop, Version=14.0.8050.1202, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x800706be
WindowsLive.Writer.Interop, Version=14.0.8050.1202, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (01/25/2014 11:14:42 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3649 - Fatal Execution Engine Error (7A0BD156) (80131506)

Error: (01/25/2014 11:14:42 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3649 - Fatal Execution Engine Error (7A0BD156) (80131506)

Error: (01/25/2014 11:14:42 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3649 - Fatal Execution Engine Error (7A0BD156) (80131506)

Error: (01/25/2014 11:14:42 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3649 - CLR: Fatal Execution Engine Error (7A0BD156) (80131506)

Error: (01/25/2014 11:14:42 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3649 - Fatal Execution Engine Error (7A0BD156) (80131506)

Error: (01/25/2014 11:14:42 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3649 - Fatal Execution Engine Error (7A0BD156) (80131506)

Error: (01/25/2014 11:14:42 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3649 - Fatal Execution Engine Error (7A0BD156) (80131506)

Error: (01/25/2014 11:14:42 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3649 - Fatal Execution Engine Error (7A0BD156) (80131506)

==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 3060.89 MB
Available physical RAM: 1828.79 MB
Total Pagefile: 4946.68 MB
Available Pagefile: 3882.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.91 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:148.97 GB) (Free:122.54 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive l: () (Network) (Total:37.21 GB) (Free:9.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#11
pystryker

Posted 30 January 2014 - 11:46 AM

Trusted Helper

Topic Starter
Malware Removal
3,912 posts

Hello, we have some work to do, so let's get started.

Step 1: Chrome Plugin and Extension Uninstalls

Disable Chrome Plugins

There are some plugins in Chrome that need to be disabled, please follow the instructions below to disable them.

Start Chrome and type this into the address bar: chrome:plugins

This will display a page of all the installed plugins. Please disable the plugins in the list below by clicking the word Disable under each one.

If one of the plugins I've asked you to remove is not in the list, don't worry about it. Just move to the next one in the list.

Plugin to Disable

RivalGaming Addon

Remove Chrome Plugins

There are some extensions in Chrome that need to be removed, please follow the instructions below to remove them.

Start Chrome and type this into the address bar: chrome:extensions

This will display a page of all the installed extensions. Please remove the extensions in the list below by clicking the trash can icon beside each one.

If one of the extensions I've asked you to remove is not listed, don't worry about it. Just move on to the next one in the list.

Extensions to Remove

RivalGaming

We-Care Reminder

Yontoo

DefaultTab

Step 2: FRST Fix

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
Right-click in the open notepad and select Paste).
Save it on your desktop as fixlist.txt

Start
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchr...om/?c=2644&t=01
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://findgala.com/...q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://findgala.com/...q={searchTerms}
SearchScopes: HKCU - {4E8A57D2-761C-4BE1-BF8E-57741640B371} URL = http://www.mysearchr...q={searchTerms}
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
C:\Program Files\DefaultTab
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\adhmhclafdhfabmmglbcngpddpdeijgd
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\searchplugins\search-here.xml
FF Extension: RivalGaming - C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] [2013-07-04]
FF Extension: EpicPlay Games - C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] [2012-01-25]
FF Extension: RivalGaming - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\Extensions\[email protected] [2013-07-04]
FF Extension: Default Tab - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\Extensions\[email protected] [2012-10-30]
2014-01-20 16:05 - 2012-10-30 10:09 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\RivalGaming
2014-01-13 15:29 - 2012-01-25 13:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WeCareReminder
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gtdfkgza.sys:changelist
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on your desktop (Fixlog.txt) please post it in your next reply.

Step 3: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop

Posted Image

Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
Close any open windows or browsers.
Pause your Anti-Virus program if it is running.
Once it starts, click on the Scan button.
Let the scan complete itself. This may take a few minutes.
Once the scan has finished, "Pending, uncheck elements you don't want to remove."
click the Clean button. When finished, it will ask to reboot. Please reboot.
When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.

This report is also saved at C:\AdwCleaner[R0].txt

Step 4: Junkware Removal Tool

Posted Image

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 5: FRST Scan

Start FRST and click the Scan button.
FRST will scan your machine and produce a log called FRST.txt on your desktop.
Please include that log in your next reply.

Things I need to see in your next post:

FRST Fixlog.txt

AdwCleaner Log

Junkware Removal Tool Log

FRST Scan log

#12
pystryker

Posted 01 February 2014 - 11:05 AM

Trusted Helper

Topic Starter
Malware Removal
3,912 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-01-2014 01
Ran by User at 2014-02-01 10:42:51 Run:2
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchr...om/?c=2644&t=01
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://findgala.com/...q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://findgala.com/...q={searchTerms}
SearchScopes: HKCU - {4E8A57D2-761C-4BE1-BF8E-57741640B371} URL = http://www.mysearchr...q={searchTerms}
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
C:\Program Files\DefaultTab
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\adhmhclafdhfabmmglbcngpddpdeijgd
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\searchplugins\search-here.xml
FF Extension: RivalGaming - C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] [2013-07-04]
FF Extension: EpicPlay Games - C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] [2012-01-25]
FF Extension: RivalGaming - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\Extensions\[email protected] [2013-07-04]
FF Extension: Default Tab - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\Extensions\[email protected] [2012-10-30]
2014-01-20 16:05 - 2012-10-30 10:09 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\RivalGaming
2014-01-13 15:29 - 2012-01-25 13:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WeCareReminder
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gtdfkgza.sys:changelist
End
*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4E8A57D2-761C-4BE1-BF8E-57741640B371} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{4E8A57D2-761C-4BE1-BF8E-57741640B371} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
"C:\Program Files\DefaultTab" => File/Directory not found.
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc => Moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm => Moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\adhmhclafdhfabmmglbcngpddpdeijgd => Moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\searchplugins\search-here.xml => Moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] => Moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] => Moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\Extensions\[email protected] => Moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\Extensions\[email protected] => Moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\RivalGaming => Moved successfully.
C:\Documents and Settings\All Users\Application Data\WeCareReminder => Moved successfully.
C:\WINDOWS\system32\Drivers\gtdfkgza.sys => ":changelist" ADS removed successfully.

==== End of Fixlog ====

# AdwCleaner v3.018 - Report created 01/02/2014 at 10:49:15
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - PASTORSTUDY
# Running from : C:\Documents and Settings\User\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Documents and Settings\User\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[!] Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\defaulttab.config
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default\prefs.js ]

Line Deleted : user_pref("storage.rivalgaming.data", "{\"usedbkpserv\":false,\"confdwstarttime\":\"2014-02-01T16:37:14.885Z\",\"interval\":3600,\"excluded\":\"216\",\"script\":\"hxxp://tt.rivalgaming.com/cmn?p=YTI4M[...]

-\\ Google Chrome v

[ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3395 octets] - [01/02/2014 10:48:26]
AdwCleaner[S0].txt - [3376 octets] - [01/02/2014 10:49:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3436 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Microsoft Windows XP x86
Ran by User on Sat 02/01/2014 at 10:55:25.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\epicplay"

~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\User\Application Data\mozilla\firefox\profiles\r2tx7ymr.default\extensions\[email protected] [Tracur]
Successfully deleted the following from C:\Documents and Settings\User\Application Data\mozilla\firefox\profiles\r2tx7ymr.default\prefs.js

user_pref("extensions.defaulttab.PIR7", 1391041807);
user_pref("extensions.defaulttab.browserID", "ffff054cfbf65a2e3a80323194f5e80b");
user_pref("extensions.defaulttab.firstrun", false);
user_pref("extensions.defaulttab.installdate", 1383926250);
user_pref("extensions.defaulttab.installedVersion", "2.3");
user_pref("extensions.defaulttab.lastNetSeerDownload", 1391041805);
user_pref("extensions.defaulttab.sethomepage", false);
user_pref("extensions.defaulttab.useNewTabWhiteList", false);
Emptied folder: C:\Documents and Settings\User\Application Data\mozilla\firefox\profiles\r2tx7ymr.default\minidumps [4 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/01/2014 at 10:58:26.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2014 01
Ran by User (administrator) on PASTORSTUDY on 01-02-2014 11:00:15
Running from C:\Documents and Settings\User\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Dropbox, Inc.) C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2008-07-15] (Analog Devices, Inc.)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [148888 2009-03-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [ACSTRAY] - C:\WINACS\ACSTRAY.EXE [1475072 2008-04-08] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2012-08-14] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [HPWQTOOLBOX] - C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe [335872 2005-06-03] (Hewlett-Packard Company)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2678784 2011-10-18] (Brother Industries, Ltd.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [ISUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKCU\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1804648 2011-09-09] (Hewlett-Packard Co.)
HKU\Administrator\...\Run: [ISUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [ 2006-09-11] (Macrovision Corporation)
HKU\Default User\...\Run: [ISUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [ 2006-09-11] (Macrovision Corporation)
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {645701DB-0A59-AE3F-8D62-BAA040AFB663} URL = http://www.bing.com/...007&form=ZGAIDF
SearchScopes: HKCU - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKCU - {CF01412E-D00C-4DF0-8C2E-6FFCB3A5F57D} URL = http://search.yahoo....0120104,0,0,0,0
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1242920394031
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\r2tx7ymr.default
FF NewTab: about:blank
FF DefaultSearchEngine: Yahoo
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.user_pref("browser.search.order.2", "");: user_pref("browser.search.order.2", "");
FF SelectedSearchEngine: Yahoo
FF Homepage: https://www.yahoo.com/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\User\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2013-03-04]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (RivalGaming Addon) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\adhmhclafdhfabmmglbcngpddpdeijgd\npRivalGamingGC.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java™ Platform SE 6 U13) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

========================== Services (Whitelisted) =================

R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [249856 2011-11-15] (Brother Industries, Ltd.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-03-09] (Sun Microsystems, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)
R2 DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)
R2 DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)
R2 DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)
R2 DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)
R2 DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)
R2 DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)
R2 DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)
R3 k57w2k; C:\WINDOWS\System32\DRIVERS\k57xp32.sys [176640 2008-07-15] (Broadcom Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-07-15] (Sonic Focus, Inc)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 MpKsl8c30adc4; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF939C90-7D16-4C1E-89D3-FB4098570A56}\MpKsl8c30adc4.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-01 10:58 - 2014-02-01 10:58 - 00001610 _____ C:\Documents and Settings\User\Desktop\JRT.txt
2014-02-01 10:55 - 2014-02-01 10:55 - 01037068 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
2014-02-01 10:55 - 2014-02-01 10:55 - 00000000 ____D C:\WINDOWS\ERUNT
2014-02-01 10:48 - 2014-02-01 10:49 - 00000000 ____D C:\AdwCleaner
2014-02-01 10:48 - 2014-02-01 10:48 - 01166132 _____ C:\Documents and Settings\User\Desktop\adwcleaner.exe
2014-01-29 18:34 - 2014-02-01 11:00 - 00014204 _____ C:\Documents and Settings\User\Desktop\FRST.txt
2014-01-29 18:33 - 2014-01-29 18:33 - 01137152 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-01-26 16:25 - 2014-02-01 11:00 - 00000000 ____D C:\FRST
2014-01-25 11:27 - 2014-01-25 11:27 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\PCHealth
2014-01-25 11:15 - 2014-01-25 11:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2014-01-25 11:10 - 2014-01-25 11:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2712808$
2014-01-25 11:04 - 2014-01-25 11:04 - 00137781 _____ C:\WINDOWS\KB2834886.log
2014-01-25 11:04 - 2014-01-25 11:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2014-01-25 11:04 - 2014-01-25 11:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2758857$
2014-01-25 11:04 - 2014-01-25 11:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2691442$
2014-01-25 11:02 - 2014-01-25 11:02 - 00137129 _____ C:\WINDOWS\KB2900986.log
2014-01-25 11:02 - 2014-01-25 11:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2014-01-25 10:59 - 2014-01-25 10:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2014-01-25 10:54 - 2014-01-25 10:54 - 00139715 _____ C:\WINDOWS\KB2898785-IE8.log
2014-01-25 10:54 - 2014-01-25 10:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2802968$
2014-01-25 10:54 - 2014-01-25 10:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2655992$
2014-01-25 10:53 - 2014-01-25 10:53 - 00131354 _____ C:\WINDOWS\KB2862335.log
2014-01-25 10:53 - 2014-01-25 10:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2014-01-25 10:53 - 2014-01-25 10:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2014-01-25 10:52 - 2014-01-25 10:52 - 00128905 _____ C:\WINDOWS\KB2834904-v2.log
2014-01-25 10:52 - 2014-01-25 10:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2014-01-25 10:52 - 2014-01-25 10:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$
2014-01-25 10:50 - 2014-01-25 10:50 - 00130889 _____ C:\WINDOWS\KB2904266.log
2014-01-25 10:50 - 2014-01-25 10:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2014-01-25 10:50 - 2014-01-25 10:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2014-01-25 10:50 - 2014-01-25 10:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2014-01-25 10:47 - 2014-01-25 10:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2014-01-25 10:46 - 2014-01-25 10:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2719985$
2014-01-25 10:45 - 2014-01-25 10:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2014-01-25 10:45 - 2014-01-25 10:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2014-01-25 10:45 - 2014-01-25 10:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$
2014-01-25 10:43 - 2014-01-25 10:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2014-01-25 10:42 - 2014-01-25 10:42 - 00013024 _____ C:\WINDOWS\KB2807986.log
2014-01-25 10:42 - 2014-01-25 10:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2014-01-25 10:42 - 2014-01-25 10:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2014-01-25 10:42 - 2014-01-25 10:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$
2014-01-25 10:42 - 2014-01-25 10:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$
2014-01-25 10:42 - 2014-01-25 10:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2757638$
2014-01-25 10:40 - 2014-01-25 10:40 - 00011402 _____ C:\WINDOWS\KB2698365.log
2014-01-25 10:40 - 2014-01-25 10:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2014-01-25 10:40 - 2014-01-25 10:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2014-01-25 10:40 - 2014-01-25 10:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2749655$
2014-01-25 10:40 - 2014-01-25 10:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2727528$
2014-01-25 10:40 - 2014-01-25 10:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2705219-v2$
2014-01-25 10:40 - 2014-01-25 10:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2698365$
2014-01-25 10:39 - 2014-01-25 10:39 - 00009097 _____ C:\WINDOWS\KB2723135-v2.log
2014-01-25 10:39 - 2014-01-25 10:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2014-01-25 10:39 - 2014-01-25 10:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$
2014-01-25 10:39 - 2014-01-25 10:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2723135-v2$
2014-01-25 10:30 - 2014-01-25 10:32 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-25 10:24 - 2014-01-25 10:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-25 10:23 - 2014-01-25 10:24 - 00007084 _____ C:\WINDOWS\KB2914368.log
2014-01-22 18:07 - 2014-01-25 11:15 - 00146046 _____ C:\WINDOWS\KB2868626.log
2014-01-22 18:07 - 2014-01-25 11:10 - 00147544 _____ C:\WINDOWS\KB2712808.log
2014-01-22 18:05 - 2014-01-25 11:04 - 00148087 _____ C:\WINDOWS\KB2691442.log
2014-01-22 18:05 - 2014-01-25 11:04 - 00147189 _____ C:\WINDOWS\KB2758857.log
2014-01-22 18:04 - 2014-01-25 10:59 - 00143852 _____ C:\WINDOWS\KB2847311.log
2014-01-22 18:04 - 2014-01-25 10:54 - 00145673 _____ C:\WINDOWS\KB2655992.log
2014-01-22 18:04 - 2014-01-25 10:54 - 00144995 _____ C:\WINDOWS\KB2802968.log
2014-01-22 18:03 - 2014-01-25 10:53 - 00138223 _____ C:\WINDOWS\KB2898715.log
2014-01-22 18:03 - 2014-01-25 10:52 - 00139421 _____ C:\WINDOWS\KB2780091.log
2014-01-22 18:03 - 2013-07-02 20:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2014-01-22 18:03 - 2013-07-02 19:59 - 00014976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys
2014-01-22 18:02 - 2014-01-25 10:50 - 00137227 _____ C:\WINDOWS\KB2876217.log
2014-01-22 18:02 - 2014-01-25 10:50 - 00136914 _____ C:\WINDOWS\KB2845187.log
2014-01-22 18:01 - 2014-01-25 10:47 - 00136408 _____ C:\WINDOWS\KB2864063.log
2014-01-22 18:00 - 2014-01-25 10:46 - 00020497 _____ C:\WINDOWS\KB2719985.log
2014-01-22 18:00 - 2014-01-25 10:45 - 00017595 _____ C:\WINDOWS\KB2862152.log
2014-01-22 18:00 - 2014-01-25 10:45 - 00016767 _____ C:\WINDOWS\KB2850869.log
2014-01-22 18:00 - 2014-01-25 10:43 - 00017072 _____ C:\WINDOWS\KB2876331.log
2014-01-22 17:59 - 2014-01-25 10:42 - 00018878 _____ C:\WINDOWS\KB2820917.log
2014-01-22 17:59 - 2014-01-25 10:42 - 00017996 _____ C:\WINDOWS\KB2859537.log
2014-01-22 17:59 - 2014-01-25 10:42 - 00017702 _____ C:\WINDOWS\KB2757638.log
2014-01-22 17:59 - 2014-01-25 10:42 - 00015890 _____ C:\WINDOWS\KB2893294.log
2014-01-22 17:59 - 2014-01-25 10:40 - 00017193 _____ C:\WINDOWS\KB2749655.log
2014-01-22 17:59 - 2014-01-25 10:40 - 00016143 _____ C:\WINDOWS\KB2705219-v2.log
2014-01-22 17:59 - 2014-01-25 10:40 - 00014960 _____ C:\WINDOWS\KB2893984.log
2014-01-22 17:59 - 2014-01-25 10:40 - 00014370 _____ C:\WINDOWS\KB2727528.log
2014-01-22 17:59 - 2014-01-25 10:40 - 00013681 _____ C:\WINDOWS\KB2892075.log
2014-01-22 17:59 - 2013-02-11 18:32 - 00012928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023x.sys
2014-01-22 17:59 - 2013-02-11 18:32 - 00012928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023.sys
2014-01-22 17:58 - 2014-01-25 10:39 - 00015786 _____ C:\WINDOWS\KB2813345.log
2014-01-22 17:58 - 2013-08-08 18:55 - 00032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2014-01-22 17:58 - 2013-08-08 18:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2014-01-22 17:58 - 2009-03-18 05:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2014-01-22 17:43 - 2014-01-22 18:33 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-22 17:43 - 2014-01-22 18:17 - 00000000 ____D C:\Documents and Settings\User\Desktop\mbar
2014-01-22 17:36 - 2014-01-22 17:36 - 00016277 _____ C:\ComboFix.txt
2014-01-20 18:23 - 2014-01-20 18:23 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-01-20 18:23 - 2014-01-20 18:23 - 00008192 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2014-01-20 18:23 - 2014-01-20 18:23 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2014-01-20 18:23 - 2014-01-20 18:23 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2014-01-20 18:23 - 2014-01-20 18:23 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-01-20 13:56 - 2014-01-20 13:56 - 00000000 _RSHD C:\cmdcons
2014-01-20 13:56 - 2009-05-21 09:04 - 00000211 _____ C:\Boot.bak
2014-01-20 13:56 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2014-01-20 13:50 - 2011-06-26 00:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2014-01-20 13:50 - 2010-11-07 11:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2014-01-20 13:50 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-01-20 13:50 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-01-20 13:50 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-01-20 13:50 - 2000-08-30 18:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-01-20 13:50 - 2000-08-30 18:00 - 00098816 _____ C:\WINDOWS\sed.exe
2014-01-20 13:50 - 2000-08-30 18:00 - 00080412 _____ C:\WINDOWS\grep.exe
2014-01-20 13:50 - 2000-08-30 18:00 - 00068096 _____ C:\WINDOWS\zip.exe
2014-01-20 13:42 - 2014-01-20 13:42 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\User\Desktop\mbar-1.07.0.1008.exe
2014-01-20 13:21 - 2014-01-22 17:44 - 00000000 ____D C:\Qoobox
2014-01-20 13:20 - 2014-01-22 17:33 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-20 13:20 - 2014-01-20 13:20 - 05167985 ____R (Swearware) C:\Documents and Settings\User\Desktop\ComboFix.exe
2014-01-20 13:12 - 2014-01-20 13:12 - 05509039 _____ ( ) C:\Documents and Settings\User\Desktop\BluelineFull.exe
2014-01-20 13:12 - 2014-01-20 13:12 - 00000675 _____ C:\Documents and Settings\All Users\Desktop\Blueline.lnk
2014-01-20 13:12 - 2014-01-20 13:12 - 00000000 ____D C:\Program Files\AzTools
2014-01-20 08:55 - 2014-01-20 09:01 - 00067966 _____ C:\Documents and Settings\User\Desktop\OTL.Txt
2014-01-20 08:55 - 2014-01-20 08:55 - 00063776 _____ C:\Documents and Settings\User\Desktop\Extras.Txt
2014-01-20 08:04 - 2014-01-19 16:23 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe
2014-01-19 10:27 - 2014-01-19 10:27 - 01221120 _____ (Farbar) C:\WINDOWS\FRST.EXE
2014-01-13 15:04 - 2014-01-13 15:04 - 00090112 _____ C:\WINDOWS\Minidump\Mini011314-04.dmp
2014-01-13 14:57 - 2014-01-13 14:57 - 00090112 _____ C:\WINDOWS\Minidump\Mini011314-03.dmp
2014-01-13 14:44 - 2014-01-13 14:44 - 00090112 _____ C:\WINDOWS\Minidump\Mini011314-02.dmp
2014-01-13 14:42 - 2014-01-13 14:41 - 00090112 _____ C:\WINDOWS\Minidump\Mini011314-01.dmp
2014-01-13 14:38 - 2014-02-01 11:00 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-01-13 14:33 - 2014-01-13 14:38 - 00000000 ____D C:\WINDOWS\system32\MpEngineStore
2014-01-10 10:32 - 2014-01-10 10:33 - 00000000 __HDC C:\WINDOWS\ie8
2014-01-10 10:24 - 2014-01-10 10:26 - 00029947 _____ C:\WINDOWS\ie8Uninst.log

==================== One Month Modified Files and Folders =======

2014-02-01 11:00 - 2014-01-29 18:34 - 00014204 _____ C:\Documents and Settings\User\Desktop\FRST.txt
2014-02-01 11:00 - 2014-01-26 16:25 - 00000000 ____D C:\FRST
2014-02-01 11:00 - 2014-01-13 14:38 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-02-01 11:00 - 2008-04-25 15:28 - 01402272 _____ C:\WINDOWS\WindowsUpdate.log
2014-02-01 10:58 - 2014-02-01 10:58 - 00001610 _____ C:\Documents and Settings\User\Desktop\JRT.txt
2014-02-01 10:55 - 2014-02-01 10:55 - 01037068 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
2014-02-01 10:55 - 2014-02-01 10:55 - 00000000 ____D C:\WINDOWS\ERUNT
2014-02-01 10:52 - 2012-11-05 22:46 - 00000000 ___RD C:\Documents and Settings\User\My Documents\Dropbox
2014-02-01 10:52 - 2012-11-05 22:43 - 00000000 ____D C:\Documents and Settings\User\Application Data\Dropbox
2014-02-01 10:50 - 2010-07-19 08:39 - 00000236 _____ C:\WINDOWS\Tasks\OGALogon.job
2014-02-01 10:50 - 2008-04-25 15:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-02-01 10:50 - 2008-04-25 10:16 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2014-02-01 10:50 - 2008-04-25 03:25 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-02-01 10:50 - 2008-04-25 03:25 - 00000048 _____ C:\WINDOWS\wiaservc.log
2014-02-01 10:49 - 2014-02-01 10:48 - 00000000 ____D C:\AdwCleaner
2014-02-01 10:49 - 2009-05-21 09:04 - 00000278 ___SH C:\Documents and Settings\User\ntuser.ini
2014-02-01 10:49 - 2008-04-25 15:32 - 00032468 _____ C:\WINDOWS\SchedLgU.Txt
2014-02-01 10:48 - 2014-02-01 10:48 - 01166132 _____ C:\Documents and Settings\User\Desktop\adwcleaner.exe
2014-01-30 11:17 - 2009-05-21 10:51 - 00072245 _____ C:\WINDOWS\spupdsvc.log
2014-01-30 11:01 - 2009-05-21 10:51 - 00045007 _____ C:\WINDOWS\KB956572.log
2014-01-30 11:01 - 2009-05-13 21:45 - 00142697 _____ C:\WINDOWS\updspapi.log
2014-01-29 18:47 - 2008-04-25 15:34 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2014-01-29 18:33 - 2014-01-29 18:33 - 01137152 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-01-29 18:32 - 2008-04-25 03:22 - 00618566 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-29 17:06 - 2008-04-25 15:32 - 00000000 __SHD C:\Documents and Settings\NetworkService
2014-01-26 14:28 - 2013-03-04 18:48 - 00000000 ____D C:\Documents and Settings\User\Application Data\HpUpdate
2014-01-25 11:27 - 2014-01-25 11:27 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\PCHealth
2014-01-25 11:20 - 2009-05-13 22:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2014-01-25 11:20 - 2008-04-25 03:21 - 00270984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-25 11:15 - 2014-01-25 11:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2014-01-25 11:15 - 2014-01-22 18:07 - 00146046 _____ C:\WINDOWS\KB2868626.log
2014-01-25 11:15 - 2008-04-25 03:22 - 01873394 _____ C:\WINDOWS\iis6.log
2014-01-25 11:15 - 2008-04-25 03:22 - 01696723 _____ C:\WINDOWS\FaxSetup.log
2014-01-25 11:15 - 2008-04-25 03:22 - 00824218 _____ C:\WINDOWS\ocgen.log
2014-01-25 11:15 - 2008-04-25 03:22 - 00778645 _____ C:\WINDOWS\tsoc.log
2014-01-25 11:15 - 2008-04-25 03:22 - 00567219 _____ C:\WINDOWS\comsetup.log
2014-01-25 11:15 - 2008-04-25 03:22 - 00523516 _____ C:\WINDOWS\msmqinst.log
2014-01-25 11:15 - 2008-04-25 03:22 - 00343889 _____ C:\WINDOWS\ntdtcsetup.log
2014-01-25 11:15 - 2008-04-25 03:22 - 00295704 _____ C:\WINDOWS\netfxocm.log
2014-01-25 11:15 - 2008-04-25 03:22 - 00116899 _____ C:\WINDOWS\MedCtrOC.log
2014-01-25 11:15 - 2008-04-25 03:22 - 00093553 _____ C:\WINDOWS\ocmsn.log
2014-01-25 11:15 - 2008-04-25 03:22 - 00084953 _____ C:\WINDOWS\tabletoc.log
2014-01-25 11:15 - 2008-04-25 03:22 - 00084730 _____ C:\WINDOWS\msgsocm.log
2014-01-25 11:15 - 2008-04-25 03:22 - 00001374 _____ C:\WINDOWS\imsins.log
2014-01-25 11:10 - 2014-01-25 11:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2712808$
2014-01-25 11:10 - 2014-01-22 18:07 - 00147544 _____ C:\WINDOWS\KB2712808.log
2014-01-25 11:10 - 2008-04-25 03:22 - 00001374 _____ C:\WINDOWS\imsins.BAK
2014-01-25 11:04 - 2014-01-25 11:04 - 00137781 _____ C:\WINDOWS\KB2834886.log
2014-01-25 11:04 - 2014-01-25 11:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2014-01-25 11:04 - 2014-01-25 11:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2758857$
2014-01-25 11:04 - 2014-01-25 11:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2691442$
2014-01-25 11:04 - 2014-01-22 18:05 - 00148087 _____ C:\WINDOWS\KB2691442.log
2014-01-25 11:04 - 2014-01-22 18:05 - 00147189 _____ C:\WINDOWS\KB2758857.log
2014-01-25 11:02 - 2014-01-25 11:02 - 00137129 _____ C:\WINDOWS\KB2900986.log
2014-01-25 11:02 - 2014-01-25 11:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2014-01-25 10:59 - 2014-01-25 10:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2014-01-25 10:59 - 2014-01-22 18:04 - 00143852 _____ C:\WINDOWS\KB2847311.log
2014-01-25 10:54 - 2014-01-25 10:54 - 00139715 _____ C:\WINDOWS\KB2898785-IE8.log
2014-01-25 10:54 - 2014-01-25 10:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2802968$
2014-01-25 10:54 - 2014-01-25 10:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2655992$
2014-01-25 10:54 - 2014-01-22 18:04 - 00145673 _____ C:\WINDOWS\KB2655992.log
2014-01-25 10:54 - 2014-01-22 18:04 - 00144995 _____ C:\WINDOWS\KB2802968.log
2014-01-25 10:53 - 2014-01-25 10:53 - 00131354 _____ C:\WINDOWS\KB2862335.log
2014-01-25 10:53 - 2014-01-25 10:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2014-01-25 10:53 - 2014-01-25 10:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2014-01-25 10:53 - 2014-01-22 18:03 - 00138223 _____ C:\WINDOWS\KB2898715.log
2014-01-25 10:53 - 2009-05-14 04:37 - 00546125 _____ C:\WINDOWS\setupapi.log
2014-01-25 10:52 - 2014-01-25 10:52 - 00128905 _____ C:\WINDOWS\KB2834904-v2.log
2014-01-25 10:52 - 2014-01-25 10:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2014-01-25 10:52 - 2014-01-25 10:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$
2014-01-25 10:52 - 2014-01-22 18:03 - 00139421 _____ C:\WINDOWS\KB2780091.log
2014-01-25 10:50 - 2014-01-25 10:50 - 00130889 _____ C:\WINDOWS\KB2904266.log
2014-01-25 10:50 - 2014-01-25 10:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2014-01-25 10:50 - 2014-01-25 10:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2014-01-25 10:50 - 2014-01-25 10:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2014-01-25 10:50 - 2014-01-22 18:02 - 00137227 _____ C:\WINDOWS\KB2876217.log
2014-01-25 10:50 - 2014-01-22 18:02 - 00136914 _____ C:\WINDOWS\KB2845187.log
2014-01-25 10:50 - 2009-05-13 21:45 - 00248936 _____ C:\WINDOWS\system32\TZLog.log
2014-01-25 10:47 - 2014-01-25 10:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2014-01-25 10:47 - 2014-01-22 18:01 - 00136408 _____ C:\WINDOWS\KB2864063.log
2014-01-25 10:46 - 2014-01-25 10:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2719985$
2014-01-25 10:46 - 2014-01-22 18:00 - 00020497 _____ C:\WINDOWS\KB2719985.log
2014-01-25 10:46 - 2010-06-06 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-01-25 10:45 - 2014-01-25 10:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2014-01-25 10:45 - 2014-01-25 10:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2014-01-25 10:45 - 2014-01-25 10:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$
2014-01-25 10:45 - 2014-01-22 18:00 - 00017595 _____ C:\WINDOWS\KB2862152.log
2014-01-25 10:45 - 2014-01-22 18:00 - 00016767 _____ C:\WINDOWS\KB2850869.log
2014-01-25 10:43 - 2014-01-25 10:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2014-01-25 10:43 - 2014-01-22 18:00 - 00017072 _____ C:\WINDOWS\KB2876331.log
2014-01-25 10:42 - 2014-01-25 10:42 - 00013024 _____ C:\WINDOWS\KB2807986.log
2014-01-25 10:42 - 2014-01-25 10:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2014-01-25 10:42 - 2014-01-25 10:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2014-01-25 10:42 - 2014-01-25 10:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$
2014-01-25 10:42 - 2014-01-25 10:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$
2014-01-25 10:42 - 2014-01-25 10:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2757638$
2014-01-25 10:42 - 2014-01-22 17:59 - 00018878 _____ C:\WINDOWS\KB2820917.log
2014-01-25 10:42 - 2014-01-22 17:59 - 00017996 _____ C:\WINDOWS\KB2859537.log
2014-01-25 10:42 - 2014-01-22 17:59 - 00017702 _____ C:\WINDOWS\KB2757638.log
2014-01-25 10:42 - 2014-01-22 17:59 - 00015890 _____ C:\WINDOWS\KB2893294.log
2014-01-25 10:42 - 2009-05-13 21:45 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2014-01-25 10:41 - 2008-04-25 10:16 - 00000603 _____ C:\WINDOWS\win.ini
2014-01-25 10:40 - 2014-01-25 10:40 - 00011402 _____ C:\WINDOWS\KB2698365.log
2014-01-25 10:40 - 2014-01-25 10:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2014-01-25 10:40 - 2014-01-25 10:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2014-01-25 10:40 - 2014-01-25 10:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2749655$
2014-01-25 10:40 - 2014-01-25 10:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2727528$
2014-01-25 10:40 - 2014-01-25 10:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2705219-v2$
2014-01-25 10:40 - 2014-01-25 10:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2698365$
2014-01-25 10:40 - 2014-01-22 17:59 - 00017193 _____ C:\WINDOWS\KB2749655.log
2014-01-25 10:40 - 2014-01-22 17:59 - 00016143 _____ C:\WINDOWS\KB2705219-v2.log
2014-01-25 10:40 - 2014-01-22 17:59 - 00014960 _____ C:\WINDOWS\KB2893984.log
2014-01-25 10:40 - 2014-01-22 17:59 - 00014370 _____ C:\WINDOWS\KB2727528.log
2014-01-25 10:40 - 2014-01-22 17:59 - 00013681 _____ C:\WINDOWS\KB2892075.log
2014-01-25 10:39 - 2014-01-25 10:39 - 00009097 _____ C:\WINDOWS\KB2723135-v2.log
2014-01-25 10:39 - 2014-01-25 10:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2014-01-25 10:39 - 2014-01-25 10:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$
2014-01-25 10:39 - 2014-01-25 10:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2723135-v2$
2014-01-25 10:39 - 2014-01-22 17:58 - 00015786 _____ C:\WINDOWS\KB2813345.log
2014-01-25 10:36 - 2011-04-17 18:00 - 00017192 _____ C:\WINDOWS\KB2510531-IE8.log
2014-01-25 10:36 - 2008-04-25 15:39 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2014-01-25 10:32 - 2014-01-25 10:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-25 10:24 - 2014-01-25 10:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-25 10:24 - 2014-01-25 10:23 - 00007084 _____ C:\WINDOWS\KB2914368.log
2014-01-22 18:33 - 2014-01-22 17:43 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-22 18:28 - 2012-12-19 17:21 - 00000000 __SHD C:\WINDOWS\CSC
2014-01-22 18:18 - 2010-09-19 18:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2141007$
2014-01-22 18:17 - 2014-01-22 17:43 - 00000000 ____D C:\Documents and Settings\User\Desktop\mbar
2014-01-22 18:17 - 2012-07-09 09:54 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2014-01-22 17:44 - 2014-01-20 13:21 - 00000000 ____D C:\Qoobox
2014-01-22 17:36 - 2014-01-22 17:36 - 00016277 _____ C:\ComboFix.txt
2014-01-22 17:33 - 2014-01-20 13:20 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-22 17:27 - 2008-04-25 10:16 - 00000227 _____ C:\WINDOWS\system.ini
2014-01-20 18:23 - 2014-01-20 18:23 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-01-20 18:23 - 2014-01-20 18:23 - 00008192 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2014-01-20 18:23 - 2014-01-20 18:23 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2014-01-20 18:23 - 2014-01-20 18:23 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2014-01-20 18:23 - 2014-01-20 18:23 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-01-20 15:16 - 2008-04-25 03:21 - 04980736 _____ C:\WINDOWS\system32\config\system.bak
2014-01-20 15:16 - 2008-04-25 03:21 - 00524288 _____ C:\WINDOWS\system32\config\default.bak
2014-01-20 13:56 - 2014-01-20 13:56 - 00000000 _RSHD C:\cmdcons
2014-01-20 13:56 - 2008-04-25 10:16 - 00000327 __RSH C:\boot.ini
2014-01-20 13:53 - 2008-04-25 03:21 - 34078720 _____ C:\WINDOWS\system32\config\software.bak
2014-01-20 13:53 - 2008-04-25 03:21 - 00057344 _____ C:\WINDOWS\system32\config\SECURITY.bak
2014-01-20 13:53 - 2008-04-25 03:21 - 00028672 _____ C:\WINDOWS\system32\config\SAM.bak
2014-01-20 13:47 - 2008-04-25 15:32 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2014-01-20 13:42 - 2014-01-20 13:42 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\User\Desktop\mbar-1.07.0.1008.exe
2014-01-20 13:20 - 2014-01-20 13:20 - 05167985 ____R (Swearware) C:\Documents and Settings\User\Desktop\ComboFix.exe
2014-01-20 13:12 - 2014-01-20 13:12 - 05509039 _____ ( ) C:\Documents and Settings\User\Desktop\BluelineFull.exe
2014-01-20 13:12 - 2014-01-20 13:12 - 00000675 _____ C:\Documents and Settings\All Users\Desktop\Blueline.lnk
2014-01-20 13:12 - 2014-01-20 13:12 - 00000000 ____D C:\Program Files\AzTools
2014-01-20 09:01 - 2014-01-20 08:55 - 00067966 _____ C:\Documents and Settings\User\Desktop\OTL.Txt
2014-01-20 08:55 - 2014-01-20 08:55 - 00063776 _____ C:\Documents and Settings\User\Desktop\Extras.Txt
2014-01-19 16:23 - 2014-01-20 08:04 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe
2014-01-19 10:27 - 2014-01-19 10:27 - 01221120 _____ (Farbar) C:\WINDOWS\FRST.EXE
2014-01-19 01:32 - 2011-04-23 10:08 - 00231584 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-17 15:30 - 2012-01-23 10:19 - 00000000 ____D C:\Program Files\Google
2014-01-15 11:44 - 2009-05-26 10:16 - 00002497 _____ C:\Documents and Settings\User\Desktop\Microsoft Office Word 2003.lnk
2014-01-14 09:13 - 2010-10-17 18:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979687$
2014-01-13 15:34 - 2012-01-25 13:26 - 00000000 ____D C:\Program Files\Yahoo!
2014-01-13 15:34 - 2012-01-25 13:26 - 00000000 ____D C:\Documents and Settings\User\Application Data\Yahoo!
2014-01-13 15:34 - 2010-04-01 08:57 - 00000000 ____D C:\Program Files\Common Files\Intuit
2014-01-13 15:34 - 2010-04-01 08:56 - 00000000 ____D C:\Program Files\TurboTax
2014-01-13 15:33 - 2012-01-25 13:37 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\The Weather Channel
2014-01-13 15:32 - 2013-12-12 11:37 - 00000000 ____D C:\Program Files\Citrix
2014-01-13 15:31 - 2012-01-25 13:26 - 00000000 ____D C:\Program Files\FinalMediaPlayer
2014-01-13 15:31 - 2012-01-23 10:20 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Google
2014-01-13 15:31 - 2012-01-23 10:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google
2014-01-13 15:30 - 2013-12-12 11:37 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Citrix
2014-01-13 15:22 - 2012-11-03 19:56 - 00333456 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3998656779-3110518549-2724662597-1005-0.dat
2014-01-13 15:22 - 2012-11-03 19:56 - 00268494 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-01-13 15:04 - 2014-01-13 15:04 - 00090112 _____ C:\WINDOWS\Minidump\Mini011314-04.dmp
2014-01-13 15:04 - 2010-12-28 08:49 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-13 14:57 - 2014-01-13 14:57 - 00090112 _____ C:\WINDOWS\Minidump\Mini011314-03.dmp
2014-01-13 14:44 - 2014-01-13 14:44 - 00090112 _____ C:\WINDOWS\Minidump\Mini011314-02.dmp
2014-01-13 14:41 - 2014-01-13 14:42 - 00090112 _____ C:\WINDOWS\Minidump\Mini011314-01.dmp
2014-01-13 14:38 - 2014-01-13 14:33 - 00000000 ____D C:\WINDOWS\system32\MpEngineStore
2014-01-13 14:28 - 2012-05-06 18:01 - 00001700 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-01-13 14:28 - 2011-04-23 10:03 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2014-01-13 14:28 - 2011-04-23 10:03 - 00000000 ____D C:\Program Files\Microsoft Security Client
2014-01-13 14:15 - 2009-05-14 04:39 - 00001250 _____ C:\WINDOWS\setupact.log
2014-01-13 11:10 - 2010-04-01 08:58 - 00000000 ____D C:\Program Files\ItsDeductible2005
2014-01-11 18:32 - 2014-01-01 18:09 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\SFworks
2014-01-10 15:48 - 2012-11-05 22:46 - 00001005 _____ C:\Documents and Settings\User\Desktop\Dropbox.lnk
2014-01-10 15:48 - 2012-11-05 22:44 - 00000000 ____D C:\Documents and Settings\User\Start Menu\Programs\Dropbox
2014-01-10 10:35 - 2009-05-21 09:04 - 00000805 _____ C:\Documents and Settings\User\Start Menu\Programs\Internet Explorer.lnk
2014-01-10 10:35 - 2008-04-25 03:17 - 00000000 ____D C:\WINDOWS\Help
2014-01-10 10:34 - 2009-05-21 11:19 - 00115429 _____ C:\WINDOWS\ie8.log
2014-01-10 10:34 - 2009-05-21 11:04 - 00101550 _____ C:\WINDOWS\ie8_main.log
2014-01-10 10:33 - 2014-01-10 10:32 - 00000000 __HDC C:\WINDOWS\ie8
2014-01-10 10:33 - 2008-04-25 03:17 - 00000000 ____D C:\WINDOWS\Media
2014-01-10 10:26 - 2014-01-10 10:24 - 00029947 _____ C:\WINDOWS\ie8Uninst.log
2014-01-10 10:26 - 2009-05-21 11:20 - 00000000 ____D C:\WINDOWS\ie8updates
2014-01-06 16:20 - 2009-05-21 09:43 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-06 08:27 - 2011-06-19 18:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2535512$

Some content of TEMP:
====================
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-4971963f.exe
C:\Documents and Settings\User\Local Settings\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

#13
pystryker

Posted 01 February 2014 - 07:41 PM

Trusted Helper

Topic Starter
Malware Removal
3,912 posts

Hi, let's run a sweep for remnants and check for any out of date programs on your machine.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Malwarebytes

I see you have Malwarebytes' Anti-Malware installed.

Please open the program.
Click on the Update tab then click Check for Updates
If an update is found, it will download and install the latest version.
Once the program has loaded, check the following settings:
- On the Settings tab, Scanner Settings, leave the default boxes checked but change the drop-down boxes to Show in results list and check for removal.
On the Scanner tab, check Perform quick scan.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply.

Step 2: ESET Online Virus Scan

Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ----> Posted Image

Select the option YES, I accept the Terms of Use then click on Start
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked.
Make sure that the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on Start
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
Now click on Finish
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Step 3: SecurityCheck Scan

Download Security Check Posted Image

by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things I need to see in your next post:

ESET Scan Log

MBAM Log

SecurityCheck Log

#14
pystryker

Posted 02 February 2014 - 05:32 PM

Trusted Helper

Topic Starter
Malware Removal
3,912 posts

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.02.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: PASTORSTUDY [administrator]

2/2/2014 9:25:04 AM
mbam-log-2014-02-02 (09-25-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237088
Time elapsed: 15 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\system32\config\systemprofile\Application Data\wincreen.bmp (Trojan.Ransom) -> Quarantined and deleted successfully.

(end)

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8437e29af96131479177cebefef01554
# engine=16910
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-02 07:20:43
# local_time=2014-02-02 01:20:43 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 16777214 0 2 97549909 97549909 0 0
# compatibility_mode=5892 16777213 88 94 1641115 10150057 0 0
# scanned=63902
# found=12
# cleaned=0
# scan_time=3747
sh=9B95B69FAF8E2BBDBAEFA5AF9C84A14CF74F488F ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.CF trojan" ac=I fn="C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\59\649ee23b-72819d19"
sh=CA68E9D3620551AD8D5F7BFAA2448171E89632D2 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\6.0\32\4e5c2020-44a06ce7"
sh=80BC3E0212A8DB7D91C37BA5196D8497E81F9603 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.FD trojan" ac=I fn="C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\6.0\32\8b3d860-3814b37c"
sh=C06A61D728C94AC60C14CF6E8DE32391E4C0FAE6 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.OpenStream.NBZ trojan" ac=I fn="C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\6.0\62\62d4253e-7babdc2e"
sh=D0F8EF20BB1D04B6D7770AEEADB2D44ABF5A1444 ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Tracur.V trojan" ac=I fn="C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Users\jmoilcpepnblggbcfgalikjfhmpeomob\background.js"
sh=E766D09F3B5ECFE635E60E88CFEAAE18AE5AA509 ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Tracur.V trojan" ac=I fn="C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Users\jmoilcpepnblggbcfgalikjfhmpeomob\cs.js"
sh=C7343B02AA496D77DA50288C14F8A38B67954190 ft=1 fh=acc10de30fac589f vn="a variant of Win32/Adware.iBryte.G application" ac=I fn="C:\Documents and Settings\User\My Documents\Downloads\downloadmanager_Setup.exe"
sh=FF2B2ADDEC567E97D3CFDD72B406F63508B9D088 ft=1 fh=191d4cdef0a8329f vn="a variant of Win32/Adware.iBryte.G application" ac=I fn="C:\Documents and Settings\User\My Documents\Downloads\Setup.exe"
sh=56942E7155F65862B89BFD5CD3D5DD875967DEE1 ft=1 fh=ed746c3588741fe7 vn="Win32/Patched.IB trojan" ac=I fn="C:\FRST\Quarantine\rpcss.dll"
sh=AF6978F4185769EEB2798D0CF841A12E1FB8FCB9 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.B application" ac=I fn="C:\FRST\Quarantine\niapdbllcanepiiimjjndipklodoedlc01-02-2014_10-42-52\1.0.2_0\background.html"
sh=EE1149BF9FED33E734127E356784DBE5D5B86F7B ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.A application" ac=I fn="C:\FRST\Quarantine\niapdbllcanepiiimjjndipklodoedlc01-02-2014_10-42-52\1.0.2_0\yl.js"
sh=05C09F0C64A599186FD0D8D7620580402FA34852 ft=0 fh=0000000000000000 vn="a variant of Win32/Kryptik.BTMI trojan" ac=I fn="C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\Application Data\_ssecurity_.exe.zip"

#15
Essexboy

Posted 05 February 2014 - 07:52 AM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.