Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

DVD Drives Suddenly don't AutoPlay [Solved]

Started by Jackpine , Feb 23 2014 09:13 AM

  • This topic is locked This topic is locked

#16
Crowbar
Posted 05 March 2014 - 05:44 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi again,
I am going to be unavailable for the rest of the day, but I will be back on this either late tonight, or early tomorrow morning.
Right now, I would like to fix the WMI service, as the infection has broken it.

Please download the following file(s) to your desktop by clicking on the link
WMI
Once downloaded, please right click on each one and select Merge
Restart your computer after merging the file(s).

Then --
Run OTL
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

baseservices

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • Post OTL.txt in your next response

  • 0

Advertisements

#17
Jackpine
Posted 05 March 2014 - 06:11 AM

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts
Hi Crowbar,

There was only one WMI file, which I merged. I then ran OTL. Log is below. Have a good day.

OTL logfile created on: 3/5/2014 6:57:33 AM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Robert\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.06% Memory free
3.85 Gb Paging File | 3.48 Gb Available in Paging File | 90.41% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 204.75 Gb Free Space | 68.69% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 149.33 Gb Free Space | 32.06% Space Free | Partition Type: NTFS
Drive Z: | 465.76 Gb Total Space | 415.08 Gb Free Space | 89.12% Space Free | Partition Type: NTFS

Computer Name: FIRSTBUILD | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/28 16:43:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
PRC - [2011/07/07 11:59:26 | 001,252,616 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2010/08/20 08:38:44 | 001,348,944 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
PRC - [2010/08/20 08:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
PRC - [2010/08/20 08:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe
PRC - [2009/04/23 19:46:24 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe
PRC - [2009/02/06 13:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/02/06 13:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/01/21 01:05:18 | 000,960,560 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/01/21 01:04:00 | 000,618,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/01/21 00:59:56 | 004,359,600 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/06/12 02:25:18 | 000,037,232 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/07 10:24:42 | 000,178,464 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libMachoUniv.dll
MOD - [2014/02/07 10:24:41 | 000,190,752 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libBase64.dll
MOD - [2010/07/15 15:46:26 | 000,300,368 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\vipre.dll
MOD - [2009/04/23 19:46:24 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe
MOD - [2005/12/22 16:28:40 | 000,160,768 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\unrar.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/20 18:09:35 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 08:17:30 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/07/07 11:59:26 | 001,252,616 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2011/07/07 11:59:18 | 002,111,752 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe -- (PDEngine)
SRV - [2010/09/01 14:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/08/20 08:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/08/20 08:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2009/04/23 19:46:24 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)
SRV - [2009/02/06 13:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 13:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/01/21 01:04:00 | 000,618,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/12/23 23:02:29 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/10 20:19:52 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2008/04/20 19:46:20 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2004/08/04 07:00:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- -- (SpyEmrg)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NTACCESS)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (FLASHSYS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Robert\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2013/11/26 09:46:08 | 000,120,616 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2013/03/31 13:32:54 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2011/06/30 10:08:24 | 000,066,320 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PDFsFilter.sys -- (PDFSFilter)
DRV - [2011/06/30 10:07:32 | 000,138,768 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2010/06/14 13:54:30 | 000,069,976 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/06/14 13:54:30 | 000,021,464 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2010/05/13 06:56:22 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/10/24 22:17:05 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpm174.sys -- (tdrpman174)
DRV - [2009/10/24 22:16:58 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2009/10/24 22:16:58 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/10/24 22:16:55 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snman380.sys -- (snapman380)
DRV - [2009/02/06 13:24:22 | 000,056,280 | ---- | M] (ESET) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/02/06 13:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/02/06 13:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 13:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007/12/06 08:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/10/03 21:55:36 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007/10/03 21:55:28 | 000,015,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2007/10/03 21:55:08 | 000,080,424 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SI3132.sys -- (SI3132)
DRV - [2007/01/14 14:15:03 | 000,062,592 | ---- | M] (Chic Tech.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/12/21 15:26:00 | 004,405,248 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006/07/27 10:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2004/11/05 11:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/10/14 04:52:28 | 000,004,962 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://easy-google-search.blogspot.com
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://easy-google-search.blogspot.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://www.google.co...ie=ISO-8859-1="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/10/02 05:39:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Extensions
[2013/09/26 21:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default\extensions
[2014/02/15 08:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/15 08:17:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========


O1 HOSTS File: ([2014/03/03 16:59:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-299502267-789336058-725345543-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....ek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB (FixItClient Class)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1292380760937 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1220411993917 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1343529479926 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} http://eserv.sympati...adaPortalAX.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B4B5C21-DA99-4096-8820-43DC9BA3E4E3}: NameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/03 17:07:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *SBBD.exe /d \Device\HarddiskVolume1\Program Files\Sunbelt Software\CounterSpy\Definitions)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-19..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-20..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-299502267-789336058-725345543-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/04 19:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\Orneon
[2014/03/04 19:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2014/03/04 19:42:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/03/03 16:39:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/03/03 16:39:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/03/03 16:39:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/03/03 16:39:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/03/03 16:39:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/03/03 16:28:21 | 005,186,850 | R--- | C] (Swearware) -- C:\Documents and Settings\Robert\Desktop\ComboFix.exe
[2014/03/02 13:28:16 | 001,037,734 | ---- | C] (Thisisu) -- C:\Documents and Settings\Robert\Desktop\JRT.exe
[2014/03/02 13:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2014/03/02 13:14:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2014/03/02 13:12:01 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Robert\Desktop\erunt_setup.exe
[2014/03/01 16:23:48 | 000,000,000 | ---D | C] -- C:\FRST
[2014/03/01 16:23:07 | 001,144,320 | ---- | C] (Farbar) -- C:\Documents and Settings\Robert\Desktop\FRST.exe
[2014/03/01 16:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\CC Support
[2014/03/01 12:11:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/03/01 11:54:16 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Robert\Desktop\tdsskiller.exe
[2014/03/01 11:47:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/28 16:43:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2014/02/24 16:50:23 | 000,000,000 | ---D | C] -- C:\HP Scans
[2014/02/23 17:24:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Local Settings\Application Data\LogMeIn Client
[2014/02/22 22:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2014/02/22 22:45:10 | 003,649,536 | ---- | C] (x264vfw project) -- C:\WINDOWS\System32\x264vfw.dll
[2014/02/22 22:45:08 | 000,122,880 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2014/02/22 15:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Powertoys for Windows XP
[2014/02/19 23:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\My Documents\MPC-HC Capture
[2014/02/15 14:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\GrandMA Studios
[2014/02/15 08:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/14 17:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\BlamGames
[2014/02/11 16:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\MPC-HC
[2014/02/04 20:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\Deep Shadows
[2014/02/04 18:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\Anarchy
[2008/08/16 08:32:00 | 000,267,056 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\Robert\utorrent.exe
[2007/03/23 16:38:21 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Robert\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2014/03/05 06:56:04 | 000,013,710 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/05 06:55:07 | 000,273,231 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2014/03/05 06:54:59 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/05 06:54:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/05 06:51:30 | 000,003,274 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Wmi.reg
[2014/03/05 06:49:09 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Outlook 2007.lnk
[2014/03/04 22:09:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/04 22:06:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/04 20:01:54 | 000,001,183 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\AgencyofAnomalies.lnk
[2014/03/04 16:52:14 | 005,186,850 | R--- | M] (Swearware) -- C:\Documents and Settings\Robert\Desktop\ComboFix.exe
[2014/03/03 16:59:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/03/02 13:47:22 | 000,987,425 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\SecurityCheck.exe
[2014/03/02 13:28:16 | 001,037,734 | ---- | M] (Thisisu) -- C:\Documents and Settings\Robert\Desktop\JRT.exe
[2014/03/02 13:21:59 | 001,244,192 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\AdwCleaner.exe
[2014/03/02 13:14:29 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\ERUNT.lnk
[2014/03/02 13:12:01 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Robert\Desktop\erunt_setup.exe
[2014/03/01 16:23:07 | 001,144,320 | ---- | M] (Farbar) -- C:\Documents and Settings\Robert\Desktop\FRST.exe
[2014/03/01 16:14:31 | 004,009,167 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\ServicesRepair.exe
[2014/03/01 14:57:20 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Word 2007.lnk
[2014/03/01 12:18:57 | 000,869,456 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Norton_Removal_Tool.exe
[2014/03/01 11:54:20 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Robert\Desktop\tdsskiller.exe
[2014/02/28 16:43:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2014/02/25 13:55:45 | 000,354,923 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Scan0002.pdf
[2014/02/24 20:13:57 | 001,376,794 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Little Miracles Documents.pdf
[2014/02/23 16:56:36 | 000,235,620 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\contract #3370972.pdf
[2014/02/22 22:45:13 | 000,000,936 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2014/02/22 12:21:31 | 000,079,268 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Direct Deposit form.pdf
[2014/02/22 12:20:39 | 000,141,685 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Little Miracles- Donor Responsibility Acknowledgement - Copy.pdf
[2014/02/22 12:19:04 | 000,056,752 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Donor Acknowledgement.pdf
[2014/02/22 12:17:34 | 000,065,062 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\document.pdf
[2014/02/20 18:55:40 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Excel 2007.lnk
[2014/02/12 17:26:13 | 000,596,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/12 17:26:13 | 000,112,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/12 16:57:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/02/06 13:00:00 | 000,112,640 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll

========== Files Created - No Company Name ==========

[2014/03/05 06:51:29 | 000,003,274 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\Wmi.reg
[2014/03/04 20:01:58 | 000,001,183 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\AgencyofAnomalies.lnk
[2014/03/03 16:39:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/03/03 16:39:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/03/03 16:39:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/03/03 16:39:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/03/03 16:39:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/03/02 13:47:22 | 000,987,425 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\SecurityCheck.exe
[2014/03/02 13:21:59 | 001,244,192 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\AdwCleaner.exe
[2014/03/02 13:14:29 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\ERUNT.lnk
[2014/03/01 16:14:25 | 004,009,167 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\ServicesRepair.exe
[2014/03/01 12:18:57 | 000,869,456 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\Norton_Removal_Tool.exe
[2014/02/25 13:55:45 | 000,354,923 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Scan0002.pdf
[2014/02/24 20:13:57 | 001,376,794 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Little Miracles Documents.pdf
[2014/02/23 21:27:46 | 000,282,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/02/23 16:56:36 | 000,235,620 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\contract #3370972.pdf
[2014/02/22 22:45:13 | 000,000,936 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2014/02/22 22:45:11 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2014/02/22 22:45:10 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2014/02/22 22:45:10 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2014/02/22 22:45:02 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2014/02/22 12:21:44 | 000,079,268 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Direct Deposit form.pdf
[2014/02/22 12:20:44 | 000,141,685 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Little Miracles- Donor Responsibility Acknowledgement - Copy.pdf
[2014/02/22 12:19:07 | 000,056,752 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Donor Acknowledgement.pdf
[2014/02/22 12:17:43 | 000,065,062 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\document.pdf
[2014/02/12 16:52:37 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/09/14 19:49:28 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/07/18 19:48:06 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013/07/18 19:48:06 | 000,000,012 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2013/07/18 19:48:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2013/07/18 19:46:52 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2013/04/06 21:47:47 | 000,002,017 | ---- | C] () -- C:\Documents and Settings\Robert\April 6. 2013 Devious.sud
[2013/03/31 13:32:54 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/04/03 21:24:54 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar39.dll
[2011/01/27 18:55:00 | 000,028,953 | ---- | C] () -- C:\Documents and Settings\Robert\Superior Account.pdf
[2010/12/13 17:01:00 | 000,661,626 | ---- | C] () -- C:\Documents and Settings\Robert\Toesy.jpg
[2010/11/02 22:03:23 | 000,256,334 | ---- | C] () -- C:\Documents and Settings\Robert\B4635100
[2010/10/24 16:36:21 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\housecall.guid.cache
[2009/09/24 17:41:54 | 005,257,216 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\mfm2_database.dat
[2008/09/10 23:20:31 | 050,495,934 | ---- | C] () -- C:\Documents and Settings\Robert\ALC880_882_Vista_6015350.zip
[2008/08/30 11:14:22 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\netstat.bat
[2007/12/31 09:03:09 | 003,435,064 | ---- | C] () -- C:\Documents and Settings\Robert\Rotel 812 Repair Manual.pdf
[2007/11/25 22:46:48 | 000,000,123 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/08/25 13:19:48 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\rx_audio.Cache
[2007/03/23 16:38:21 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\ezpinst.exe
[2007/03/23 16:38:21 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\pcouffin.cat
[2007/03/23 16:38:21 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\pcouffin.inf
[2007/01/25 22:46:40 | 001,462,572 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\rx_image.Cache
[2006/09/30 23:17:08 | 000,014,958 | ---- | C] () -- C:\Documents and Settings\Robert\Start Menu.daa
[2006/07/26 16:35:26 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Robert\mylist.dat
[2006/07/25 16:22:41 | 000,002,863 | ---- | C] () -- C:\Documents and Settings\Robert\report.htm
[2006/06/11 02:32:06 | 000,218,624 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/09 22:03:02 | 000,361,512 | ---- | C] ( ) -- C:\Documents and Settings\Robert\Google_Earth_Pro_Patch_Setup.exe

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/10/25 18:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2008/05/22 23:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/04/05 18:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/10/26 18:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\casualArts
[2012/10/25 18:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2011/03/04 18:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/07/22 20:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COSMOS Applications
[2010/08/14 21:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Curious Sense
[2013/12/05 00:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DailyMagic
[2008/07/10 20:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2012/04/19 17:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dvdfab
[2014/01/20 17:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy CD-DA Extractor
[2007/11/25 22:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2013/12/23 17:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elephant Games
[2009/04/12 22:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/12/28 22:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/12/13 00:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2011/03/05 22:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GestaltGames
[2010/11/22 22:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008/12/20 12:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWaveCDDB
[2011/01/17 16:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Green Clover Games
[2008/02/14 16:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2012/09/26 21:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Happy Artist Studio
[2010/01/18 17:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/10/27 09:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitPoint Studios
[2007/07/19 18:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2012/07/07 11:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/06/12 18:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2011/02/24 17:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LittleGamesCompany
[2014/02/23 17:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/01/23 16:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\logs
[2011/12/26 15:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaArt
[2010/12/18 00:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2012/01/06 20:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Namco
[2012/11/16 20:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Odian Games
[2007/04/30 15:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
[2011/03/08 17:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/02/20 19:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prevx
[2009/09/20 22:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2008/04/29 20:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G4
[2008/04/29 20:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2013/07/11 10:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/03/01 18:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2012/04/03 21:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/02/28 19:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2012/04/21 18:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/12/18 08:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SOS
[2011/03/04 18:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2013/02/10 16:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2014/03/04 22:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/30 19:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Inquisitor
[2012/01/28 17:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheFallTrilogyEp3-BF
[2013/07/12 16:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Top Evidence
[2007/07/24 21:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/12/24 01:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/25 20:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Acronis
[2014/02/04 18:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Anarchy
[2012/07/30 13:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Artifex Mundi
[2013/05/10 19:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Artogon
[2008/05/22 23:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Autodesk
[2014/02/14 17:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\BlamGames
[2014/02/19 16:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Blue Tea Games
[2014/02/15 11:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Boomzap
[2012/12/09 21:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Brabl
[2012/07/30 13:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Casual Box
[2012/10/26 18:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\casualArts
[2013/10/06 20:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Chayowo Games
[2010/08/14 21:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Curious Sense
[2013/12/05 00:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DailyMagic
[2013/10/07 11:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DanceOfDeath
[2008/07/10 20:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DassaultSystemes
[2014/02/04 20:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Deep Shadows
[2007/01/07 00:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Design Science
[2007/02/04 22:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Downloaded Installations
[2012/08/25 13:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DVDFab
[2007/01/16 17:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DWGeditor
[2014/01/20 19:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Eipix
[2013/12/23 17:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Elephant Games
[2011/03/26 10:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ElevatedDiagnostics
[2011/04/22 21:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Enki Games
[2013/03/19 15:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\EntwinedSoD
[2014/02/19 16:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ERS Game Studios
[2009/04/12 22:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ESET
[2013/03/09 19:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\EurekaLog
[2013/12/04 13:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\FarmMystery
[2014/01/05 22:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\FGS
[2014/01/12 20:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Frogwares
[2012/07/07 10:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\GameInvest
[2012/07/02 09:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Gogii
[2014/02/15 14:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\GrandMA Studios
[2014/01/17 10:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Gunnar Games
[2012/04/02 15:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\HdO Adventure
[2011/03/25 16:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\IBAGroup
[2010/11/15 00:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\IM
[2008/09/06 23:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ImgBurn
[2012/01/15 11:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\IObit
[2012/09/27 15:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Jetdogs Studios
[2007/03/28 18:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Leadertech
[2011/02/20 22:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MA2
[2013/11/08 16:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Mad Head Games
[2013/01/16 17:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MagicIndie
[2008/05/15 23:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Maple
[2014/01/26 21:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Mariaglorum
[2008/08/28 22:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MenuShrink
[2013/12/12 20:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Meridian93
[2014/02/11 16:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MPC-HC
[2011/04/18 18:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\My Games
[2012/01/06 20:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Namco
[2006/11/08 18:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Netscape
[2013/04/17 21:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Organic 2 Digital
[2014/03/04 19:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Orneon
[2012/08/17 20:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\PFStaticIP
[2010/12/26 18:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Photodex
[2013/07/12 14:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\PuzzleLab
[2007/01/25 20:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\River Past G4
[2008/04/29 20:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\River Past G5
[2007/06/21 22:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Scooter Software
[2012/04/03 21:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Simply Super Software
[2012/12/09 21:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Skunk Studios
[2008/05/08 18:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\sldIM
[2014/02/24 22:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Specialbit
[2011/01/08 17:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Spider Player
[2011/04/09 12:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\SpinTop
[2012/06/30 19:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\The Inquisitor
[2012/07/07 10:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\TripleHippo
[2010/07/25 16:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\URSoft
[2014/03/05 06:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\uTorrent
[2013/10/22 21:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Vast Studios
[2010/10/16 17:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\VirtualStore
[2011/04/10 14:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Vso
[2012/01/02 12:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\WhiteBirdsProductions
[2006/07/14 17:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\WinPatrol

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/13 19:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 08:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 19:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 19:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 19:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 19:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 19:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 19:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 19:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 19:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/13 19:12:07 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 19:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 19:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 19:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 19:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 19:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/13 19:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 07:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/13 19:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 19:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< >
[2006/06/03 17:05:58 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2006/06/03 17:31:49 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2010/03/11 22:40:53 | 000,000,882 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2010/03/11 22:40:53 | 000,000,886 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2013/05/25 07:34:14 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5B07840

< End of report >



  • 0

#18
Crowbar
Posted 05 March 2014 - 09:10 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi Jackpine,
Thanks for your patience.

I want to take a different look because of that warning from combofix.
I promise to clean up this mess of tools I keep leaving around :)

Download Malwarebytes AntiRootkit and save it to your desktop.

Complete instructions on how to use MBAR

Double click on the exe file to start the installer and click on OK to accept the path, and MBAR will start on it's own.

  • Click on Next and then click on Update
  • When the update is complete click on Next
  • In the next window please look under the Scan targets and make sure Drivers, Sectors, and System are all checked.
  • Click the Scan button
  • This process can take some time, so please be patient. When it has finished, the program will display a screen showing you the results from the scan.
  • Make sure that everything is selected and that the Create Restore Point box is checked.
  • Click on the Cleanup button
  • Malwarebytes Anti-Rootkit will then prompt you to reboot your computer. Please click on Yes button to restart your computer.
  • Please post the contents of these two log files:
    system-log.txt and MBAR-log-year-month-day (hour-minute-second).txt
    You can find them in the MBAR folder that was created on your desktop.

In your next reply I would like to see:
  • the 2 log files from MBAR

  • 0

#19
Jackpine
Posted 05 March 2014 - 10:29 PM

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts
Hi Crowbar,

Normally I keep my desktop bare bones, but it's growing an impressive collection of malware removal tools! :)

Here are the logs.

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, Z:\ DRIVE_FIXED
CPU speed: 3.412000 GHz
Memory total: 2146455552, free: 1339432960

Downloaded database version: v2014.03.06.01
Downloaded database version: v2014.02.20.01
Initializing...
======================
------------ Kernel report ------------
03/05/2014 23:04:16
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
iaStor.sys
atapi.sys
SI3132.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
iteatapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
SiWinAcc.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
timntr.sys
tdrpm174.sys
snman380.sys
SiRemFil.sys
Mup.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk51x86.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\drivers\sbaphd.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\SYSTEM32\DRIVERS\MRXSMB.SYS
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\system32\drivers\AsIO.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\sbapifs.sys
\SystemRoot\system32\DRIVERS\eamon.sys
\SystemRoot\system32\DRIVERS\PDFsFilter.sys
\SystemRoot\system32\DRIVERS\tifsfilt.sys
\SystemRoot\System32\Drivers\DefragFS.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\cvintdrv.SYS
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\Fastfat.SYS
\??\C:\WINDOWS\system32\drivers\hardlock.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR4
Upper Device Object: 0xffffffff89831458
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000073\
Lower Device Object: 0xffffffff89adc270
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8acbf8f0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff8a77c030
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8ace8030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff8acc3030
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8ace8030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8acbe9d8, DeviceName: Unknown, DriverName: \Driver\snapman380\
DevicePointer: 0xffffffff8ace79a0, DeviceName: Unknown, DriverName: \Driver\tdrpman174\
DevicePointer: 0xffffffff8ace86f8, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xffffffff8ace8838, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8ace8030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8acc3030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\tdrpman174\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7975DF18

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 625141697
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8acbf8f0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8acae5b0, DeviceName: Unknown, DriverName: \Driver\snapman380\
DevicePointer: 0xffffffff8acae020, DeviceName: Unknown, DriverName: \Driver\tdrpman174\
DevicePointer: 0xffffffff8acbf418, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xffffffff8acbf610, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8acbf8f0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a77c030, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\tdrpman174\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F0128678

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 976768002

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff89831458, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ac8e248, DeviceName: Unknown, DriverName: \Driver\snapman380\
DevicePointer: 0xffffffff8a002830, DeviceName: Unknown, DriverName: \Driver\tdrpman174\
DevicePointer: 0xffffffff89da4020, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xffffffff8a06a4d8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89831458, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89adc270, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\tdrpman174\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 143820D

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 976768065
Partition file system is NTFS
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Infected: C:\WINDOWS\$NtUninstallKB36814$\2832607000 --> [Backdoor.0Access]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal successful. No system shutdown is required.
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-2-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removal finished
_________________________________________________

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.03.06.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
:: FIRSTBUILD [administrator]

3/5/2014 11:04:36 PM
mbar-log-2014-03-05 (23-04-36).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 281635
Time elapsed: 16 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\WINDOWS\$NtUninstallKB36814$\2832607000 (Backdoor.0Access) -> Delete on reboot.

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

By the way, I will be away from home starting Friday morning until next Wednesday evening. I'm going to a friends cottage in Quebec for a few days. (Going TO the snow instead of AWAY from the snow!)


  • 0

#20
Crowbar
Posted 06 March 2014 - 07:15 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi again,
Make sure you reboot after this fresh run of MBAR.

We should be cleaning up those tools soon if all looks good here :)

Enjoy the snow, if you need any extra, I still have plenty of it to share! :lol:

Step 1
We need to re-run Malwarebytes Anti Rootkit

Complete instructions on how to use MBAR

Double click on the MBAR-(version number)exe file to start the program.

  • Click on Next and then click on Update
  • When the update is complete click on Next
  • In the next window please look under the Scan targets and make sure Drivers, Sectors, and System are all checked.
  • Click the Scan button
  • This process can take some time, so please be patient. When it has finished, the program will display a screen showing you the results from the scan.
  • Make sure that everything is selected and that the Create Restore Point box is checked.
  • Click on the Cleanup button
  • Malwarebytes Anti-Rootkit will then prompt you to reboot your computer. Please click on Yes button to restart your computer.
  • Please post the contents of these two log files:
    system-log.txt and MBAR-log-year-month-day (hour-minute-second).txt
    You can find them in the MBAR folder that was created on your desktop.

Step 2
Posted Image Please run Malwarebytes' Anti-Malware

  • Go to the Update tab and check for updates, please install any updates found.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3
Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image
You will however need to disable your current installed Anti-Virus, how to do so can be read here.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

In your next reply I would like to see:
  • New MBAR log files
  • MalwareBytes log
  • ESET online scan log - this one is easy to miss so be careful.

  • 0

#21
Jackpine
Posted 06 March 2014 - 07:54 PM

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts
Crowbar, here are the logs. By the way, I will be away from home starting Friday March 7 from 7am. I won't be able to get back to my computer until Wednesday, March 12 in the evening at the earliest.

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.03.06.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
:: FIRSTBUILD [administrator]

3/6/2014 4:29:40 PM
mbar-log-2014-03-06 (16-29-40).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 281940
Time elapsed: 17 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

___________________________________

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, Z:\ DRIVE_FIXED
CPU speed: 3.412000 GHz
Memory total: 2146455552, free: 1339432960

Downloaded database version: v2014.03.06.01
Downloaded database version: v2014.02.20.01
Initializing...
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, Z:\ DRIVE_FIXED
CPU speed: 3.412000 GHz
Memory total: 2146455552, free: 1448120320

Downloaded database version: v2014.03.06.09
Downloaded database version: v2014.02.20.01
=======================================
------------ Kernel report ------------
03/06/2014 16:29:20
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
iaStor.sys
atapi.sys
SI3132.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
iteatapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
SiWinAcc.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
timntr.sys
tdrpm174.sys
snman380.sys
SiRemFil.sys
Mup.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk51x86.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\drivers\sbaphd.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\SYSTEM32\DRIVERS\MRXSMB.SYS
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\system32\drivers\AsIO.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\sbapifs.sys
\SystemRoot\system32\DRIVERS\eamon.sys
\SystemRoot\system32\DRIVERS\PDFsFilter.sys
\SystemRoot\system32\DRIVERS\tifsfilt.sys
\SystemRoot\System32\Drivers\DefragFS.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\cvintdrv.SYS
\SystemRoot\System32\Drivers\ParVdm.SYS
\??\C:\WINDOWS\system32\drivers\hardlock.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR4
Upper Device Object: 0xffffffff89c77348
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000073\
Lower Device Object: 0xffffffff89e6d8a8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8a3b9a28
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff8a7bd030
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a3bc4d0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff8a7be030
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a3bc4d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a3b3a40, DeviceName: Unknown, DriverName: \Driver\snapman380\
DevicePointer: 0xffffffff8a3b88f0, DeviceName: Unknown, DriverName: \Driver\tdrpman174\
DevicePointer: 0xffffffff8a3b8c48, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xffffffff8a3b8020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a3bc4d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a7be030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\tdrpman174\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7975DF18

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 625141697
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8a3b9a28, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a3bb5f0, DeviceName: Unknown, DriverName: \Driver\snapman380\
DevicePointer: 0xffffffff8a3b9170, DeviceName: Unknown, DriverName: \Driver\tdrpman174\
DevicePointer: 0xffffffff8a3b9550, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xffffffff8a3b9748, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a3b9a28, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a7bd030, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\tdrpman174\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F0128678

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 976768002

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff89c77348, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a052420, DeviceName: Unknown, DriverName: \Driver\snapman380\
DevicePointer: 0xffffffff8a07aa38, DeviceName: Unknown, DriverName: \Driver\tdrpman174\
DevicePointer: 0xffffffff8a0736a0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\
DevicePointer: 0xffffffff89e0e5a8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89c77348, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89e6d8a8, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\tdrpman174\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 143820D

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 976768065
Partition file system is NTFS
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-2-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removal finished

____________________________________

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.06.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Robert :: FIRSTBUILD [administrator]

3/6/2014 5:07:08 PM
mbam-log-2014-03-06 (17-07-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 279575
Time elapsed: 7 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
______________________________

I had the ESET scan log, but I can't find it. I looked in the directory where it should be, but it's no longer there.

Edited by Jackpine, 07 March 2014 - 05:51 AM.

  • 0

#22
Crowbar
Posted 07 March 2014 - 06:22 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi,
First off, have a good trip!
I feel we are just about done, so don't worry too much about the computer while you are gone.
Once I see that ESET log, I will manually remove any threats that are found, not already in quarantine, then clean up my tools, and send you back to the hardware forums.

if you looked here for the ESET log C:\Program Files\ESET\ESET Online Scanner\log.txt
and it's not there, then the box to remove the program when finished was probably checked.
No problem, you can just run it again when you get back - perhaps you can copy and paste the log before closing ESET.


  • 0

#23
Jackpine
Posted 13 March 2014 - 10:47 AM

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts
Hi Crowbar,

I'm back from my trip. Tons of snow.

I will rerun ESET Online Scan when I get home from work later today and post the log then (early evening). I'm in the same time zone as you.

Talk to you later.
  • 0

#24
Jackpine
Posted 13 March 2014 - 04:52 PM

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts
Crowbar, here is the ESET Online Scanner log.txt file. My guess is that the things it found are related to programs that I have had installed over the years - some by me, some by others.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=825d1550b1849741844aa6762bdea4e7
# engine=17437
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-13 10:41:28
# local_time=2014-03-13 06:41:28 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1023 16777215 0 0 0 0 0 0
# compatibility_mode=5889 16768446 80 100 191301225 239323156 0 228206488
# compatibility_mode=8201 16776701 100 100 0 159888100 0 0
# scanned=140288
# found=4
# cleaned=0
# scan_time=6763
# nod_component=V3 Build:0x30000000
sh=A625883B6513BA0D1F125305FB4FFA861145C8D9 ft=1 fh=e112b69bf1611b0c vn="a variant of Win32/HackTool.Patcher.A potentially unsafe application" ac=I fn="C:\Program Files\Custom Technology\CCE SP Trial Version\patch.exe"
sh=34FFA064479FFD2C7263F9DA85E2B36451FF2A50 ft=1 fh=801b933a1ea5a014 vn="a variant of Win32/HackTool.Patcher.T potentially unsafe application" ac=I fn="C:\Program Files\Trojan Remover\Patch.exe"
sh=B4999423560821078A701C830A844565417020A9 ft=0 fh=0000000000000000 vn="a variant of Generik.LBDXRD trojan" ac=I fn="C:\WINDOWS\Downloaded Installations\{947CE1EC-E178-4E36-B91A-D173F41B7AE2}\Sunbelt CounterSpy.msi"
sh=04BE29322763114092EECA08314E5800A49DA6AA ft=0 fh=0000000000000000 vn="Win32/Keygen.HB potentially unsafe application" ac=I fn="Z:\DOWNLOADS\Select.Edition\Office_2007_SP3_Select_vl_ru-en.iso"
  • 0

#25
Crowbar
Posted 13 March 2014 - 08:10 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi Jackpine,
I hope you had a good time in all that snow! :)

Let's get rid of some of that stuff.
The Sunbelt counterspy program was picked up by ESET, but I think it's a false positive.
That's the program that is not really doing anything for you, since it's old and unsupported.
If you do uninstall counterspy, that file would most likely be removed

Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :files
    C:\Program Files\Custom Technology\CCE SP Trial Version\patch.exe
    C:\Program Files\Trojan Remover\Patch.exe
    Z:\DOWNLOADS\Select.Edition\Office_2007_SP3_Select_vl_ru-en.iso

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2
One more OTL scan just to make sure I got everything, if you don't mind...
Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
BASESERVICES
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • Post OTL.txt in your next response

In your next reply I would like to see:
  • OTL log, and if it's good, I will finally clean up your desktop! :)

  • 0

Advertisements

#26
Jackpine
Posted 13 March 2014 - 08:51 PM

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts
Hi Crowbar,

We had 4 feet of snow. Great for snowshoeing, but not so much fun for shovelling the deck!

I ran the OTL fix. The log is shown below, followed by the final OTL scan log. I'm really tired from the long drive yesterday and work today, so I will log in tomorrow to see further instructions.

OTL logfile created on: 3/13/2014 10:39:34 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Robert\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 71.93% Memory free
3.85 Gb Paging File | 3.45 Gb Available in Paging File | 89.60% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 200.31 Gb Free Space | 67.20% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 149.33 Gb Free Space | 32.06% Space Free | Partition Type: NTFS
Drive Z: | 465.76 Gb Total Space | 389.08 Gb Free Space | 83.54% Space Free | Partition Type: NTFS

Computer Name: FIRSTBUILD | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/28 17:43:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
PRC - [2011/07/07 12:59:26 | 001,252,616 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2010/08/20 09:38:44 | 001,348,944 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
PRC - [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
PRC - [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe
PRC - [2009/04/23 20:46:24 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe
PRC - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/02/06 14:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/01/21 02:05:18 | 000,960,560 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/01/21 02:04:00 | 000,618,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/01/21 01:59:56 | 004,359,600 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/06/11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/07 11:24:42 | 000,178,464 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libMachoUniv.dll
MOD - [2014/02/07 11:24:41 | 000,190,752 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libBase64.dll
MOD - [2010/07/15 16:46:26 | 000,300,368 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\vipre.dll
MOD - [2010/03/08 22:55:56 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2009/04/23 20:46:24 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe
MOD - [2005/12/22 17:28:40 | 000,160,768 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\unrar.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/03/13 00:09:33 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 09:17:30 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/07/07 12:59:26 | 001,252,616 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2011/07/07 12:59:18 | 002,111,752 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe -- (PDEngine)
SRV - [2010/09/01 15:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2009/04/23 20:46:24 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)
SRV - [2009/02/06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/01/21 02:04:00 | 000,618,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/12/24 00:02:29 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/10 21:19:52 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2008/04/20 20:46:20 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/11/26 15:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2004/08/04 08:00:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- -- (SpyEmrg)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NTACCESS)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (FLASHSYS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Robert\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2013/11/26 10:46:08 | 000,120,616 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/06/30 11:08:24 | 000,066,320 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PDFsFilter.sys -- (PDFSFilter)
DRV - [2011/06/30 11:07:32 | 000,138,768 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2010/06/14 14:54:30 | 000,069,976 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/06/14 14:54:30 | 000,021,464 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2010/05/13 07:56:22 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/10/24 23:17:05 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpm174.sys -- (tdrpman174)
DRV - [2009/10/24 23:16:58 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2009/10/24 23:16:58 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/10/24 23:16:55 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snman380.sys -- (snapman380)
DRV - [2009/02/06 14:24:22 | 000,056,280 | ---- | M] (ESET) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/02/06 14:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/02/06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007/12/06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/10/03 22:55:36 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007/10/03 22:55:28 | 000,015,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2007/10/03 22:55:08 | 000,080,424 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SI3132.sys -- (SI3132)
DRV - [2007/01/14 15:15:03 | 000,062,592 | ---- | M] (Chic Tech.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/12/21 16:26:00 | 004,405,248 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006/07/27 11:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2004/11/05 12:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/10/14 05:52:28 | 000,004,962 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://easy-google-search.blogspot.com
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://easy-google-search.blogspot.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://www.google.co...ie=ISO-8859-1="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/10/02 06:39:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Extensions
[2013/09/26 22:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default\extensions
[2014/02/15 09:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/15 09:17:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========


O1 HOSTS File: ([2014/03/03 17:59:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-299502267-789336058-725345543-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....ek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB (FixItClient Class)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1292380760937 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1220411993917 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1343529479926 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} http://eserv.sympati...adaPortalAX.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B4B5C21-DA99-4096-8820-43DC9BA3E4E3}: NameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/03 18:07:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *SBBD.exe /d \Device\HarddiskVolume1\Program Files\Sunbelt Software\CounterSpy\Definitions)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-19..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-20..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-299502267-789336058-725345543-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/03/06 00:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2014/03/06 00:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Desktop\mbar
[2014/03/06 00:00:24 | 012,589,848 | ---- | C] (Malwarebytes Corp.) -- C:\Documents and Settings\Robert\Desktop\mbar-1.07.0.1009.exe
[2014/03/04 20:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\Orneon
[2014/03/04 20:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2014/03/04 20:42:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/03/03 17:39:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/03/03 17:39:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/03/03 17:39:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/03/03 17:39:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/03/03 17:39:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/03/03 17:28:21 | 005,186,850 | R--- | C] (Swearware) -- C:\Documents and Settings\Robert\Desktop\ComboFix.exe
[2014/03/02 14:28:16 | 001,037,734 | ---- | C] (Thisisu) -- C:\Documents and Settings\Robert\Desktop\JRT.exe
[2014/03/02 14:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2014/03/02 14:14:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2014/03/02 14:12:01 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Robert\Desktop\erunt_setup.exe
[2014/03/01 17:23:48 | 000,000,000 | ---D | C] -- C:\FRST
[2014/03/01 17:23:07 | 001,144,320 | ---- | C] (Farbar) -- C:\Documents and Settings\Robert\Desktop\FRST.exe
[2014/03/01 17:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\CC Support
[2014/03/01 13:11:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/03/01 12:54:16 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Robert\Desktop\tdsskiller.exe
[2014/03/01 12:47:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/28 17:43:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2014/02/24 17:50:23 | 000,000,000 | ---D | C] -- C:\HP Scans
[2014/02/23 18:24:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Local Settings\Application Data\LogMeIn Client
[2014/02/22 23:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2014/02/22 23:45:10 | 003,649,536 | ---- | C] (x264vfw project) -- C:\WINDOWS\System32\x264vfw.dll
[2014/02/22 23:45:08 | 000,122,880 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2014/02/22 16:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Powertoys for Windows XP
[2014/02/20 00:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\My Documents\MPC-HC Capture
[2014/02/15 15:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\GrandMA Studios
[2014/02/15 09:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/14 18:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\BlamGames
[2008/08/16 09:32:00 | 000,267,056 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\Robert\utorrent.exe
[2007/03/23 17:38:21 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Robert\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2014/03/13 22:27:41 | 000,013,710 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/13 22:26:42 | 000,273,231 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2014/03/13 22:26:39 | 000,000,218 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/03/13 22:26:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/13 22:26:32 | 000,000,224 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/03/13 22:26:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/13 22:16:06 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Outlook 2007.lnk
[2014/03/13 22:09:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/13 22:06:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/12 23:32:23 | 001,715,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/03/12 23:26:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/03/12 22:45:22 | 000,596,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/12 22:45:22 | 000,112,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/06 17:28:33 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/03/06 00:00:29 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Documents and Settings\Robert\Desktop\mbar-1.07.0.1009.exe
[2014/03/05 07:51:30 | 000,003,274 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Wmi.reg
[2014/03/04 21:01:54 | 000,001,183 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\AgencyofAnomalies.lnk
[2014/03/04 17:52:14 | 005,186,850 | R--- | M] (Swearware) -- C:\Documents and Settings\Robert\Desktop\ComboFix.exe
[2014/03/03 17:59:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/03/02 14:47:22 | 000,987,425 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\SecurityCheck.exe
[2014/03/02 14:28:16 | 001,037,734 | ---- | M] (Thisisu) -- C:\Documents and Settings\Robert\Desktop\JRT.exe
[2014/03/02 14:21:59 | 001,244,192 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\AdwCleaner.exe
[2014/03/02 14:14:29 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\ERUNT.lnk
[2014/03/02 14:12:01 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Robert\Desktop\erunt_setup.exe
[2014/03/01 17:23:07 | 001,144,320 | ---- | M] (Farbar) -- C:\Documents and Settings\Robert\Desktop\FRST.exe
[2014/03/01 17:14:31 | 004,009,167 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\ServicesRepair.exe
[2014/03/01 15:57:20 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Word 2007.lnk
[2014/03/01 13:18:57 | 000,869,456 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Norton_Removal_Tool.exe
[2014/03/01 12:54:20 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Robert\Desktop\tdsskiller.exe
[2014/02/28 17:43:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2014/02/25 14:55:45 | 000,354,923 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Scan0002.pdf
[2014/02/24 21:13:57 | 001,376,794 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Little Miracles Documents.pdf
[2014/02/23 17:56:36 | 000,235,620 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\contract #3370972.pdf
[2014/02/22 23:45:13 | 000,000,936 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2014/02/22 13:21:31 | 000,079,268 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Direct Deposit form.pdf
[2014/02/22 13:20:39 | 000,141,685 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Little Miracles- Donor Responsibility Acknowledgement - Copy.pdf
[2014/02/22 13:19:04 | 000,056,752 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Donor Acknowledgement.pdf
[2014/02/22 13:17:34 | 000,065,062 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\document.pdf
[2014/02/20 19:55:40 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Excel 2007.lnk

========== Files Created - No Company Name ==========

[2014/03/12 23:32:28 | 000,000,224 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/03/12 23:32:28 | 000,000,218 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/03/05 07:51:29 | 000,003,274 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\Wmi.reg
[2014/03/04 21:01:58 | 000,001,183 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\AgencyofAnomalies.lnk
[2014/03/03 17:39:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/03/03 17:39:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/03/03 17:39:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/03/03 17:39:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/03/03 17:39:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/03/02 14:47:22 | 000,987,425 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\SecurityCheck.exe
[2014/03/02 14:21:59 | 001,244,192 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\AdwCleaner.exe
[2014/03/02 14:14:29 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\ERUNT.lnk
[2014/03/01 17:14:25 | 004,009,167 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\ServicesRepair.exe
[2014/03/01 13:18:57 | 000,869,456 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\Norton_Removal_Tool.exe
[2014/02/25 14:55:45 | 000,354,923 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Scan0002.pdf
[2014/02/24 21:13:57 | 001,376,794 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Little Miracles Documents.pdf
[2014/02/23 22:27:46 | 000,282,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/02/23 17:56:36 | 000,235,620 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\contract #3370972.pdf
[2014/02/22 23:45:13 | 000,000,936 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2014/02/22 23:45:11 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2014/02/22 23:45:10 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2014/02/22 23:45:10 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2014/02/22 23:45:02 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2014/02/22 13:21:44 | 000,079,268 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Direct Deposit form.pdf
[2014/02/22 13:20:44 | 000,141,685 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Little Miracles- Donor Responsibility Acknowledgement - Copy.pdf
[2014/02/22 13:19:07 | 000,056,752 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Donor Acknowledgement.pdf
[2014/02/22 13:17:43 | 000,065,062 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\document.pdf
[2014/02/12 17:52:37 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/09/14 20:49:28 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/07/18 20:48:06 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013/07/18 20:48:06 | 000,000,012 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2013/07/18 20:48:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2013/07/18 20:46:52 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2013/04/06 22:47:47 | 000,002,017 | ---- | C] () -- C:\Documents and Settings\Robert\April 6. 2013 Devious.sud
[2012/04/03 22:24:54 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar39.dll
[2011/01/27 19:55:00 | 000,028,953 | ---- | C] () -- C:\Documents and Settings\Robert\Superior Account.pdf
[2010/12/13 18:01:00 | 000,661,626 | ---- | C] () -- C:\Documents and Settings\Robert\Toesy.jpg
[2010/11/02 23:03:23 | 000,256,334 | ---- | C] () -- C:\Documents and Settings\Robert\B4635100
[2010/10/24 17:36:21 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\housecall.guid.cache
[2009/09/24 18:41:54 | 005,257,216 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\mfm2_database.dat
[2008/09/11 00:20:31 | 050,495,934 | ---- | C] () -- C:\Documents and Settings\Robert\ALC880_882_Vista_6015350.zip
[2008/08/30 12:14:22 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\netstat.bat
[2007/12/31 10:03:09 | 003,435,064 | ---- | C] () -- C:\Documents and Settings\Robert\Rotel 812 Repair Manual.pdf
[2007/11/25 23:46:48 | 000,000,123 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/08/25 14:19:48 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\rx_audio.Cache
[2007/03/23 17:38:21 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\ezpinst.exe
[2007/03/23 17:38:21 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\pcouffin.cat
[2007/03/23 17:38:21 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\pcouffin.inf
[2007/01/25 23:46:40 | 001,462,572 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\rx_image.Cache
[2006/10/01 00:17:08 | 000,014,958 | ---- | C] () -- C:\Documents and Settings\Robert\Start Menu.daa
[2006/07/26 17:35:26 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Robert\mylist.dat
[2006/07/25 17:22:41 | 000,002,863 | ---- | C] () -- C:\Documents and Settings\Robert\report.htm
[2006/06/11 03:32:06 | 000,218,624 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/09 23:03:02 | 000,361,512 | ---- | C] ( ) -- C:\Documents and Settings\Robert\Google_Earth_Pro_Patch_Setup.exe

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/10/25 19:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2008/05/23 00:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/04/05 19:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/10/26 19:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\casualArts
[2012/10/25 19:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2011/03/04 19:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/07/22 21:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COSMOS Applications
[2010/08/14 22:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Curious Sense
[2013/12/05 01:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DailyMagic
[2008/07/10 21:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2012/04/19 18:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dvdfab
[2014/01/20 18:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy CD-DA Extractor
[2007/11/25 23:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2013/12/23 18:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elephant Games
[2009/04/12 23:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/12/28 23:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/12/13 01:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2011/03/05 23:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GestaltGames
[2010/11/22 23:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008/12/20 13:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWaveCDDB
[2011/01/17 17:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Green Clover Games
[2008/02/14 17:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2012/09/26 22:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Happy Artist Studio
[2010/01/18 18:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/10/27 10:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitPoint Studios
[2007/07/19 19:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2012/07/07 12:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/06/12 19:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2011/02/24 18:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LittleGamesCompany
[2014/02/23 18:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/01/23 17:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\logs
[2011/12/26 16:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaArt
[2010/12/18 01:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2012/01/06 21:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Namco
[2012/11/16 21:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Odian Games
[2007/04/30 16:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
[2011/03/08 18:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/02/20 20:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prevx
[2009/09/20 23:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2008/04/29 21:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G4
[2008/04/29 21:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2013/07/11 11:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/03/01 19:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2012/04/03 22:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/02/28 20:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2012/04/21 19:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/12/18 09:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SOS
[2011/03/04 19:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2013/02/10 17:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2014/03/13 21:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/30 20:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Inquisitor
[2012/01/28 18:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheFallTrilogyEp3-BF
[2013/07/12 17:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Top Evidence
[2007/07/24 22:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/12/24 02:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/25 21:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Acronis
[2014/02/04 19:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Anarchy
[2012/07/30 14:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Artifex Mundi
[2013/05/10 20:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Artogon
[2008/05/23 00:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Autodesk
[2014/02/14 18:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\BlamGames
[2014/02/19 17:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Blue Tea Games
[2014/02/15 12:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Boomzap
[2012/12/09 22:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Brabl
[2012/07/30 14:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Casual Box
[2012/10/26 19:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\casualArts
[2013/10/06 21:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Chayowo Games
[2010/08/14 22:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Curious Sense
[2013/12/05 01:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DailyMagic
[2013/10/07 12:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DanceOfDeath
[2008/07/10 21:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DassaultSystemes
[2014/02/04 21:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Deep Shadows
[2007/01/07 01:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Design Science
[2007/02/04 23:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Downloaded Installations
[2012/08/25 14:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DVDFab
[2007/01/16 18:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DWGeditor
[2014/01/20 20:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Eipix
[2013/12/23 18:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Elephant Games
[2011/03/26 11:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ElevatedDiagnostics
[2011/04/22 22:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Enki Games
[2013/03/19 16:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\EntwinedSoD
[2014/02/19 17:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ERS Game Studios
[2009/04/12 23:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ESET
[2013/03/09 20:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\EurekaLog
[2013/12/04 14:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\FarmMystery
[2014/01/05 23:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\FGS
[2014/01/12 21:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Frogwares
[2012/07/07 11:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\GameInvest
[2012/07/02 10:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Gogii
[2014/02/15 15:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\GrandMA Studios
[2014/01/17 11:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Gunnar Games
[2012/04/02 16:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\HdO Adventure
[2011/03/25 17:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\IBAGroup
[2010/11/15 01:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\IM
[2008/09/07 00:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ImgBurn
[2012/01/15 12:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\IObit
[2012/09/27 16:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Jetdogs Studios
[2007/03/28 19:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Leadertech
[2011/02/20 23:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MA2
[2013/11/08 17:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Mad Head Games
[2013/01/16 18:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MagicIndie
[2008/05/16 00:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Maple
[2014/01/26 22:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Mariaglorum
[2008/08/28 23:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MenuShrink
[2013/12/12 21:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Meridian93
[2014/02/11 17:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MPC-HC
[2011/04/18 19:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\My Games
[2012/01/06 21:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Namco
[2006/11/08 19:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Netscape
[2013/04/17 22:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Organic 2 Digital
[2014/03/04 20:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Orneon
[2012/08/17 21:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\PFStaticIP
[2010/12/26 19:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Photodex
[2013/07/12 15:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\PuzzleLab
[2007/01/25 21:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\River Past G4
[2008/04/29 21:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\River Past G5
[2007/06/21 23:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Scooter Software
[2012/04/03 22:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Simply Super Software
[2012/12/09 22:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Skunk Studios
[2008/05/08 19:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\sldIM
[2014/02/24 23:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Specialbit
[2011/01/08 18:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Spider Player
[2011/04/09 13:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\SpinTop
[2012/06/30 20:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\The Inquisitor
[2012/07/07 11:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\TripleHippo
[2010/07/25 17:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\URSoft
[2014/03/13 22:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\uTorrent
[2013/10/22 22:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Vast Studios
[2010/10/16 18:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\VirtualStore
[2011/04/10 15:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Vso
[2012/01/02 13:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\WhiteBirdsProductions
[2006/07/14 18:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\WinPatrol

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/13 20:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 20:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 09:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 20:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 20:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 13:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 20:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 20:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 20:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 20:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 20:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 20:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 20:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 20:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 20:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 20:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 20:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/13 20:12:07 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 20:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 20:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 20:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 20:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 20:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 20:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 20:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/13 20:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 20:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 08:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/13 20:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 20:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 02:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< >
[2006/06/03 18:05:58 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2006/06/03 18:31:49 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2010/03/11 23:40:53 | 000,000,882 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2010/03/11 23:40:53 | 000,000,886 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2013/05/25 08:34:14 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2014/03/12 23:32:28 | 000,000,218 | ---- | C] () -- C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/03/12 23:32:28 | 000,000,224 | ---- | C] () -- C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5B07840

< End of report >


OTL logfile created on: 3/13/2014 10:39:34 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Robert\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 71.93% Memory free
3.85 Gb Paging File | 3.45 Gb Available in Paging File | 89.60% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 200.31 Gb Free Space | 67.20% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 149.33 Gb Free Space | 32.06% Space Free | Partition Type: NTFS
Drive Z: | 465.76 Gb Total Space | 389.08 Gb Free Space | 83.54% Space Free | Partition Type: NTFS

Computer Name: FIRSTBUILD | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/28 17:43:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
PRC - [2011/07/07 12:59:26 | 001,252,616 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2010/08/20 09:38:44 | 001,348,944 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
PRC - [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
PRC - [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe
PRC - [2009/04/23 20:46:24 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe
PRC - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/02/06 14:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/01/21 02:05:18 | 000,960,560 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/01/21 02:04:00 | 000,618,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/01/21 01:59:56 | 004,359,600 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/06/11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/07 11:24:42 | 000,178,464 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libMachoUniv.dll
MOD - [2014/02/07 11:24:41 | 000,190,752 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libBase64.dll
MOD - [2010/07/15 16:46:26 | 000,300,368 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\vipre.dll
MOD - [2010/03/08 22:55:56 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2009/04/23 20:46:24 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe
MOD - [2005/12/22 17:28:40 | 000,160,768 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\unrar.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/03/13 00:09:33 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 09:17:30 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/07/07 12:59:26 | 001,252,616 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2011/07/07 12:59:18 | 002,111,752 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe -- (PDEngine)
SRV - [2010/09/01 15:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2009/04/23 20:46:24 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)
SRV - [2009/02/06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/01/21 02:04:00 | 000,618,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/12/24 00:02:29 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/10 21:19:52 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2008/04/20 20:46:20 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/11/26 15:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2004/08/04 08:00:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- -- (SpyEmrg)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NTACCESS)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (FLASHSYS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Robert\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2013/11/26 10:46:08 | 000,120,616 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/06/30 11:08:24 | 000,066,320 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PDFsFilter.sys -- (PDFSFilter)
DRV - [2011/06/30 11:07:32 | 000,138,768 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2010/06/14 14:54:30 | 000,069,976 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/06/14 14:54:30 | 000,021,464 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2010/05/13 07:56:22 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/10/24 23:17:05 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpm174.sys -- (tdrpman174)
DRV - [2009/10/24 23:16:58 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2009/10/24 23:16:58 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/10/24 23:16:55 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snman380.sys -- (snapman380)
DRV - [2009/02/06 14:24:22 | 000,056,280 | ---- | M] (ESET) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/02/06 14:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/02/06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007/12/06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/10/03 22:55:36 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007/10/03 22:55:28 | 000,015,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2007/10/03 22:55:08 | 000,080,424 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SI3132.sys -- (SI3132)
DRV - [2007/01/14 15:15:03 | 000,062,592 | ---- | M] (Chic Tech.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/12/21 16:26:00 | 004,405,248 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006/07/27 11:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2004/11/05 12:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/10/14 05:52:28 | 000,004,962 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://easy-google-search.blogspot.com
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://easy-google-search.blogspot.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://www.google.co...ie=ISO-8859-1="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/10/02 06:39:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Extensions
[2013/09/26 22:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default\extensions
[2014/02/15 09:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/15 09:17:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========


O1 HOSTS File: ([2014/03/03 17:59:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-299502267-789336058-725345543-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....ek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB (FixItClient Class)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1292380760937 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1220411993917 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1343529479926 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} http://eserv.sympati...adaPortalAX.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B4B5C21-DA99-4096-8820-43DC9BA3E4E3}: NameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/03 18:07:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *SBBD.exe /d \Device\HarddiskVolume1\Program Files\Sunbelt Software\CounterSpy\Definitions)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-19..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-20..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-299502267-789336058-725345543-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/03/06 00:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2014/03/06 00:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Desktop\mbar
[2014/03/06 00:00:24 | 012,589,848 | ---- | C] (Malwarebytes Corp.) -- C:\Documents and Settings\Robert\Desktop\mbar-1.07.0.1009.exe
[2014/03/04 20:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\Orneon
[2014/03/04 20:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2014/03/04 20:42:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/03/03 17:39:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/03/03 17:39:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/03/03 17:39:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/03/03 17:39:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/03/03 17:39:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/03/03 17:28:21 | 005,186,850 | R--- | C] (Swearware) -- C:\Documents and Settings\Robert\Desktop\ComboFix.exe
[2014/03/02 14:28:16 | 001,037,734 | ---- | C] (Thisisu) -- C:\Documents and Settings\Robert\Desktop\JRT.exe
[2014/03/02 14:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2014/03/02 14:14:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2014/03/02 14:12:01 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Robert\Desktop\erunt_setup.exe
[2014/03/01 17:23:48 | 000,000,000 | ---D | C] -- C:\FRST
[2014/03/01 17:23:07 | 001,144,320 | ---- | C] (Farbar) -- C:\Documents and Settings\Robert\Desktop\FRST.exe
[2014/03/01 17:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\CC Support
[2014/03/01 13:11:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/03/01 12:54:16 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Robert\Desktop\tdsskiller.exe
[2014/03/01 12:47:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/28 17:43:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2014/02/24 17:50:23 | 000,000,000 | ---D | C] -- C:\HP Scans
[2014/02/23 18:24:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Local Settings\Application Data\LogMeIn Client
[2014/02/22 23:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2014/02/22 23:45:10 | 003,649,536 | ---- | C] (x264vfw project) -- C:\WINDOWS\System32\x264vfw.dll
[2014/02/22 23:45:08 | 000,122,880 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2014/02/22 16:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Powertoys for Windows XP
[2014/02/20 00:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\My Documents\MPC-HC Capture
[2014/02/15 15:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\GrandMA Studios
[2014/02/15 09:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/14 18:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\BlamGames
[2008/08/16 09:32:00 | 000,267,056 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\Robert\utorrent.exe
[2007/03/23 17:38:21 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Robert\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2014/03/13 22:27:41 | 000,013,710 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/13 22:26:42 | 000,273,231 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2014/03/13 22:26:39 | 000,000,218 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/03/13 22:26:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/13 22:26:32 | 000,000,224 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/03/13 22:26:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/13 22:16:06 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Outlook 2007.lnk
[2014/03/13 22:09:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/13 22:06:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/12 23:32:23 | 001,715,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/03/12 23:26:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/03/12 22:45:22 | 000,596,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/12 22:45:22 | 000,112,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/06 17:28:33 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/03/06 00:00:29 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Documents and Settings\Robert\Desktop\mbar-1.07.0.1009.exe
[2014/03/05 07:51:30 | 000,003,274 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Wmi.reg
[2014/03/04 21:01:54 | 000,001,183 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\AgencyofAnomalies.lnk
[2014/03/04 17:52:14 | 005,186,850 | R--- | M] (Swearware) -- C:\Documents and Settings\Robert\Desktop\ComboFix.exe
[2014/03/03 17:59:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/03/02 14:47:22 | 000,987,425 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\SecurityCheck.exe
[2014/03/02 14:28:16 | 001,037,734 | ---- | M] (Thisisu) -- C:\Documents and Settings\Robert\Desktop\JRT.exe
[2014/03/02 14:21:59 | 001,244,192 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\AdwCleaner.exe
[2014/03/02 14:14:29 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\ERUNT.lnk
[2014/03/02 14:12:01 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Robert\Desktop\erunt_setup.exe
[2014/03/01 17:23:07 | 001,144,320 | ---- | M] (Farbar) -- C:\Documents and Settings\Robert\Desktop\FRST.exe
[2014/03/01 17:14:31 | 004,009,167 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\ServicesRepair.exe
[2014/03/01 15:57:20 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Word 2007.lnk
[2014/03/01 13:18:57 | 000,869,456 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Norton_Removal_Tool.exe
[2014/03/01 12:54:20 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Robert\Desktop\tdsskiller.exe
[2014/02/28 17:43:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2014/02/25 14:55:45 | 000,354,923 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Scan0002.pdf
[2014/02/24 21:13:57 | 001,376,794 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Little Miracles Documents.pdf
[2014/02/23 17:56:36 | 000,235,620 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\contract #3370972.pdf
[2014/02/22 23:45:13 | 000,000,936 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2014/02/22 13:21:31 | 000,079,268 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Direct Deposit form.pdf
[2014/02/22 13:20:39 | 000,141,685 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Little Miracles- Donor Responsibility Acknowledgement - Copy.pdf
[2014/02/22 13:19:04 | 000,056,752 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Donor Acknowledgement.pdf
[2014/02/22 13:17:34 | 000,065,062 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\document.pdf
[2014/02/20 19:55:40 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Excel 2007.lnk

========== Files Created - No Company Name ==========

[2014/03/12 23:32:28 | 000,000,224 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/03/12 23:32:28 | 000,000,218 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/03/05 07:51:29 | 000,003,274 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\Wmi.reg
[2014/03/04 21:01:58 | 000,001,183 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\AgencyofAnomalies.lnk
[2014/03/03 17:39:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/03/03 17:39:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/03/03 17:39:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/03/03 17:39:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/03/03 17:39:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/03/02 14:47:22 | 000,987,425 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\SecurityCheck.exe
[2014/03/02 14:21:59 | 001,244,192 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\AdwCleaner.exe
[2014/03/02 14:14:29 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\ERUNT.lnk
[2014/03/01 17:14:25 | 004,009,167 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\ServicesRepair.exe
[2014/03/01 13:18:57 | 000,869,456 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\Norton_Removal_Tool.exe
[2014/02/25 14:55:45 | 000,354,923 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Scan0002.pdf
[2014/02/24 21:13:57 | 001,376,794 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Little Miracles Documents.pdf
[2014/02/23 22:27:46 | 000,282,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/02/23 17:56:36 | 000,235,620 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\contract #3370972.pdf
[2014/02/22 23:45:13 | 000,000,936 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2014/02/22 23:45:11 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2014/02/22 23:45:10 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2014/02/22 23:45:10 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2014/02/22 23:45:02 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2014/02/22 13:21:44 | 000,079,268 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Direct Deposit form.pdf
[2014/02/22 13:20:44 | 000,141,685 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Little Miracles- Donor Responsibility Acknowledgement - Copy.pdf
[2014/02/22 13:19:07 | 000,056,752 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Donor Acknowledgement.pdf
[2014/02/22 13:17:43 | 000,065,062 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\document.pdf
[2014/02/12 17:52:37 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/09/14 20:49:28 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/07/18 20:48:06 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013/07/18 20:48:06 | 000,000,012 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2013/07/18 20:48:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2013/07/18 20:46:52 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2013/04/06 22:47:47 | 000,002,017 | ---- | C] () -- C:\Documents and Settings\Robert\April 6. 2013 Devious.sud
[2012/04/03 22:24:54 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar39.dll
[2011/01/27 19:55:00 | 000,028,953 | ---- | C] () -- C:\Documents and Settings\Robert\Superior Account.pdf
[2010/12/13 18:01:00 | 000,661,626 | ---- | C] () -- C:\Documents and Settings\Robert\Toesy.jpg
[2010/11/02 23:03:23 | 000,256,334 | ---- | C] () -- C:\Documents and Settings\Robert\B4635100
[2010/10/24 17:36:21 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\housecall.guid.cache
[2009/09/24 18:41:54 | 005,257,216 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\mfm2_database.dat
[2008/09/11 00:20:31 | 050,495,934 | ---- | C] () -- C:\Documents and Settings\Robert\ALC880_882_Vista_6015350.zip
[2008/08/30 12:14:22 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\netstat.bat
[2007/12/31 10:03:09 | 003,435,064 | ---- | C] () -- C:\Documents and Settings\Robert\Rotel 812 Repair Manual.pdf
[2007/11/25 23:46:48 | 000,000,123 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/08/25 14:19:48 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\rx_audio.Cache
[2007/03/23 17:38:21 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\ezpinst.exe
[2007/03/23 17:38:21 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\pcouffin.cat
[2007/03/23 17:38:21 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\pcouffin.inf
[2007/01/25 23:46:40 | 001,462,572 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\rx_image.Cache
[2006/10/01 00:17:08 | 000,014,958 | ---- | C] () -- C:\Documents and Settings\Robert\Start Menu.daa
[2006/07/26 17:35:26 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Robert\mylist.dat
[2006/07/25 17:22:41 | 000,002,863 | ---- | C] () -- C:\Documents and Settings\Robert\report.htm
[2006/06/11 03:32:06 | 000,218,624 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/09 23:03:02 | 000,361,512 | ---- | C] ( ) -- C:\Documents and Settings\Robert\Google_Earth_Pro_Patch_Setup.exe

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/10/25 19:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2008/05/23 00:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/04/05 19:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/10/26 19:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\casualArts
[2012/10/25 19:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2011/03/04 19:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/07/22 21:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COSMOS Applications
[2010/08/14 22:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Curious Sense
[2013/12/05 01:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DailyMagic
[2008/07/10 21:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2012/04/19 18:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dvdfab
[2014/01/20 18:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy CD-DA Extractor
[2007/11/25 23:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2013/12/23 18:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elephant Games
[2009/04/12 23:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/12/28 23:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/12/13 01:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2011/03/05 23:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GestaltGames
[2010/11/22 23:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008/12/20 13:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWaveCDDB
[2011/01/17 17:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Green Clover Games
[2008/02/14 17:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2012/09/26 22:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Happy Artist Studio
[2010/01/18 18:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/10/27 10:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitPoint Studios
[2007/07/19 19:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2012/07/07 12:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/06/12 19:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2011/02/24 18:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LittleGamesCompany
[2014/02/23 18:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/01/23 17:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\logs
[2011/12/26 16:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaArt
[2010/12/18 01:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2012/01/06 21:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Namco
[2012/11/16 21:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Odian Games
[2007/04/30 16:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
[2011/03/08 18:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/02/20 20:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prevx
[2009/09/20 23:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2008/04/29 21:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G4
[2008/04/29 21:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2013/07/11 11:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/03/01 19:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2012/04/03 22:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/02/28 20:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2012/04/21 19:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/12/18 09:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SOS
[2011/03/04 19:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2013/02/10 17:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2014/03/13 21:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/30 20:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Inquisitor
[2012/01/28 18:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheFallTrilogyEp3-BF
[2013/07/12 17:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Top Evidence
[2007/07/24 22:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/12/24 02:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/25 21:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Acronis
[2014/02/04 19:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Anarchy
[2012/07/30 14:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Artifex Mundi
[2013/05/10 20:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Artogon
[2008/05/23 00:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Autodesk
[2014/02/14 18:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\BlamGames
[2014/02/19 17:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Blue Tea Games
[2014/02/15 12:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Boomzap
[2012/12/09 22:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Brabl
[2012/07/30 14:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Casual Box
[2012/10/26 19:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\casualArts
[2013/10/06 21:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Chayowo Games
[2010/08/14 22:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Curious Sense
[2013/12/05 01:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DailyMagic
[2013/10/07 12:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DanceOfDeath
[2008/07/10 21:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DassaultSystemes
[2014/02/04 21:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Deep Shadows
[2007/01/07 01:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Design Science
[2007/02/04 23:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Downloaded Installations
[2012/08/25 14:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DVDFab
[2007/01/16 18:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DWGeditor
[2014/01/20 20:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Eipix
[2013/12/23 18:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Elephant Games
[2011/03/26 11:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ElevatedDiagnostics
[2011/04/22 22:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Enki Games
[2013/03/19 16:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\EntwinedSoD
[2014/02/19 17:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ERS Game Studios
[2009/04/12 23:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ESET
[2013/03/09 20:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\EurekaLog
[2013/12/04 14:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\FarmMystery
[2014/01/05 23:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\FGS
[2014/01/12 21:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Frogwares
[2012/07/07 11:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\GameInvest
[2012/07/02 10:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Gogii
[2014/02/15 15:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\GrandMA Studios
[2014/01/17 11:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Gunnar Games
[2012/04/02 16:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\HdO Adventure
[2011/03/25 17:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\IBAGroup
[2010/11/15 01:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\IM
[2008/09/07 00:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ImgBurn
[2012/01/15 12:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\IObit
[2012/09/27 16:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Jetdogs Studios
[2007/03/28 19:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Leadertech
[2011/02/20 23:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MA2
[2013/11/08 17:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Mad Head Games
[2013/01/16 18:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MagicIndie
[2008/05/16 00:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Maple
[2014/01/26 22:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Mariaglorum
[2008/08/28 23:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MenuShrink
[2013/12/12 21:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Meridian93
[2014/02/11 17:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MPC-HC
[2011/04/18 19:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\My Games
[2012/01/06 21:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Namco
[2006/11/08 19:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Netscape
[2013/04/17 22:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Organic 2 Digital
[2014/03/04 20:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Orneon
[2012/08/17 21:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\PFStaticIP
[2010/12/26 19:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Photodex
[2013/07/12 15:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\PuzzleLab
[2007/01/25 21:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\River Past G4
[2008/04/29 21:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\River Past G5
[2007/06/21 23:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Scooter Software
[2012/04/03 22:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Simply Super Software
[2012/12/09 22:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Skunk Studios
[2008/05/08 19:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\sldIM
[2014/02/24 23:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Specialbit
[2011/01/08 18:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Spider Player
[2011/04/09 13:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\SpinTop
[2012/06/30 20:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\The Inquisitor
[2012/07/07 11:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\TripleHippo
[2010/07/25 17:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\URSoft
[2014/03/13 22:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\uTorrent
[2013/10/22 22:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Vast Studios
[2010/10/16 18:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\VirtualStore
[2011/04/10 15:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Vso
[2012/01/02 13:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\WhiteBirdsProductions
[2006/07/14 18:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\WinPatrol

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/13 20:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 20:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 09:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 20:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 20:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 13:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 20:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 20:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 20:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 20:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 20:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 20:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 20:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 20:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 20:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 20:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 20:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/13 20:12:07 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 20:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 20:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 20:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 20:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 20:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 20:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 20:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/13 20:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 20:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 08:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/13 20:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 20:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 02:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< >
[2006/06/03 18:05:58 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2006/06/03 18:31:49 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2010/03/11 23:40:53 | 000,000,882 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2010/03/11 23:40:53 | 000,000,886 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2013/05/25 08:34:14 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2014/03/12 23:32:28 | 000,000,218 | ---- | C] () -- C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/03/12 23:32:28 | 000,000,224 | ---- | C] () -- C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5B07840

< End of report >



  • 0

#27
Crowbar
Posted 14 March 2014 - 06:21 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi there,
Ok, that last log looks good.
You may have noticed an "end of life" message from Windows XP, this will continue to show even after April 8.
We are concerned that the bad guys out there are planning to use a bunch of exploits after that date, so I do encourage you to switch to Vista or above.
There is no direct upgrade from XP to the newer operating systems, but you can back up your data and move it to a new machine.

I would like you to go back to your original thread, my colleague philpower2 should be able to fix your original issue now, you will be in good hands with him.

Having said that....

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:


We need to remove the tools we've used during cleaning your machine

Uninstall ComboFix

  • Press the Windows key and R on the keyboard, this opens the Run box
  • In the run box, please type Combofix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the instructions on the screen
  • A message should appear confirming that ComboFix was uninstalled


  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Create registry backup
  • Purge system restore
Posted Image

<li>Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply


Posted Image
Do you use Java If you do not use it, you are better off uninstalling it completely. Go to your Control Panel, Uninstall a Program, then find any instance of Java in the list and click on Uninstall - do this until there are no instances of Java in the list. If you do use Java....
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent
Please intstall this program to ensure that the crypto ransomware malware does not take hold of your system.
Posted Image


Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programs on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read these two articles:
How did I get infected in the first place ?
So how did I get infectd in the first place

Keep safe :wave:
  • 0

#28
Jackpine
Posted 14 March 2014 - 02:35 PM

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts
Thank you very much Crowbar! I really appreciate all your time and effort in helping me out. :)

I'll go over to the Hardware Forum and reconnect with philpower2 to hopefully solve the dvd drive issue.

Thanks again.
  • 0

#29
Crowbar
Posted 14 March 2014 - 07:20 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hey,
You are most welcome! It's been a pleasure working with you! :cool:
  • 0

#30
Crowbar
Posted 17 March 2014 - 06:24 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP