Jump to content

Recommended Posts

Hello again MBF,

 

After doing a semi-routine scan of my parents' desktop PC, MBAM has found "Hijack.userinit.gen" and a large number of "Stolen.Data" files that end in .dc. I am concerned as to what this 'Stolen.Data' is and how it got there, and how to make sure it doesn't come back.  :unsure:

 

Here is the mbam log (also the dds.txt log is below and attach.txt is attached):

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/28/2014
Scan Time: 7:49:45 PM
Logfile: mbam1.txt
Administrator: Yes
 
Version: 2.00.0.1000
Malware Database: v2014.03.28.08
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Administrator
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 224600
Time Elapsed: 41 min, 47 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 3
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),,
 
[bcecb55337449a9cb2db9d6816ee2ed2]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),,
 
[d3d507014b303501c3cc7c895ba9c838]
Hijack.UserInit.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit, C:\WINXP\system32\userinit.exe,C:\Documents 
 
and Settings\Administrator\My Documents\MSDCSC\msdcsc.exe, Good: (userinit.exe), Bad: (C:\WINXP\system32\userinit.exe,C:\Documents and 
 
Settings\Administrator\My Documents\MSDCSC\msdcsc.exe),,[228695736714a98ddfaa48bb5da7d12f]
 
Folders: 1
Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs, , [d9cf3acecab137ff25f6ff386e95b14f], 
 
Files: 23
Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-08-03-6.dc, , [d9cf3acecab137ff25f6ff386e95b14f], 
Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-10-11-5.dc, , [d9cf3acecab137ff25f6ff386e95b14f], 
Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-08-11-7.dc, , [d9cf3acecab137ff25f6ff386e95b14f], 
Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-08-15-4.dc, , [d9cf3acecab137ff25f6ff386e95b14f], 
Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-08-16-5.dc, , [d9cf3acecab137ff25f6ff386e95b14f], 
Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-08-24-6.dc, , [d9cf3acecab137ff25f6ff386e95b14f], 
Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-08-25-7.dc, , [d9cf3acecab137ff25f6ff386e95b14f], 
Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-08-28-3.dc, , [d9cf3acecab137ff25f6ff386e95b14f], 
Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-09-03-2.dc, , [d9cf3acecab137ff25f6ff386e95b14f], 
Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-09-06-5.dc, , [d9cf3acecab137ff25f6ff386e95b14f], 
Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-09-09-1.dc, , [d9cf3acecab137ff25f6ff386e95b14f], 
Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-09-20-5.dc, , [d9cf3acecab137ff25f6ff386e95b14f], 
Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-09-22-7.dc, , [d9cf3acecab137ff25f6ff386e95b14f], 
Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-09-24-2.dc, , [d9cf3acecab137ff25f6ff386e95b14f], 
Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-09-30-1.dc, , [d9cf3acecab137ff25f6ff386e95b14f], 
Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-10-17-4.dc, , [d9cf3acecab137ff25f6ff386e95b14f], 
Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-10-30-3.dc, , [d9cf3acecab137ff25f6ff386e95b14f], 
Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-11-01-5.dc, , [d9cf3acecab137ff25f6ff386e95b14f], 
Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-11-15-5.dc, , [d9cf3acecab137ff25f6ff386e95b14f], 
Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-11-19-2.dc, , [d9cf3acecab137ff25f6ff386e95b14f], 
Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-11-21-4.dc, , [d9cf3acecab137ff25f6ff386e95b14f], 
Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-11-22-5.dc, , [d9cf3acecab137ff25f6ff386e95b14f], 
Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-11-29-5.dc, , [d9cf3acecab137ff25f6ff386e95b14f], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
===================================================================================================================================================================
 
DDS.txt:
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.5.1
Run by Administrator at 21:17:28 on 2014-03-28
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1278.552 [GMT -3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\wuauclt.exe
C:\WINXP\System32\alg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINXP\system32\hkcmd.exe
C:\WINXP\system32\igfxpers.exe
C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINXP\system32\wbem\wmiprvse.exe
C:\WINXP\System32\svchost.exe -k netsvcs
C:\WINXP\system32\svchost.exe -k WudfServiceGroup
C:\WINXP\system32\svchost.exe -k NetworkService
C:\WINXP\system32\svchost.exe -k LocalService
C:\WINXP\system32\svchost.exe -k LocalService
C:\WINXP\system32\svchost.exe -k imgsvc
C:\WINXP\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Foxit Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - 
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Foxit Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - 
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Foxit Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - 
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\winxp\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [EPSON Stylus CX4800 Series] c:\winxp\system32\spool\drivers\w32x86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /M "Stylus CX4800" /EF "HKCU"
uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [A24802D8E0033B87C7A71FBB6D39DEF74469BA10._service_run] "c:\documents and settings\administrator\local settings\application data\google\chrome\application\chrome.exe" --type=service
uRun: [CmTray] "c:\program files\content manager\launchCM.exe"
mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxtray] c:\winxp\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\winxp\system32\hkcmd.exe
mRun: [igfxpers] c:\winxp\system32\igfxpers.exe
mRun: [EPSON Stylus CX4800 Series] c:\winxp\system32\spool\drivers\w32x86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6574BEB9-0320-4B59-8DB6-D7C6A2DD3522} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winxp\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\winxp\system32\drivers\MpFilter.sys [2010-3-25 214696]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\winxp\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\winxp\system32\drivers\ssudbus.sys [2013-1-20 83168]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\winxp\system32\drivers\libusb0.sys [2011-12-19 21504]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\winxp\system32\drivers\ssudmdm.sys [2013-1-20 181344]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winxp\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 756392]
.
=============== File Associations ===============
.
ShellExec: Foxit Reader.exe: print="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/p "%1" 
ShellExec: Foxit Reader.exe: printto="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4" 
.
=============== Created Last 30 ================
.
2014-03-28 21:58:39 107736 ----a-w- c:\winxp\system32\drivers\MBAMSwissArmy.sys
2014-03-28 21:58:07 50648 ----a-w- c:\winxp\system32\drivers\mbamchameleon.sys
2014-03-28 21:58:07 23256 ----a-w- c:\winxp\system32\drivers\mbam.sys
2014-03-28 21:58:07 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-03-28 21:58:07 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2014-03-28 19:27:36 -------- d-----w- c:\winxp\system32\MRT
2014-03-28 19:19:00 7969936 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b77bc54-6dbf-43e6-a76d-f81d7f444497}\mpengine.dll
2014-03-28 19:10:28 13312 -c----w- c:\winxp\system32\dllcache\xp_eos.exe
2014-03-28 19:10:28 13312 ------w- c:\winxp\system32\xp_eos.exe
2014-03-14 13:00:40 7947048 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
.
==================== Find3M  ====================
.
2014-03-12 02:05:48 71048 ----a-w- c:\winxp\system32\FlashPlayerCPLApp.cpl
2014-03-12 02:05:48 692616 ----a-w- c:\winxp\system32\FlashPlayerApp.exe
2014-03-12 02:05:33 5128584 ----a-w- c:\winxp\system32\FlashPlayerInstaller.exe
2014-02-24 11:46:36 920064 ----a-w- c:\winxp\system32\wininet.dll
2014-02-24 11:45:58 43520 ----a-w- c:\winxp\system32\licmgr10.dll
2014-02-24 11:45:57 1469440 ----a-w- c:\winxp\system32\inetcpl.cpl
2014-02-24 11:45:42 18944 ----a-w- c:\winxp\system32\corpol.dll
2014-02-24 10:54:21 385024 ----a-w- c:\winxp\system32\html.iec
2014-02-07 02:01:37 1879040 ----a-w- c:\winxp\system32\win32k.sys
2014-02-05 08:55:04 562688 ----a-w- c:\winxp\system32\qedit.dll
2014-01-19 07:32:23 231584 ------w- c:\winxp\system32\MpSigStub.exe
2014-01-04 03:13:05 420864 ----a-w- c:\winxp\system32\vbscript.dll
.
============= FINISH: 21:18:59.42 ===============
 

 

attach.txt

Link to post
Share on other sites

  • Root Admin

Sorry for the delay.

 

This is used when the infection involved is designed to steal your data and pass it along to some control center.  You should not use this computer for any type of banking or other secure operation until it has been cleaned or rebuilt.  Do not change passwords from this computer either.  You should log onto a known clean computer and change passwords if needed.

 

Let me have you run the following scanner and post back the log.

 

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

I have found that MSE has quarantined Trojan.Vundo.AB back in February. I am thinking that Trojan.Vundo had something to do with the Stolen.Data or the Hijack.Userinit. Here is the log from the event viewer:

 

Microsoft Antimalware has detected malware or other potentially unwanted software.
 For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Vundo.AB&threatid=2147684724
     Name: TrojanDropper:Win32/Vundo.AB
     ID: 2147684724
     Severity: Severe
     Category: Trojan Dropper
     Path: containerfile:_C:\Documents and Settings\Administrator\My Documents\Downloads\free_bookwolf_com.zip;file:_C:\Documents and Settings\Administrator\My Documents\Downloads\free_bookwolf_com.zip->free_bookwolf_com.exe
     Detection Origin: Local machine
     Detection Type: Concrete
     Detection Source: Downloads and attachments
     User: GORDON-30421596\Administrator
     Process Name: Unknown
     Signature Version: AV: 1.167.573.0, AS: 1.167.573.0, NIS: 0.0.0.0
     Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0

Link to post
Share on other sites

  • Root Admin

Sorry for the delay.  I did reply to you already but it looks like the board lost connection when I replied.  Then when I closed my browser all was gone.
 
Anyway.... please run the following
 
Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

 

Then restart the computer and run the following and post back the logs

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.


 

 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01

Ran by Administrator (administrator) on GORDON-30421596 on 04-04-2014 22:55:24

Running from C:\Documents and Settings\Administrator\Desktop

Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(Microsoft Corporation) C:\WINXP\System32\smss.exe

(Microsoft Corporation) C:\WINXP\system32\csrss.exe

(Microsoft Corporation) C:\WINXP\system32\winlogon.exe

(Microsoft Corporation) C:\WINXP\system32\services.exe

(Microsoft Corporation) C:\WINXP\system32\lsass.exe

(Microsoft Corporation) C:\WINXP\system32\svchost.exe

(Microsoft Corporation) C:\WINXP\system32\svchost.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\WINXP\System32\svchost.exe

(Microsoft Corporation) C:\WINXP\system32\svchost.exe

(Microsoft Corporation) C:\WINXP\system32\svchost.exe

(Microsoft Corporation) C:\WINXP\system32\svchost.exe

(Microsoft Corporation) C:\WINXP\system32\spoolsv.exe

(Microsoft Corporation) C:\WINXP\system32\svchost.exe

(Microsoft Corporation) C:\WINXP\Explorer.EXE

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation) C:\WINXP\system32\svchost.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Oracle Corporation) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

() C:\Program Files\CDBurnerXP\NMSAccessU.exe

(Smart Link) C:\WINXP\system32\slserv.exe

(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe

(Microsoft Corporation) C:\WINXP\system32\svchost.exe

(Intel Corporation) C:\WINXP\system32\hkcmd.exe

(Intel Corporation) C:\WINXP\system32\igfxpers.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

(SEIKO EPSON CORPORATION) C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE

(Microsoft Corporation) C:\WINXP\system32\wuauclt.exe

(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

(Samsung) C:\Program Files\Samsung\Kies\Kies.exe

(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

() C:\Program Files\Content Manager\CmTray.exe

(Microsoft Corporation) C:\WINXP\system32\wbem\wmiprvse.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\WINXP\System32\alg.exe

(Microsoft Corporation) C:\WINXP\System32\svchost.exe

(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [soundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)

HKLM\...\Run: [igfxtray] - C:\WINXP\system32\igfxtray.exe [94208 2005-09-20] (Intel Corporation)

HKLM\...\Run: [igfxhkcmd] - C:\WINXP\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)

HKLM\...\Run: [igfxpers] - C:\WINXP\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)

HKLM\...\Run: [EPSON Stylus CX4800 Series] - C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE [98304 2005-02-02] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)

HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)

HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)

HKLM\...\Winlogon: [userinit] C:\WINXP\system32\userinit.exe,

HKLM\...\Winlogon: [shell] Explorer.exe [x ] ()

HKLM\...\Winlogon: [uIHost] logonui.exe [x ] ()

Winlogon\Notify\crypt32chain: C:\WINXP\system32\crypt32.dll (Microsoft Corporation)

Winlogon\Notify\cryptnet: C:\WINXP\system32\cryptnet.dll (Microsoft Corporation)

Winlogon\Notify\cscdll: C:\WINXP\system32\cscdll.dll (Microsoft Corporation)

Winlogon\Notify\dimsntfy: C:\WINXP\System32\dimsntfy.dll (Microsoft Corporation)

Winlogon\Notify\igfxcui: C:\WINXP\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\ScCertProp: C:\WINXP\system32\wlnotify.dll (Microsoft Corporation)

Winlogon\Notify\Schedule: C:\WINXP\system32\wlnotify.dll (Microsoft Corporation)

Winlogon\Notify\sclgntfy: C:\WINXP\system32\sclgntfy.dll (Microsoft Corporation)

Winlogon\Notify\SensLogn: C:\WINXP\system32\WlNotify.dll (Microsoft Corporation)

Winlogon\Notify\termsrv: C:\WINXP\system32\wlnotify.dll (Microsoft Corporation)

Winlogon\Notify\WgaLogon: C:\WINXP\system32\WgaLogon.dll (Microsoft Corporation)

Winlogon\Notify\wlballoon: C:\WINXP\system32\wlnotify.dll (Microsoft Corporation)

HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation)

HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-26] (Google Inc.)

HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [cdloader] - C:\Documents and Settings\Administrator\Application Data\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)

HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [EPSON Stylus CX4800 Series] - C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE [98304 2005-02-02] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5717272 2013-12-15] (SUPERAntiSpyware)

HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)

HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [A24802D8E0033B87C7A71FBB6D39DEF74469BA10._service_run] - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [859976 2014-03-14] (Google Inc.)

HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [CmTray] - C:\Program Files\Content Manager\launchCM.exe [94208 2011-12-28] ()

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF3A86FAA785BCB01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm

SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)


DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINXP\system32\urlmon.dll (Microsoft Corporation)

Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINXP\system32\wiascr.dll (Microsoft Corporation)

Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINXP\system32\SHELL32.dll (Microsoft Corporation)

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)

ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

Chrome: 

=======

CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-21]

CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

 

========================== Services (Whitelisted) =================

 

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)

S3 AdobeFlashPlayerUpdateSvc; C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe [257928 2014-03-11] (Adobe Systems Incorporated)

S4 Alerter; C:\WINXP\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation)

R3 ALG; C:\WINXP\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation)

S3 AppMgmt; C:\WINXP\System32\appmgmts.dll [167936 2008-04-14] (Microsoft Corporation)

S3 aspnet_state; C:\WINXP\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [35160 2010-03-18] (Microsoft Corporation)

R2 AudioSrv; C:\WINXP\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation)

R2 BITS; C:\WINXP\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation)

R2 Browser; C:\WINXP\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation)

S3 CiSvc; C:\WINXP\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation)

S3 ClipSrv; C:\WINXP\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation)

S4 clr_optimization_v2.0.50727_32; C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)

S2 clr_optimization_v4.0.30319_32; C:\WINXP\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)

S3 COMSysApp; C:\WINXP\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)

R2 CryptSvc; C:\WINXP\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation)

R2 DcomLaunch; C:\WINXP\system32\rpcss.dll [401408 2010-09-16] (Microsoft Corporation)

R2 Dhcp; C:\WINXP\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation)

S3 dmadmin; C:\WINXP\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software)

R2 dmserver; C:\WINXP\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.)

R2 Dnscache; C:\WINXP\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation)

S3 Dot3svc; C:\WINXP\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation)

S3 EapHost; C:\WINXP\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation)

R2 ERSvc; C:\WINXP\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation)

R2 Eventlog; C:\WINXP\system32\services.exe [110592 2010-09-16] (Microsoft Corporation)

R3 EventSystem; C:\WINXP\system32\es.dll [253952 2010-09-16] (Microsoft Corporation)

R3 FastUserSwitchingCompatibility; C:\WINXP\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)

S3 FontCache3.0.0.0; c:\WINXP\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)

R2 helpsvc; C:\WINXP\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation)

R2 HidServ; C:\WINXP\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation)

S3 hkmsvc; C:\WINXP\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation)

R3 HTTPFilter; C:\WINXP\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation)

S3 idsvc; c:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)

S3 ImapiService; C:\WINXP\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation)

R2 JavaQuickStarterService; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [161704 2012-07-05] (Oracle Corporation)

S2 KMService; C:\WINXP\system32\srvany.exe [8192 2012-08-03] ()

R2 LanmanServer; C:\WINXP\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation)

R2 lanmanworkstation; C:\WINXP\System32\wkssvc.dll [134144 2010-09-16] (Microsoft Corporation)

R2 LmHosts; C:\WINXP\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation)

S4 Messenger; C:\WINXP\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation)

S3 mnmsrvc; C:\WINXP\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)

S3 MSDTC; C:\WINXP\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation)

S3 MSIServer; C:\WINXP\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)

S3 napagent; C:\WINXP\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation)

S4 NetDDE; C:\WINXP\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)

S4 NetDDEdsdm; C:\WINXP\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)

S3 Netlogon; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)

R3 Netman; C:\WINXP\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation)

S4 NetTcpPortSharing; c:\WINXP\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)

R3 Nla; C:\WINXP\System32\mswsock.dll [245248 2010-09-16] (Microsoft Corporation)

R2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()

S3 NtLmSsp; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)

S3 NtmsSvc; C:\WINXP\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation)

R2 PlugPlay; C:\WINXP\system32\services.exe [110592 2010-09-16] (Microsoft Corporation)

R2 PolicyAgent; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)

R2 ProtectedStorage; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)

S3 RasAuto; C:\WINXP\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation)

R3 RasMan; C:\WINXP\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation)

S3 RDSessMgr; C:\WINXP\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation)

S4 RemoteAccess; C:\WINXP\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation)

R2 RemoteRegistry; C:\WINXP\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation)

S3 RpcLocator; C:\WINXP\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation)

R2 RpcSs; C:\WINXP\System32\rpcss.dll [401408 2010-09-16] (Microsoft Corporation)

S3 RSVP; C:\WINXP\system32\rsvp.exe [132608 2008-04-14] (Microsoft Corporation)

R2 SamSs; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)

S3 SCardSvr; C:\WINXP\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation)

R2 Schedule; C:\WINXP\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation)

R2 seclogon; C:\WINXP\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation)

R2 SENS; C:\WINXP\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation)

R2 SharedAccess; C:\WINXP\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation)

R2 ShellHWDetection; C:\WINXP\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)

R2 SLService; C:\WINXP\system32\slserv.exe [73796 2008-04-14] (Smart Link)

R2 Spooler; C:\WINXP\system32\spoolsv.exe [58880 2010-09-16] (Microsoft Corporation)

R2 srservice; C:\WINXP\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)

R3 SSDPSRV; C:\WINXP\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation)

R2 stisvc; C:\WINXP\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation)

S3 SwPrv; C:\WINXP\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)

S3 SysmonLog; C:\WINXP\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation)

R3 TapiSrv; C:\WINXP\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation)

R3 TermService; C:\WINXP\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation)

R2 Themes; C:\WINXP\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)

S3 TlntSvr; C:\WINXP\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation)

R2 TrkWks; C:\WINXP\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation)

R3 upnphost; C:\WINXP\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation)

S3 UPS; C:\WINXP\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation)

S3 VSS; C:\WINXP\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation)

R2 W32Time; C:\WINXP\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation)

R2 WebClient; C:\WINXP\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation)

R2 winmgmt; C:\WINXP\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation)

S3 WmdmPmSN; C:\WINXP\system32\mspmsnsv.dll [27136 2010-09-16] (Microsoft Corporation)

S3 Wmi; C:\WINXP\System32\advapi32.dll [617472 2010-09-16] (Microsoft Corporation)

S3 WmiApSrv; C:\WINXP\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation)

S3 WPFFontCache_v0400; C:\WINXP\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [756392 2013-07-20] (Microsoft Corporation)

R2 wscsvc; C:\WINXP\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation)

R2 wuauserv; C:\WINXP\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation)

R2 WudfSvc; C:\WINXP\System32\WUDFSvc.dll [55808 2010-09-16] (Microsoft Corporation)

R2 WZCSVC; C:\WINXP\System32\wzcsvc.dll [483840 2010-09-16] (Microsoft Corporation)

S3 xmlprov; C:\WINXP\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R0 ACPI; C:\WINXP\System32\DRIVERS\ACPI.sys [187776 2008-04-14] (Microsoft Corporation)

S4 ACPIEC; C:\WINXP\system32\Drivers\ACPIEC.sys [11648 2008-04-14] (Microsoft Corporation)

S3 aec; C:\WINXP\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)

R1 AFD; C:\WINXP\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation)

S3 AsyncMac; C:\WINXP\System32\DRIVERS\asyncmac.sys [14336 2008-04-14] (Microsoft Corporation)

R0 atapi; C:\WINXP\System32\DRIVERS\atapi.sys [96512 2008-04-14] (Microsoft Corporation)

S3 Atmarpc; C:\WINXP\System32\DRIVERS\atmarpc.sys [59904 2008-04-14] (Microsoft Corporation)

R3 audstub; C:\WINXP\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)

R1 Beep; C:\WINXP\system32\Drivers\Beep.sys [4224 2008-04-14] (Microsoft Corporation)

S4 cbidf2k; C:\WINXP\system32\Drivers\cbidf2k.sys [13952 2008-04-14] (Microsoft Corporation)

S1 Cdaudio; C:\WINXP\system32\Drivers\Cdaudio.sys [18688 2010-09-16] (Microsoft Corporation)

R4 Cdfs; C:\WINXP\system32\Drivers\Cdfs.sys [63744 2008-04-14] (Microsoft Corporation)

R1 Cdrom; C:\WINXP\System32\DRIVERS\cdrom.sys [62976 2008-04-14] (Microsoft Corporation)

S3 dg_ssudbus; C:\WINXP\System32\DRIVERS\ssudbus.sys [83168 2012-09-20] (DEVGURU Co., LTD.(www.devguru.co.kr))

R0 Disk; C:\WINXP\System32\DRIVERS\disk.sys [36352 2008-04-14] (Microsoft Corporation)

S4 dmboot; C:\WINXP\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp., Veritas Software)

R0 dmio; C:\WINXP\System32\drivers\dmio.sys [153344 2008-04-14] (Microsoft Corp., Veritas Software)

R0 dmload; C:\WINXP\System32\drivers\dmload.sys [5888 2008-04-14] (Microsoft Corp., Veritas Software.)

S3 DMusic; C:\WINXP\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation)

S3 drmkaud; C:\WINXP\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation)

R3 E100B; C:\WINXP\System32\DRIVERS\e100b325.sys [154112 2004-02-10] (Intel Corporation)

S4 Fastfat; C:\WINXP\system32\Drivers\Fastfat.sys [143744 2008-04-14] (Microsoft Corporation)

R3 Fdc; C:\WINXP\System32\DRIVERS\fdc.sys [27392 2008-04-14] (Microsoft Corporation)

R1 Fips; C:\WINXP\system32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation)

R3 Flpydisk; C:\WINXP\System32\DRIVERS\flpydisk.sys [20480 2008-04-14] (Microsoft Corporation)

R0 FltMgr; C:\WINXP\System32\DRIVERS\fltMgr.sys [129792 2008-04-14] (Microsoft Corporation)

U1 Fs_Rec; C:\WINXP\system32\Drivers\Fs_Rec.sys [7936 2008-04-14] (Microsoft Corporation)

R0 Ftdisk; C:\WINXP\System32\DRIVERS\ftdisk.sys [125056 2008-04-14] (Microsoft Corporation)

R3 GEARAspiWDM; C:\WINXP\System32\DRIVERS\GEARAspiWDM.sys [26600 2009-05-18] (GEAR Software Inc.)

R3 Gpc; C:\WINXP\System32\DRIVERS\msgpc.sys [35072 2008-04-14] (Microsoft Corporation)

R3 hidusb; C:\WINXP\System32\DRIVERS\hidusb.sys [10368 2008-04-14] (Microsoft Corporation)

R3 HTTP; C:\WINXP\System32\Drivers\HTTP.sys [265728 2010-09-16] (Microsoft Corporation)

S1 i8042prt; C:\WINXP\system32\Drivers\i8042prt.sys [52480 2008-04-14] (Microsoft Corporation)

R3 ialm; C:\WINXP\System32\DRIVERS\ialmnt5.sys [1302332 2005-09-20] (Intel Corporation)

R1 Imapi; C:\WINXP\System32\DRIVERS\imapi.sys [42112 2008-04-14] (Microsoft Corporation)

R0 IntelIde; C:\WINXP\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation)

R1 intelppm; C:\WINXP\System32\DRIVERS\intelppm.sys [36352 2008-04-14] (Microsoft Corporation)

S3 Ip6Fw; C:\WINXP\System32\DRIVERS\Ip6Fw.sys [36608 2008-04-14] (Microsoft Corporation)

S3 IpFilterDriver; C:\WINXP\System32\DRIVERS\ipfltdrv.sys [32896 2008-04-14] (Microsoft Corporation)

S3 IpInIp; C:\WINXP\System32\DRIVERS\ipinip.sys [20864 2008-04-14] (Microsoft Corporation)

R3 IpNat; C:\WINXP\System32\DRIVERS\ipnat.sys [152832 2008-04-14] (Microsoft Corporation)

R1 IPSec; C:\WINXP\System32\DRIVERS\ipsec.sys [75264 2008-04-14] (Microsoft Corporation)

S3 IRENUM; C:\WINXP\System32\DRIVERS\irenum.sys [11264 2008-04-14] (Microsoft Corporation)

R0 isapnp; C:\WINXP\System32\DRIVERS\isapnp.sys [37248 2008-04-14] (Microsoft Corporation)

R1 Kbdclass; C:\WINXP\System32\DRIVERS\kbdclass.sys [24576 2008-04-14] (Microsoft Corporation)

R1 kbdhid; C:\WINXP\System32\DRIVERS\kbdhid.sys [14592 2008-04-14] (Microsoft Corporation)

S3 kmixer; C:\WINXP\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation)

R0 KSecDD; C:\WINXP\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation)

S3 libusb0; C:\WINXP\System32\drivers\libusb0.sys [21504 2011-12-19] (http://libusb-win32.sourceforge.net)

R1 mnmdd; C:\WINXP\system32\Drivers\mnmdd.sys [4224 2008-04-14] (Microsoft Corporation)

R3 Modem; C:\WINXP\system32\Drivers\Modem.sys [30080 2010-09-16] (Microsoft Corporation)

R3 MODEMCSA; C:\WINXP\System32\drivers\MODEMCSA.sys [16128 2001-08-17] (Microsoft Corporation)

R1 Mouclass; C:\WINXP\System32\DRIVERS\mouclass.sys [23040 2010-09-16] (Microsoft Corporation)

R3 mouhid; C:\WINXP\System32\DRIVERS\mouhid.sys [12160 2010-09-16] (Microsoft Corporation)

R0 MountMgr; C:\WINXP\system32\Drivers\MountMgr.sys [42368 2008-04-14] (Microsoft Corporation)

R0 MpFilter; C:\WINXP\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)

R3 MRxDAV; C:\WINXP\System32\DRIVERS\mrxdav.sys [180608 2008-04-14] (Microsoft Corporation)

R1 MRxSmb; C:\WINXP\System32\DRIVERS\mrxsmb.sys [457856 2011-07-15] (Microsoft Corporation)

R1 Msfs; C:\WINXP\system32\Drivers\Msfs.sys [19072 2008-04-14] (Microsoft Corporation)

S3 MSKSSRV; C:\WINXP\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation)

S3 MSPCLOCK; C:\WINXP\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation)

S3 MSPQM; C:\WINXP\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation)

R3 mssmbios; C:\WINXP\System32\DRIVERS\mssmbios.sys [15488 2010-09-16] (Microsoft Corporation)

R3 Mtlmnt5; C:\WINXP\System32\DRIVERS\Mtlmnt5.sys [126686 2008-04-13] (Smart Link)

S3 Mtlstrm; C:\WINXP\System32\DRIVERS\Mtlstrm.sys [1309184 2008-04-13] (Smart Link)

R0 Mup; C:\WINXP\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation)

R0 NDIS; C:\WINXP\system32\Drivers\NDIS.sys [182656 2008-04-14] (Microsoft Corporation)

R3 NdisTapi; C:\WINXP\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation)

R3 Ndisuio; C:\WINXP\System32\DRIVERS\ndisuio.sys [14592 2010-09-16] (Microsoft Corporation)

R3 NdisWan; C:\WINXP\System32\DRIVERS\ndiswan.sys [91520 2008-04-14] (Microsoft Corporation)

R3 NDProxy; C:\WINXP\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation)

R1 NetBIOS; C:\WINXP\System32\DRIVERS\netbios.sys [34688 2008-04-14] (Microsoft Corporation)

R1 NetBT; C:\WINXP\System32\DRIVERS\netbt.sys [162816 2008-04-14] (Microsoft Corporation)

R1 Npfs; C:\WINXP\system32\Drivers\Npfs.sys [30848 2008-04-14] (Microsoft Corporation)

R4 Ntfs; C:\WINXP\system32\Drivers\Ntfs.sys [574976 2008-04-14] (Microsoft Corporation)

S3 NtMtlFax; C:\WINXP\System32\DRIVERS\NtMtlFax.sys [180360 2008-04-13] (Smart Link)

R1 Null; C:\WINXP\system32\Drivers\Null.sys [2944 2008-04-14] (Microsoft Corporation)

S3 NwlnkFlt; C:\WINXP\System32\DRIVERS\nwlnkflt.sys [12416 2008-04-14] (Microsoft Corporation)

S3 NwlnkFwd; C:\WINXP\System32\DRIVERS\nwlnkfwd.sys [32512 2008-04-14] (Microsoft Corporation)

R3 Parport; C:\WINXP\System32\DRIVERS\parport.sys [80128 2010-09-16] (Microsoft Corporation)

R0 PartMgr; C:\WINXP\system32\Drivers\PartMgr.sys [19712 2008-04-14] (Microsoft Corporation)

R2 ParVdm; C:\WINXP\system32\Drivers\ParVdm.sys [6784 2008-04-14] (Microsoft Corporation)

R0 PCI; C:\WINXP\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation)

R0 PCIIde; C:\WINXP\system32\Drivers\PCIIde.sys [3328 2008-04-14] (Microsoft Corporation)

S4 Pcmcia; C:\WINXP\system32\Drivers\Pcmcia.sys [120192 2008-04-14] (Microsoft Corporation)

R3 PptpMiniport; C:\WINXP\System32\DRIVERS\raspptp.sys [48384 2008-04-14] (Microsoft Corporation)

R3 PSched; C:\WINXP\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation)

R3 Ptilink; C:\WINXP\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.)

R1 RasAcd; C:\WINXP\System32\DRIVERS\rasacd.sys [8832 2008-04-14] (Microsoft Corporation)

R3 Rasl2tp; C:\WINXP\System32\DRIVERS\rasl2tp.sys [51328 2008-04-14] (Microsoft Corporation)

R3 RasPppoe; C:\WINXP\System32\DRIVERS\raspppoe.sys [41472 2008-04-14] (Microsoft Corporation)

R3 Raspti; C:\WINXP\System32\DRIVERS\raspti.sys [16512 2008-04-14] (Microsoft Corporation)

R1 Rdbss; C:\WINXP\System32\DRIVERS\rdbss.sys [175744 2008-04-14] (Microsoft Corporation)

R1 RDPCDD; C:\WINXP\System32\DRIVERS\RDPCDD.sys [4224 2008-04-14] (Microsoft Corporation)

R3 rdpdr; C:\WINXP\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation)

S3 RDPWD; C:\WINXP\system32\Drivers\RDPWD.sys [139784 2012-07-04] (Microsoft Corporation)

R0 RecAgent; C:\WINXP\System32\DRIVERS\RecAgent.sys [13776 2008-04-13] (Smart Link)

R1 redbook; C:\WINXP\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 Secdrv; C:\WINXP\System32\DRIVERS\secdrv.sys [20480 2008-04-14] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

R3 senfilt; C:\WINXP\System32\drivers\senfilt.sys [732928 2004-09-17] (Creative Technology Ltd.)

R3 serenum; C:\WINXP\System32\DRIVERS\serenum.sys [15744 2008-04-14] (Microsoft Corporation)

R1 Serial; C:\WINXP\System32\DRIVERS\serial.sys [64512 2008-04-14] (Microsoft Corporation)

S1 Sfloppy; C:\WINXP\system32\Drivers\Sfloppy.sys [11392 2008-04-14] (Microsoft Corporation)

R3 Slntamr; C:\WINXP\System32\DRIVERS\slntamr.sys [404990 2008-04-13] (Smart Link)

S3 SlNtHal; C:\WINXP\System32\DRIVERS\Slnthal.sys [95424 2008-04-13] (Smart Link)

R3 SlWdmSup; C:\WINXP\System32\DRIVERS\SlWdmSup.sys [13240 2008-04-13] (Smart Link)

R3 smwdm; C:\WINXP\System32\drivers\smwdm.sys [260352 2005-01-27] (Analog Devices, Inc.)

S3 splitter; C:\WINXP\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation)

R0 sptd; C:\WINXP\System32\Drivers\sptd.sys [691696 2010-09-25] ()

R0 sr; C:\WINXP\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation)

R3 Srv; C:\WINXP\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation)

S3 ssudmdm; C:\WINXP\System32\DRIVERS\ssudmdm.sys [181344 2012-09-20] (DEVGURU Co., LTD.(www.devguru.co.kr))

R2 StarOpen; C:\WINXP\system32\Drivers\StarOpen.sys [5504 2012-06-03] ()

R3 swenum; C:\WINXP\System32\DRIVERS\swenum.sys [4352 2010-09-16] (Microsoft Corporation)

S3 swmidi; C:\WINXP\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation)

R3 sysaudio; C:\WINXP\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation)

R1 Tcpip; C:\WINXP\System32\DRIVERS\tcpip.sys [361600 2010-09-16] (Microsoft Corporation)

S3 TDPIPE; C:\WINXP\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation)

S3 TDTCP; C:\WINXP\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation)

R1 TermDD; C:\WINXP\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation)

S4 Udfs; C:\WINXP\system32\Drivers\Udfs.sys [66048 2008-04-14] (Microsoft Corporation)

R3 Update; C:\WINXP\System32\DRIVERS\update.sys [384768 2008-04-14] (Microsoft Corporation)

S3 USBAAPL; C:\WINXP\System32\Drivers\usbaapl.sys [43520 2012-04-25] (Apple, Inc.)

S3 usbaudio; C:\WINXP\System32\drivers\usbaudio.sys [60160 2013-07-16] (Microsoft Corporation)

R3 usbccgp; C:\WINXP\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Microsoft Corporation)

R3 usbehci; C:\WINXP\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation)

R3 usbhub; C:\WINXP\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation)

R3 usbprint; C:\WINXP\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation)

R3 usbscan; C:\WINXP\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Microsoft Corporation)

R3 usbstor; C:\WINXP\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-14] (Microsoft Corporation)

R3 usbuhci; C:\WINXP\System32\DRIVERS\usbuhci.sys [20608 2008-04-14] (Microsoft Corporation)

R1 VgaSave; C:\WINXP\System32\drivers\vga.sys [20992 2008-04-14] (Microsoft Corporation)

R0 VolSnap; C:\WINXP\system32\Drivers\VolSnap.sys [52352 2008-04-14] (Microsoft Corporation)

R3 Wanarp; C:\WINXP\System32\DRIVERS\wanarp.sys [34560 2008-04-14] (Microsoft Corporation)

S3 Wdf01000; C:\WINXP\System32\Drivers\wdf01000.sys [503008 2008-03-27] (Microsoft Corporation)

R3 wdmaud; C:\WINXP\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation)

S3 WinUSB; C:\WINXP\System32\DRIVERS\WinUSB.sys [39368 2006-11-02] (Microsoft Corporation)

S3 WpdUsb; C:\WINXP\System32\DRIVERS\wpdusb.sys [38528 2010-09-16] (Microsoft Corporation)

R1 WS2IFSL; C:\WINXP\System32\drivers\ws2ifsl.sys [12032 2008-04-14] (Microsoft Corporation)

R0 WudfPf; C:\WINXP\System32\DRIVERS\WudfPf.sys [77568 2010-09-16] (Microsoft Corporation)

S3 WudfRd; C:\WINXP\System32\DRIVERS\wudfrd.sys [82944 2010-09-16] (Microsoft Corporation)

U3 ac6gc95s; C:\WINXP\system32\Drivers\ac6gc95s.sys [0 ] (Microsoft Corporation)

S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-04-04 22:55 - 2014-04-04 22:55 - 00033563 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt

2014-04-04 22:54 - 2014-04-04 22:55 - 00000000 ____D () C:\FRST

2014-04-04 22:49 - 2014-04-04 22:50 - 01145856 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe

2014-04-04 22:49 - 2014-04-04 22:49 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\TFC.exe

2014-04-01 12:53 - 2014-04-01 12:53 - 00012953 _____ () C:\ComboFix.txt

2014-04-01 12:37 - 2014-04-01 12:37 - 00000000 _RSHD () C:\cmdcons

2014-04-01 12:37 - 2010-09-23 20:08 - 00000207 _____ () C:\Boot.bak

2014-04-01 12:37 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr

2014-04-01 12:33 - 2014-04-01 12:53 - 00000000 ____D () C:\Qoobox

2014-04-01 12:33 - 2014-04-01 12:52 - 00000000 ____D () C:\WINXP\erdnt

2014-04-01 12:33 - 2011-06-26 03:45 - 00256000 _____ () C:\WINXP\PEV.exe

2014-04-01 12:33 - 2010-11-07 14:20 - 00208896 _____ () C:\WINXP\MBR.exe

2014-04-01 12:33 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\WINXP\NIRCMD.exe

2014-04-01 12:33 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\WINXP\SWREG.exe

2014-04-01 12:33 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\WINXP\SWSC.exe

2014-04-01 12:33 - 2000-08-30 21:00 - 00212480 _____ (SteelWerX) C:\WINXP\SWXCACLS.exe

2014-04-01 12:33 - 2000-08-30 21:00 - 00098816 _____ () C:\WINXP\sed.exe

2014-04-01 12:33 - 2000-08-30 21:00 - 00080412 _____ () C:\WINXP\grep.exe

2014-04-01 12:33 - 2000-08-30 21:00 - 00068096 _____ () C:\WINXP\zip.exe

2014-04-01 12:32 - 2014-04-01 12:32 - 00000058 _____ () C:\Documents and Settings\Administrator\Desktop\mb1.txt

2014-04-01 12:29 - 2014-04-01 12:30 - 05192353 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

2014-03-28 21:19 - 2014-03-28 21:19 - 00021526 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt

2014-03-28 21:19 - 2014-03-28 21:18 - 00010815 _____ () C:\Documents and Settings\Administrator\Desktop\dds.txt

2014-03-28 21:17 - 2014-04-04 22:52 - 00000234 _____ () C:\WINXP\Tasks\Microsoft Windows XP End of Service Notification Logon.job

2014-03-28 21:17 - 2014-04-01 12:26 - 00000228 _____ () C:\WINXP\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

2014-03-28 19:49 - 2014-03-28 19:49 - 00014666 _____ () C:\Documents and Settings\Administrator\Desktop\mbam1.xml

2014-03-28 19:49 - 2014-03-28 19:49 - 00004969 _____ () C:\Documents and Settings\Administrator\Desktop\mbam1.txt

2014-03-28 18:58 - 2014-04-01 14:54 - 00107736 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\MBAMSwissArmy.sys

2014-03-28 18:58 - 2014-03-28 18:58 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2014-03-28 18:58 - 2014-03-28 18:58 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-03-28 18:58 - 2014-03-28 18:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware

2014-03-28 18:58 - 2014-03-28 18:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes

2014-03-28 18:58 - 2014-03-05 09:26 - 00050648 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\mbamchameleon.sys

2014-03-28 18:58 - 2014-03-05 09:26 - 00023256 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\mbam.sys

2014-03-28 16:31 - 2014-03-28 16:31 - 00011467 _____ () C:\WINXP\KB2934207.log

2014-03-28 16:31 - 2014-03-28 16:31 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2934207$

2014-03-28 16:27 - 2014-03-28 16:31 - 00000000 ____D () C:\WINXP\system32\MRT

2014-03-28 16:10 - 2014-02-25 22:59 - 00013312 ____N (Microsoft Corporation) C:\WINXP\system32\xp_eos.exe

2014-03-28 16:10 - 2014-02-25 22:59 - 00013312 ____C (Microsoft Corporation) C:\WINXP\system32\dllcache\xp_eos.exe

2014-03-12 03:04 - 2014-03-12 03:04 - 00019695 _____ () C:\WINXP\KB2925418-IE8.log

2014-03-12 03:03 - 2014-03-12 03:03 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2929961$

2014-03-12 03:02 - 2014-03-12 03:02 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2930275$

2014-03-11 22:49 - 2014-03-12 03:03 - 00024160 _____ () C:\WINXP\KB2929961.log

2014-03-11 22:48 - 2014-03-12 03:02 - 00025476 _____ () C:\WINXP\KB2930275.log

 

==================== One Month Modified Files and Folders =======

 

2014-04-04 22:55 - 2014-04-04 22:55 - 00033563 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt

2014-04-04 22:55 - 2014-04-04 22:54 - 00000000 ____D () C:\FRST

2014-04-04 22:53 - 2010-09-23 20:12 - 01932232 _____ () C:\WINXP\WindowsUpdate.log

2014-04-04 22:52 - 2014-03-28 21:17 - 00000234 _____ () C:\WINXP\Tasks\Microsoft Windows XP End of Service Notification Logon.job

2014-04-04 22:52 - 2010-10-26 19:12 - 00000896 _____ () C:\WINXP\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-04 22:52 - 2010-09-23 20:18 - 00000006 ____H () C:\WINXP\Tasks\SA.DAT

2014-04-04 22:52 - 2010-09-23 17:04 - 00000159 _____ () C:\WINXP\wiadebug.log

2014-04-04 22:52 - 2010-09-23 17:04 - 00000048 _____ () C:\WINXP\wiaservc.log

2014-04-04 22:52 - 2008-04-14 09:00 - 00002206 _____ () C:\WINXP\system32\wpa.dbl

2014-04-04 22:51 - 2010-09-23 20:18 - 00032544 _____ () C:\WINXP\SchedLgU.Txt

2014-04-04 22:51 - 2010-09-23 20:18 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini

2014-04-04 22:50 - 2014-04-04 22:49 - 01145856 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe

2014-04-04 22:49 - 2014-04-04 22:49 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\TFC.exe

2014-04-04 22:44 - 2010-09-23 16:55 - 00000000 ____D () C:\WINXP

2014-04-04 22:36 - 2011-02-08 19:27 - 00001010 _____ () C:\WINXP\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1972579041-1177238915-500UA.job

2014-04-04 22:34 - 2010-10-26 19:12 - 00000900 _____ () C:\WINXP\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-04 22:05 - 2012-04-08 13:25 - 00000826 _____ () C:\WINXP\Tasks\Adobe Flash Player Updater.job

2014-04-04 12:36 - 2011-02-08 19:27 - 00000958 _____ () C:\WINXP\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1972579041-1177238915-500Core.job

2014-04-04 06:16 - 2011-10-20 15:44 - 01088951 _____ () C:\WINXP\KB2481109.log

2014-04-03 10:31 - 2013-10-20 03:23 - 00000384 ____H () C:\WINXP\Tasks\Microsoft Antimalware Scheduled Scan.job

2014-04-02 23:50 - 2012-05-05 03:01 - 00001694 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk

2014-04-02 23:50 - 2011-02-06 16:42 - 00001945 _____ () C:\WINXP\epplauncher.mif

2014-04-02 23:50 - 2011-02-06 16:39 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2014-04-01 14:54 - 2014-03-28 18:58 - 00107736 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\MBAMSwissArmy.sys

2014-04-01 12:53 - 2014-04-01 12:53 - 00012953 _____ () C:\ComboFix.txt

2014-04-01 12:53 - 2014-04-01 12:33 - 00000000 ____D () C:\Qoobox

2014-04-01 12:52 - 2014-04-01 12:33 - 00000000 ____D () C:\WINXP\erdnt

2014-04-01 12:51 - 2008-04-14 09:00 - 00000227 _____ () C:\WINXP\system.ini

2014-04-01 12:37 - 2014-04-01 12:37 - 00000000 _RSHD () C:\cmdcons

2014-04-01 12:37 - 2010-09-23 16:58 - 00000323 __RSH () C:\boot.ini

2014-04-01 12:32 - 2014-04-01 12:32 - 00000058 _____ () C:\Documents and Settings\Administrator\Desktop\mb1.txt

2014-04-01 12:30 - 2014-04-01 12:29 - 05192353 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

2014-04-01 12:26 - 2014-03-28 21:17 - 00000228 _____ () C:\WINXP\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

2014-03-28 21:19 - 2014-03-28 21:19 - 00021526 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt

2014-03-28 21:18 - 2014-03-28 21:19 - 00010815 _____ () C:\Documents and Settings\Administrator\Desktop\dds.txt

2014-03-28 21:16 - 2004-11-08 04:01 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2646524$

2014-03-28 19:52 - 2014-03-01 22:18 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird

2014-03-28 19:49 - 2014-03-28 19:49 - 00014666 _____ () C:\Documents and Settings\Administrator\Desktop\mbam1.xml

2014-03-28 19:49 - 2014-03-28 19:49 - 00004969 _____ () C:\Documents and Settings\Administrator\Desktop\mbam1.txt

2014-03-28 18:58 - 2014-03-28 18:58 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2014-03-28 18:58 - 2014-03-28 18:58 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-03-28 18:58 - 2014-03-28 18:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware

2014-03-28 18:58 - 2014-03-28 18:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes

2014-03-28 16:31 - 2014-03-28 16:31 - 00011467 _____ () C:\WINXP\KB2934207.log

2014-03-28 16:31 - 2014-03-28 16:31 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2934207$

2014-03-28 16:31 - 2014-03-28 16:27 - 00000000 ____D () C:\WINXP\system32\MRT

2014-03-28 16:31 - 2011-11-10 04:06 - 00338520 _____ () C:\WINXP\tsoc.log

2014-03-28 16:31 - 2011-11-10 04:06 - 00244674 _____ () C:\WINXP\comsetup.log

2014-03-28 16:31 - 2011-11-10 04:06 - 00223284 _____ () C:\WINXP\msmqinst.log

2014-03-28 16:31 - 2011-11-10 04:06 - 00148977 _____ () C:\WINXP\ntdtcsetup.log

2014-03-28 16:31 - 2011-11-10 04:06 - 00129960 _____ () C:\WINXP\netfxocm.log

2014-03-28 16:31 - 2011-11-10 04:06 - 00051000 _____ () C:\WINXP\MedCtrOC.log

2014-03-28 16:31 - 2011-11-10 04:06 - 00041040 _____ () C:\WINXP\ocmsn.log

2014-03-28 16:31 - 2011-11-10 04:06 - 00037320 _____ () C:\WINXP\tabletoc.log

2014-03-28 16:31 - 2011-11-10 04:06 - 00037080 _____ () C:\WINXP\msgsocm.log

2014-03-28 16:31 - 2011-11-10 04:06 - 00001374 _____ () C:\WINXP\imsins.log

2014-03-28 16:31 - 2011-11-10 04:05 - 00793000 _____ () C:\WINXP\iis6.log

2014-03-28 16:31 - 2011-11-10 04:05 - 00741443 _____ () C:\WINXP\FaxSetup.log

2014-03-28 16:31 - 2011-11-10 04:05 - 00423600 _____ () C:\WINXP\ocgen.log

2014-03-28 16:24 - 2011-02-08 19:32 - 00002344 _____ () C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk

2014-03-14 10:58 - 2010-09-25 13:44 - 00131072 _____ () C:\WINXP\system32\config\OAlerts.evt

2014-03-14 08:29 - 2014-02-28 15:40 - 01871609 _____ () C:\Documents and Settings\Administrator\Desktop\MultiGenre Slideshow.pptx

2014-03-13 10:01 - 2011-11-01 20:02 - 00152468 _____ () C:\WINXP\setupapi.log

2014-03-13 09:53 - 2010-09-23 17:00 - 00593560 _____ () C:\WINXP\system32\PerfStringBackup.INI

2014-03-12 03:20 - 2010-09-23 16:58 - 00267800 _____ () C:\WINXP\system32\FNTCACHE.DAT

2014-03-12 03:04 - 2014-03-12 03:04 - 00019695 _____ () C:\WINXP\KB2925418-IE8.log

2014-03-12 03:04 - 2011-11-11 04:00 - 00061679 _____ () C:\WINXP\updspapi.log

2014-03-12 03:04 - 2011-11-10 04:06 - 00001374 _____ () C:\WINXP\imsins.BAK

2014-03-12 03:04 - 2010-09-25 13:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help

2014-03-12 03:03 - 2014-03-12 03:03 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2929961$

2014-03-12 03:03 - 2014-03-11 22:49 - 00024160 _____ () C:\WINXP\KB2929961.log

2014-03-12 03:02 - 2014-03-12 03:02 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2930275$

2014-03-12 03:02 - 2014-03-11 22:48 - 00025476 _____ () C:\WINXP\KB2930275.log

2014-03-11 23:05 - 2014-02-07 08:06 - 05128584 _____ (Adobe Systems Incorporated) C:\WINXP\system32\FlashPlayerInstaller.exe

2014-03-11 23:05 - 2012-04-08 13:25 - 00692616 _____ (Adobe Systems Incorporated) C:\WINXP\system32\FlashPlayerApp.exe

2014-03-11 23:05 - 2011-07-18 19:20 - 00071048 _____ (Adobe Systems Incorporated) C:\WINXP\system32\FlashPlayerCPLApp.cpl

2014-03-07 12:51 - 2014-02-11 18:35 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\ENGLISH 621

2014-03-05 09:26 - 2014-03-28 18:58 - 00050648 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\mbamchameleon.sys

2014-03-05 09:26 - 2014-03-28 18:58 - 00023256 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\mbam.sys

 

==================== Bamital & volsnap Check =================

 

C:\WINXP\explorer.exe

[2008-04-14 09:00] - [2008-04-14 09:00] - 1033728 ____A (Microsoft Corporation) 

 

C:\WINXP\system32\winlogon.exe

[2008-04-14 09:00] - [2008-04-14 09:00] - 0507904 ____A (Microsoft Corporation) 

 

C:\WINXP\system32\svchost.exe

[2008-04-14 09:00] - [2008-04-14 09:00] - 0014336 ____A (Microsoft Corporation) 

 

C:\WINXP\system32\services.exe

[2010-09-16 13:11] - [2010-09-16 13:11] - 0110592 ____A (Microsoft Corporation) 

 

C:\WINXP\system32\User32.dll

[2008-04-14 09:00] - [2008-04-14 09:00] - 0578560 ____A (Microsoft Corporation) 

 

C:\WINXP\system32\userinit.exe

[2008-04-14 09:00] - [2008-04-14 09:00] - 0026112 ____A (Microsoft Corporation) 

 

C:\WINXP\system32\rpcss.dll

[2010-09-16 13:11] - [2010-09-16 13:11] - 0401408 ____A (Microsoft Corporation) 

 

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.

C:\WINXP\system32\Drivers\volsnap.sys

[2008-04-14 09:00] - [2008-04-14 09:00] - 0052352 ____A (Microsoft Corporation) 

 

 

==================== End Of Log ============================

 

 

******************************************************************************************************************************************

 


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01

Ran by Administrator at 2014-04-04 22:57:06

Running from C:\Documents and Settings\Administrator\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

 

==================== Installed Programs ======================

 

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Apple Application Support (HKLM\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}) (Version: 5.2.0.6 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.8.0.0 - Ask.com) <==== ATTENTION

Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.2 - Auslogics Software Pty Ltd)

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

Brother MFL-Pro Suite MFC-J280W (HKLM\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.0.13.0 - Brother Industries, Ltd.)

CCleaner (HKLM\...\CCleaner) (Version: 3.11 - Piriform)

CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3341 - CDBurnerXP)

Chilton Total Car Care: Ford Trucks (HKLM\...\{E4817521-4404-4195-9E06-E9DC47E39C97}) (Version: 1.00.001 - )

Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.4.12005.2 - Cisco Consumer Products LLC)

Content Manager (HKLM\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 2.70 - Magellan)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)

DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.1.0 (HKLM\...\DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1) (Version:  - Fengtao Software Inc.)

EPSON CX 4200 4800 Guide (HKLM\...\Silent Package Run-Time Sample) (Version:  - )

EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )

EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )

Foxit Reader 5.0 (HKLM\...\Foxit Reader_is1) (Version: 5.0.1.0527 - Foxit Corporation)

Garmin MetroGuide Canada v5 (HKLM\...\{34437DD2-0A04-44DE-B566-75C1FCA081FF}) (Version: 5.0.0.0 - Garmin Ltd or its subsidiaries)

Garmin Trip and Waypoint Manager v4 (HKLM\...\{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}) (Version: 4.0.0.0 - Garmin Ltd or its subsidiaries)

GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)

Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden

Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )

Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )

iTunes (HKLM\...\{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}) (Version: 10.6.3.25 - Apple Inc.)

Java Auto Updater (Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden

Java 7 Update 5 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)

JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)

Kobo (HKLM\...\Kobo) (Version: 2.1.6 - Kobo Inc.)

magicJack (HKCU\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)

Malwarebytes Anti-Malware version 2.00.0.1000 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)

Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (Version: 4.0.30320 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden

Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)

Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version:  - Microsoft Corporation)

Mozilla Thunderbird 24.2.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.2.0 (x86 en-US)) (Version: 24.2.0 - Mozilla)

MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )

Pidgin (HKLM\...\Pidgin) (Version: 2.7.3 - )

Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)

Samsung Kies (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden

SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)

Speccy (HKLM\...\Speccy) (Version: 1.05 - Piriform)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)

Update for Microsoft Windows (KB971513) (HKLM\...\KB971513) (Version:  - Microsoft Corporation)

Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)

Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)

Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)

WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden

Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)

 

==================== Restore Points  =========================

 

19-01-2014 20:14:05 Installed Content Manager

19-01-2014 20:20:41 Software Distribution Service 3.0

20-01-2014 00:21:07 Software Distribution Service 3.0

22-01-2014 18:00:12 Software Distribution Service 3.0

23-01-2014 18:00:04 Software Distribution Service 3.0

24-01-2014 17:56:47 Software Distribution Service 3.0

25-01-2014 17:53:06 Software Distribution Service 3.0

26-01-2014 05:35:59 Software Distribution Service 3.0

27-01-2014 17:47:01 Software Distribution Service 3.0

28-01-2014 17:50:45 Software Distribution Service 3.0

31-01-2014 16:56:28 Software Distribution Service 3.0

07-02-2014 11:10:16 Software Distribution Service 3.0

08-02-2014 11:04:51 Software Distribution Service 3.0

09-02-2014 06:03:12 Software Distribution Service 3.0

10-02-2014 06:10:54 Software Distribution Service 3.0

11-02-2014 21:32:48 Software Distribution Service 3.0

12-02-2014 21:29:28 Software Distribution Service 3.0

13-02-2014 07:00:51 Software Distribution Service 3.0

14-02-2014 07:59:26 System Checkpoint

14-02-2014 08:07:14 Software Distribution Service 3.0

15-02-2014 08:03:05 Software Distribution Service 3.0

16-02-2014 05:35:41 Software Distribution Service 3.0

16-02-2014 08:01:17 Software Distribution Service 3.0

17-02-2014 08:00:12 Software Distribution Service 3.0

18-02-2014 07:57:19 Software Distribution Service 3.0

19-02-2014 08:00:28 Software Distribution Service 3.0

20-02-2014 08:54:46 System Checkpoint

21-02-2014 07:41:03 Software Distribution Service 3.0

22-02-2014 07:36:42 Software Distribution Service 3.0

23-02-2014 05:34:56 Software Distribution Service 3.0

24-02-2014 05:39:17 System Checkpoint

24-02-2014 07:30:50 Software Distribution Service 3.0

25-02-2014 07:28:04 Software Distribution Service 3.0

26-02-2014 02:25:46 Software Distribution Service 3.0

26-02-2014 06:24:39 Software Distribution Service 3.0

26-02-2014 10:23:33 Software Distribution Service 3.0

26-02-2014 14:22:26 Software Distribution Service 3.0

26-02-2014 18:22:33 Software Distribution Service 3.0

26-02-2014 22:21:22 Software Distribution Service 3.0

27-02-2014 22:23:40 System Checkpoint

27-02-2014 22:26:16 Software Distribution Service 3.0

28-02-2014 22:49:55 System Checkpoint

01-03-2014 13:06:27 Software Distribution Service 3.0

02-03-2014 05:37:53 Software Distribution Service 3.0

02-03-2014 13:02:55 Software Distribution Service 3.0

03-03-2014 12:59:32 Software Distribution Service 3.0

04-03-2014 13:04:31 Software Distribution Service 3.0

05-03-2014 13:40:50 System Checkpoint

06-03-2014 12:46:09 Software Distribution Service 3.0

07-03-2014 12:52:44 Software Distribution Service 3.0

08-03-2014 13:26:33 System Checkpoint

09-03-2014 05:40:03 Software Distribution Service 3.0

09-03-2014 12:32:12 Software Distribution Service 3.0

10-03-2014 12:34:04 Software Distribution Service 3.0

11-03-2014 12:23:30 Software Distribution Service 3.0

12-03-2014 06:00:28 Software Distribution Service 3.0

13-03-2014 13:00:06 Software Distribution Service 3.0

14-03-2014 13:00:36 Software Distribution Service 3.0

28-03-2014 19:14:30 Software Distribution Service 3.0

28-03-2014 19:27:07 Software Distribution Service 3.0

01-04-2014 15:34:10 ComboFix created restore point

01-04-2014 15:37:40 Software Distribution Service 3.0

02-04-2014 15:32:28 Software Distribution Service 3.0

03-04-2014 02:49:47 Software Distribution Service 3.0

04-04-2014 03:38:59 System Checkpoint

04-04-2014 13:28:21 Software Distribution Service 3.0

 

==================== Hosts content: ==========================

 

2008-04-14 09:00 - 2014-04-01 12:51 - 00000027 ____A C:\WINXP\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: C:\WINXP\Tasks\Adobe Flash Player Updater.job => C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINXP\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINXP\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINXP\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1972579041-1177238915-500Core.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

Task: C:\WINXP\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1972579041-1177238915-500UA.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

Task: C:\WINXP\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

Task: C:\WINXP\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINXP\system32\xp_eos.exe

Task: C:\WINXP\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINXP\system32\xp_eos.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2010-09-25 12:34 - 2010-03-04 23:38 - 00071096 _____ () C:\Program Files\CDBurnerXP\NMSAccessU.exe

2014-02-13 04:50 - 2014-02-13 04:50 - 01920512 _____ () C:\WINXP\assembly\NativeImages_v4.0.30319_32\Kies.UI\9de3abc43cb616fc6d099d3b96e65462\Kies.UI.ni.dll

2014-02-13 04:50 - 2014-02-13 04:50 - 00078848 _____ () C:\WINXP\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\bf8afcd46d1a5da82b28fd2cdb16984b\Kies.MVVM.ni.dll

2014-02-13 04:50 - 2014-02-13 04:50 - 00184832 _____ () C:\WINXP\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\3107856f35cdd262fcaeca56a25affb5\Kies.Common.DeviceServiceLib.Interface.ni.dll

2014-02-13 04:52 - 2014-02-13 04:52 - 00347648 _____ () C:\WINXP\assembly\NativeImages_v4.0.30319_32\DevicePhoto\575fd589dac7437b4d729dfc731e2aa6\DevicePhoto.ni.dll

2014-02-13 04:52 - 2014-02-13 04:52 - 00293888 _____ () C:\WINXP\assembly\NativeImages_v4.0.30319_32\DeviceVideo\8a67baa80d1bcfbdb1b3b7b7cf0157f5\DeviceVideo.ni.dll

2014-02-13 04:52 - 2014-02-13 04:52 - 00615424 _____ () C:\WINXP\assembly\NativeImages_v4.0.30319_32\DevicePodcast\70fd2d26c96b17f3ea970ebeedca05ff\DevicePodcast.ni.dll

2014-02-13 04:52 - 2014-02-13 04:52 - 00307200 _____ () C:\WINXP\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\8f3715f285d1053b77a59a3648449433\DummyStorePlugin.ni.dll

2014-02-13 04:52 - 2014-02-13 04:52 - 13033984 _____ () C:\WINXP\assembly\NativeImages_v4.0.30319_32\Kies.Theme\ea06c67ad9cf7394e2796c8af328c172\Kies.Theme.ni.dll

2014-02-13 04:51 - 2014-02-13 04:51 - 00571392 _____ () C:\WINXP\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\85f78f27e16dc8789c1e172c6be216fe\Kies.Common.DeviceServiceLib.FileService.ni.dll

2014-02-13 04:51 - 2014-02-13 04:51 - 00038912 _____ () C:\WINXP\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d3b88e7eb5f62d9c00aea091e492c077\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll

2014-02-13 04:51 - 2014-02-13 04:51 - 00232960 _____ () C:\WINXP\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\27af83e8dc27ee77fd22031801f3c5f1\ASF_cSharpAPI.ni.dll

2014-03-28 16:24 - 2014-03-14 21:50 - 00051016 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll

2014-01-19 17:14 - 2012-12-06 11:09 - 07375360 _____ () C:\Program Files\Content Manager\CmTray.exe

2014-01-19 17:14 - 2009-01-10 19:32 - 00011362 _____ () C:\Program Files\Content Manager\mingwm10.dll

2014-01-19 17:14 - 2009-06-23 03:42 - 00043008 _____ () C:\Program Files\Content Manager\libgcc_s_dw2-1.dll

2014-01-19 17:14 - 2012-01-06 15:53 - 02556416 _____ () C:\Program Files\Content Manager\QtCore4.dll

2014-01-19 17:14 - 2011-09-01 23:23 - 09933824 _____ () C:\Program Files\Content Manager\QtGui4.dll

2014-01-19 17:14 - 2011-09-01 22:53 - 01215488 _____ () C:\Program Files\Content Manager\QtNetwork4.dll

2014-01-19 17:14 - 2011-09-01 22:53 - 00271872 _____ () C:\Program Files\Content Manager\QtSql4.dll

2014-01-19 17:14 - 2011-09-01 22:49 - 00399360 _____ () C:\Program Files\Content Manager\QtXml4.dll

2014-01-19 17:14 - 2011-09-02 02:48 - 00478720 _____ () C:\Program Files\Content Manager\Plugins\sqldrivers\qsqlite4.dll

2014-03-28 16:24 - 2014-03-14 21:50 - 04061000 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\pdf.dll

2014-03-28 16:24 - 2014-03-14 21:50 - 00394568 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll

2014-03-28 16:24 - 2014-03-14 21:50 - 01647432 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

 

==================== Disabled items from MSCONFIG ==============

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (04/01/2014 00:33:33 PM) (Source: Application Error) (User: )

Description: Faulting application iexplore.exe, version 0.0.0.0, faulting module iexplore.exe, version 0.0.0.0, fault address 0x0008d1c0.

Processing media-specific event for [iexplore.exe!ws!]

 

Error: (04/01/2014 00:31:33 PM) (Source: MPSampleSubmission) (User: )

Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

 

Error: (03/03/2014 08:10:22 PM) (Source: MPSampleSubmission) (User: )

Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.4.304.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

 

Error: (02/24/2014 05:15:35 PM) (Source: MPSampleSubmission) (User: )

Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.4.304.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

 

Error: (10/20/2013 03:51:25 AM) (Source: .NET Runtime Optimization Service) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

 

Error: (10/19/2013 00:19:15 PM) (Source: Application Error) (User: )

Description: Fault bucket 240698257.

The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

 

Error: (10/19/2013 00:18:51 PM) (Source: Application Error) (User: )

Description: Faulting application e_farnada.exe, version 4.0.0.0, faulting module e_faprada.dll, version 4.0.0.0, fault address 0x0000cc63.

Processing media-specific event for [e_farnada.exe!ws!]

 

Error: (10/19/2013 00:17:58 PM) (Source: Application Error) (User: )

Description: Faulting application e_farnada.exe, version 4.0.0.0, faulting module e_faprada.dll, version 4.0.0.0, fault address 0x0000cc63.

Processing media-specific event for [e_farnada.exe!ws!]

 

Error: (06/30/2013 10:07:01 PM) (Source: MPSampleSubmission) (User: )

Description: EventType mptelemetry, P1 2152759303, P2 unspecified, P3 scanfile, P4 4.2.223.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

 

Error: (06/16/2013 09:23:59 AM) (Source: Application Hang) (User: )

Description: Hanging application E_FARNADA.EXE, version 4.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

 

System errors:

=============

Error: (04/04/2014 10:51:10 PM) (Source: Service Control Manager) (User: )

Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (04/04/2014 10:51:10 PM) (Source: Service Control Manager) (User: )

Description: The NMSAccess service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (04/04/2014 10:51:09 PM) (Source: Service Control Manager) (User: )

Description: The SmartLinkService service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (04/04/2014 10:51:09 PM) (Source: Service Control Manager) (User: )

Description: The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (04/04/2014 10:51:09 PM) (Source: Service Control Manager) (User: )

Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (04/04/2014 10:51:09 PM) (Source: Service Control Manager) (User: )

Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (04/04/2014 10:51:09 PM) (Source: Service Control Manager) (User: )

Description: The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

 

Error: (04/04/2014 10:51:09 PM) (Source: Service Control Manager) (User: )

Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.

 

Error: (04/03/2014 10:21:44 AM) (Source: Print) (User: NT AUTHORITY)

Description: Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.

 

Error: (04/01/2014 00:52:27 PM) (Source: Service Control Manager) (User: )

Description: The SmartLinkService service has reported an invalid current state 0.

 

 

Microsoft Office Sessions:

=========================

Error: (04/01/2014 00:33:33 PM) (Source: Application Error)(User: )

Description: iexplore.exe0.0.0.0iexplore.exe0.0.0.00008d1c0

 

Error: (04/01/2014 00:31:33 PM) (Source: MPSampleSubmission)(User: )

Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL

 

Error: (03/03/2014 08:10:22 PM) (Source: MPSampleSubmission)(User: )

Description: mptelemetry2152759308unspecifiedscanfile4.4.304.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

 

Error: (02/24/2014 05:15:35 PM) (Source: MPSampleSubmission)(User: )

Description: mptelemetry2152759308unspecifiedscanfile4.4.304.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

 

Error: (10/20/2013 03:51:25 AM) (Source: .NET Runtime Optimization Service)(User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

 

Error: (10/19/2013 00:19:15 PM) (Source: Application Error)(User: )

Description: 240698257

 

Error: (10/19/2013 00:18:51 PM) (Source: Application Error)(User: )

Description: e_farnada.exe4.0.0.0e_faprada.dll4.0.0.00000cc63

 

Error: (10/19/2013 00:17:58 PM) (Source: Application Error)(User: )

Description: e_farnada.exe4.0.0.0e_faprada.dll4.0.0.00000cc63

 

Error: (06/30/2013 10:07:01 PM) (Source: MPSampleSubmission)(User: )

Description: mptelemetry2152759303unspecifiedscanfile4.2.223.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

 

Error: (06/16/2013 09:23:59 AM) (Source: Application Hang)(User: )

Description: E_FARNADA.EXE4.0.0.0hungapp0.0.0.000000000

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 56%

Total physical RAM: 1277.98 MB

Available physical RAM: 555.66 MB

Total Pagefile: 1516.41 MB

Available Pagefile: 847.71 MB

Total Virtual: 2047.88 MB

Available Virtual: 1959.64 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:63.53 GB) (Free:8.84 GB) NTFS ==>[Drive with boot components (Windows XP)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: D0F4738C)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================


 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Link to post
Share on other sites

  • Root Admin

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java.
 
Then run the following
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

 

 

Next, Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.


  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.


  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.



STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.


  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

 

Link to post
Share on other sites

JavaRa 1.16 Removal Log.
 
Report follows after line.
 
------------------------------------
 
The JavaRa removal process was started on Sat Apr 05 13:56:29 2014
 
Found and removed: C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.7.0_17
 
Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
 
Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
 
Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit
 
Found and removed: SOFTWARE\Microsoft\Internet Explorer\Low Rights
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
 
Found and removed: SOFTWARE\JavaSoft
 
Found and removed: SOFTWARE\JreMetrics
 
Found and removed: SOFTWARE\MozillaPlugins
 
------------------------------------
 
Finished reporting.
 
 
 
 
 
 
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
 
Database version: v2014.04.05.04
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
 :: GORDON-30421596 [administrator]
 
4/5/2014 1:59:23 PM
mbar-log-2014-04-05 (13-59-23).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 219713
Time elapsed: 20 minute(s), 59 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Sat 04/05/2014 at 14:24:03.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Myfree Codec
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Myfree Codec
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files\myfree codec"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\local settings\application data\asktoolbar"
Successfully deleted: [Folder] "C:\WINXP\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/05/2014 at 14:28:49.59
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

 

 

# AdwCleaner v3.023 - Report created 05/04/2014 at 14:38:03
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - GORDON-30421596
# Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[x] Not Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\myfree codec
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2704 octets] - [05/04/2014 14:32:35]
AdwCleaner[s0].txt - [2670 octets] - [05/04/2014 14:38:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2730 octets] ##########
 
 
 
 
 
 
C:\Documents and Settings\Administrator\My Documents\Downloads\ccsetup311.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Documents and Settings\Administrator\My Documents\Downloads\cdbxp_setup_4.3.7.2356.exe Win32/OpenCandy potentially unsafe application
C:\Documents and Settings\Administrator\My Documents\Downloads\cdbxp_setup_4.3.8.2631.exe Win32/OpenCandy potentially unsafe application
C:\Documents and Settings\Administrator\My Documents\Downloads\disk-defrag-setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Administrator (administrator) on GORDON-30421596 on 05-04-2014 16:31:04
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\WINXP\System32\smss.exe
(Microsoft Corporation) C:\WINXP\system32\csrss.exe
(Microsoft Corporation) C:\WINXP\system32\winlogon.exe
(Microsoft Corporation) C:\WINXP\system32\services.exe
(Microsoft Corporation) C:\WINXP\system32\lsass.exe
(Microsoft Corporation) C:\WINXP\system32\svchost.exe
(Microsoft Corporation) C:\WINXP\system32\svchost.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\WINXP\System32\svchost.exe
(Microsoft Corporation) C:\WINXP\system32\svchost.exe
(Microsoft Corporation) C:\WINXP\system32\svchost.exe
(Microsoft Corporation) C:\WINXP\system32\svchost.exe
(Microsoft Corporation) C:\WINXP\system32\spoolsv.exe
(Microsoft Corporation) C:\WINXP\system32\svchost.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\WINXP\system32\svchost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
(Smart Link) C:\WINXP\system32\slserv.exe
(Microsoft Corporation) C:\WINXP\system32\svchost.exe
(Microsoft Corporation) C:\WINXP\Explorer.EXE
(Microsoft Corporation) C:\WINXP\System32\alg.exe
(Microsoft Corporation) C:\WINXP\system32\wscntfy.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\WINXP\system32\hkcmd.exe
(Intel Corporation) C:\WINXP\system32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(SEIKO EPSON CORPORATION) C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
() C:\Program Files\Content Manager\CmTray.exe
(Microsoft Corporation) C:\WINXP\system32\NOTEPAD.EXE
(Microsoft Corporation) C:\WINXP\System32\svchost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINXP\system32\wbem\wmiprvse.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [soundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [igfxtray] - C:\WINXP\system32\igfxtray.exe [94208 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxhkcmd] - C:\WINXP\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] - C:\WINXP\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [EPSON Stylus CX4800 Series] - C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE [98304 2005-02-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM\...\Winlogon: [userinit] C:\WINXP\system32\userinit.exe,
HKLM\...\Winlogon: [shell] Explorer.exe [x ] ()
HKLM\...\Winlogon: [uIHost] logonui.exe [x ] ()
Winlogon\Notify\crypt32chain: C:\WINXP\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINXP\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINXP\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINXP\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINXP\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: C:\WINXP\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINXP\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINXP\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINXP\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINXP\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\WgaLogon: C:\WINXP\system32\WgaLogon.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINXP\system32\wlnotify.dll (Microsoft Corporation)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation)
HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-26] (Google Inc.)
HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [cdloader] - C:\Documents and Settings\Administrator\Application Data\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [EPSON Stylus CX4800 Series] - C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE [98304 2005-02-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5717272 2013-12-15] (SUPERAntiSpyware)
HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [A24802D8E0033B87C7A71FBB6D39DEF74469BA10._service_run] - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [859976 2014-03-14] (Google Inc.)
HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [CmTray] - C:\Program Files\Content Manager\launchCM.exe [94208 2011-12-28] ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF3A86FAA785BCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINXP\system32\urlmon.dll (Microsoft Corporation)
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINXP\system32\wiascr.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINXP\system32\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-21]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
S3 AdobeFlashPlayerUpdateSvc; C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe [257928 2014-03-11] (Adobe Systems Incorporated)
S4 Alerter; C:\WINXP\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation)
R3 ALG; C:\WINXP\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation)
S3 AppMgmt; C:\WINXP\System32\appmgmts.dll [167936 2008-04-14] (Microsoft Corporation)
S3 aspnet_state; C:\WINXP\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [35160 2010-03-18] (Microsoft Corporation)
R2 AudioSrv; C:\WINXP\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation)
R2 BITS; C:\WINXP\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation)
R2 Browser; C:\WINXP\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation)
S3 CiSvc; C:\WINXP\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation)
S3 ClipSrv; C:\WINXP\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_32; C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\WINXP\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
S3 COMSysApp; C:\WINXP\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)
R2 CryptSvc; C:\WINXP\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation)
R2 DcomLaunch; C:\WINXP\system32\rpcss.dll [401408 2010-09-16] (Microsoft Corporation)
R2 Dhcp; C:\WINXP\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation)
S3 dmadmin; C:\WINXP\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software)
R2 dmserver; C:\WINXP\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.)
R2 Dnscache; C:\WINXP\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation)
S3 Dot3svc; C:\WINXP\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation)
S3 EapHost; C:\WINXP\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation)
R2 ERSvc; C:\WINXP\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation)
R2 Eventlog; C:\WINXP\system32\services.exe [110592 2010-09-16] (Microsoft Corporation)
R3 EventSystem; C:\WINXP\system32\es.dll [253952 2010-09-16] (Microsoft Corporation)
R3 FastUserSwitchingCompatibility; C:\WINXP\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
S3 FontCache3.0.0.0; c:\WINXP\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
R2 helpsvc; C:\WINXP\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation)
R2 HidServ; C:\WINXP\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation)
S3 hkmsvc; C:\WINXP\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation)
R3 HTTPFilter; C:\WINXP\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation)
S3 idsvc; c:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)
S3 ImapiService; C:\WINXP\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation)
S2 KMService; C:\WINXP\system32\srvany.exe [8192 2012-08-03] ()
R2 LanmanServer; C:\WINXP\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINXP\System32\wkssvc.dll [134144 2010-09-16] (Microsoft Corporation)
R2 LmHosts; C:\WINXP\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation)
S4 Messenger; C:\WINXP\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation)
S3 mnmsrvc; C:\WINXP\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)
S3 MSDTC; C:\WINXP\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation)
S3 MSIServer; C:\WINXP\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 napagent; C:\WINXP\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation)
S4 NetDDE; C:\WINXP\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
S4 NetDDEdsdm; C:\WINXP\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
S3 Netlogon; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R3 Netman; C:\WINXP\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation)
S4 NetTcpPortSharing; c:\WINXP\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
R3 Nla; C:\WINXP\System32\mswsock.dll [245248 2010-09-16] (Microsoft Corporation)
R2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
S3 NtLmSsp; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 NtmsSvc; C:\WINXP\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation)
R2 PlugPlay; C:\WINXP\system32\services.exe [110592 2010-09-16] (Microsoft Corporation)
R2 PolicyAgent; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R2 ProtectedStorage; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 RasAuto; C:\WINXP\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation)
R3 RasMan; C:\WINXP\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation)
S3 RDSessMgr; C:\WINXP\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation)
S4 RemoteAccess; C:\WINXP\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation)
R2 RemoteRegistry; C:\WINXP\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation)
S3 RpcLocator; C:\WINXP\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation)
R2 RpcSs; C:\WINXP\System32\rpcss.dll [401408 2010-09-16] (Microsoft Corporation)
S3 RSVP; C:\WINXP\system32\rsvp.exe [132608 2008-04-14] (Microsoft Corporation)
R2 SamSs; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 SCardSvr; C:\WINXP\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation)
R2 Schedule; C:\WINXP\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation)
R2 seclogon; C:\WINXP\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation)
R2 SENS; C:\WINXP\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation)
R2 SharedAccess; C:\WINXP\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINXP\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
R2 SLService; C:\WINXP\system32\slserv.exe [73796 2008-04-14] (Smart Link)
R2 Spooler; C:\WINXP\system32\spoolsv.exe [58880 2010-09-16] (Microsoft Corporation)
R2 srservice; C:\WINXP\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)
R3 SSDPSRV; C:\WINXP\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation)
R2 stisvc; C:\WINXP\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation)
S3 SwPrv; C:\WINXP\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)
S3 SysmonLog; C:\WINXP\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation)
R3 TapiSrv; C:\WINXP\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation)
R3 TermService; C:\WINXP\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation)
R2 Themes; C:\WINXP\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
S3 TlntSvr; C:\WINXP\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation)
R2 TrkWks; C:\WINXP\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation)
R3 upnphost; C:\WINXP\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation)
S3 UPS; C:\WINXP\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation)
S3 VSS; C:\WINXP\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation)
R2 W32Time; C:\WINXP\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation)
R2 WebClient; C:\WINXP\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation)
R2 winmgmt; C:\WINXP\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINXP\system32\mspmsnsv.dll [27136 2010-09-16] (Microsoft Corporation)
S3 Wmi; C:\WINXP\System32\advapi32.dll [617472 2010-09-16] (Microsoft Corporation)
S3 WmiApSrv; C:\WINXP\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation)
S3 WPFFontCache_v0400; C:\WINXP\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [756392 2013-07-20] (Microsoft Corporation)
R2 wscsvc; C:\WINXP\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation)
R2 wuauserv; C:\WINXP\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation)
R2 WudfSvc; C:\WINXP\System32\WUDFSvc.dll [55808 2010-09-16] (Microsoft Corporation)
R2 WZCSVC; C:\WINXP\System32\wzcsvc.dll [483840 2010-09-16] (Microsoft Corporation)
S3 xmlprov; C:\WINXP\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R0 ACPI; C:\WINXP\System32\DRIVERS\ACPI.sys [187776 2008-04-14] (Microsoft Corporation)
S4 ACPIEC; C:\WINXP\system32\Drivers\ACPIEC.sys [11648 2008-04-14] (Microsoft Corporation)
S3 aec; C:\WINXP\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
R1 AFD; C:\WINXP\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation)
S3 AsyncMac; C:\WINXP\System32\DRIVERS\asyncmac.sys [14336 2008-04-14] (Microsoft Corporation)
R0 atapi; C:\WINXP\System32\DRIVERS\atapi.sys [96512 2008-04-14] (Microsoft Corporation)
S3 Atmarpc; C:\WINXP\System32\DRIVERS\atmarpc.sys [59904 2008-04-14] (Microsoft Corporation)
R3 audstub; C:\WINXP\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
R1 Beep; C:\WINXP\system32\Drivers\Beep.sys [4224 2008-04-14] (Microsoft Corporation)
S4 cbidf2k; C:\WINXP\system32\Drivers\cbidf2k.sys [13952 2008-04-14] (Microsoft Corporation)
S1 Cdaudio; C:\WINXP\system32\Drivers\Cdaudio.sys [18688 2010-09-16] (Microsoft Corporation)
R4 Cdfs; C:\WINXP\system32\Drivers\Cdfs.sys [63744 2008-04-14] (Microsoft Corporation)
R1 Cdrom; C:\WINXP\System32\DRIVERS\cdrom.sys [62976 2008-04-14] (Microsoft Corporation)
S3 dg_ssudbus; C:\WINXP\System32\DRIVERS\ssudbus.sys [83168 2012-09-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
R0 Disk; C:\WINXP\System32\DRIVERS\disk.sys [36352 2008-04-14] (Microsoft Corporation)
S4 dmboot; C:\WINXP\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp., Veritas Software)
R0 dmio; C:\WINXP\System32\drivers\dmio.sys [153344 2008-04-14] (Microsoft Corp., Veritas Software)
R0 dmload; C:\WINXP\System32\drivers\dmload.sys [5888 2008-04-14] (Microsoft Corp., Veritas Software.)
S3 DMusic; C:\WINXP\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation)
S3 drmkaud; C:\WINXP\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation)
R3 E100B; C:\WINXP\System32\DRIVERS\e100b325.sys [154112 2004-02-10] (Intel Corporation)
S4 Fastfat; C:\WINXP\system32\Drivers\Fastfat.sys [143744 2008-04-14] (Microsoft Corporation)
R3 Fdc; C:\WINXP\System32\DRIVERS\fdc.sys [27392 2008-04-14] (Microsoft Corporation)
R1 Fips; C:\WINXP\system32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation)
R3 Flpydisk; C:\WINXP\System32\DRIVERS\flpydisk.sys [20480 2008-04-14] (Microsoft Corporation)
R0 FltMgr; C:\WINXP\System32\DRIVERS\fltMgr.sys [129792 2008-04-14] (Microsoft Corporation)
U1 Fs_Rec; C:\WINXP\system32\Drivers\Fs_Rec.sys [7936 2008-04-14] (Microsoft Corporation)
R0 Ftdisk; C:\WINXP\System32\DRIVERS\ftdisk.sys [125056 2008-04-14] (Microsoft Corporation)
R3 GEARAspiWDM; C:\WINXP\System32\DRIVERS\GEARAspiWDM.sys [26600 2009-05-18] (GEAR Software Inc.)
R3 Gpc; C:\WINXP\System32\DRIVERS\msgpc.sys [35072 2008-04-14] (Microsoft Corporation)
R3 hidusb; C:\WINXP\System32\DRIVERS\hidusb.sys [10368 2008-04-14] (Microsoft Corporation)
R3 HTTP; C:\WINXP\System32\Drivers\HTTP.sys [265728 2010-09-16] (Microsoft Corporation)
S1 i8042prt; C:\WINXP\system32\Drivers\i8042prt.sys [52480 2008-04-14] (Microsoft Corporation)
R3 ialm; C:\WINXP\System32\DRIVERS\ialmnt5.sys [1302332 2005-09-20] (Intel Corporation)
R1 Imapi; C:\WINXP\System32\DRIVERS\imapi.sys [42112 2008-04-14] (Microsoft Corporation)
R0 IntelIde; C:\WINXP\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation)
R1 intelppm; C:\WINXP\System32\DRIVERS\intelppm.sys [36352 2008-04-14] (Microsoft Corporation)
S3 Ip6Fw; C:\WINXP\System32\DRIVERS\Ip6Fw.sys [36608 2008-04-14] (Microsoft Corporation)
S3 IpFilterDriver; C:\WINXP\System32\DRIVERS\ipfltdrv.sys [32896 2008-04-14] (Microsoft Corporation)
S3 IpInIp; C:\WINXP\System32\DRIVERS\ipinip.sys [20864 2008-04-14] (Microsoft Corporation)
R3 IpNat; C:\WINXP\System32\DRIVERS\ipnat.sys [152832 2008-04-14] (Microsoft Corporation)
R1 IPSec; C:\WINXP\System32\DRIVERS\ipsec.sys [75264 2008-04-14] (Microsoft Corporation)
S3 IRENUM; C:\WINXP\System32\DRIVERS\irenum.sys [11264 2008-04-14] (Microsoft Corporation)
R0 isapnp; C:\WINXP\System32\DRIVERS\isapnp.sys [37248 2008-04-14] (Microsoft Corporation)
R1 Kbdclass; C:\WINXP\System32\DRIVERS\kbdclass.sys [24576 2008-04-14] (Microsoft Corporation)
R1 kbdhid; C:\WINXP\System32\DRIVERS\kbdhid.sys [14592 2008-04-14] (Microsoft Corporation)
S3 kmixer; C:\WINXP\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation)
R0 KSecDD; C:\WINXP\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation)
S3 libusb0; C:\WINXP\System32\drivers\libusb0.sys [21504 2011-12-19] (http://libusb-win32.sourceforge.net)
R1 mnmdd; C:\WINXP\system32\Drivers\mnmdd.sys [4224 2008-04-14] (Microsoft Corporation)
R3 Modem; C:\WINXP\system32\Drivers\Modem.sys [30080 2010-09-16] (Microsoft Corporation)
R3 MODEMCSA; C:\WINXP\System32\drivers\MODEMCSA.sys [16128 2001-08-17] (Microsoft Corporation)
R1 Mouclass; C:\WINXP\System32\DRIVERS\mouclass.sys [23040 2010-09-16] (Microsoft Corporation)
R3 mouhid; C:\WINXP\System32\DRIVERS\mouhid.sys [12160 2010-09-16] (Microsoft Corporation)
R0 MountMgr; C:\WINXP\system32\Drivers\MountMgr.sys [42368 2008-04-14] (Microsoft Corporation)
R0 MpFilter; C:\WINXP\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 MRxDAV; C:\WINXP\System32\DRIVERS\mrxdav.sys [180608 2008-04-14] (Microsoft Corporation)
R1 MRxSmb; C:\WINXP\System32\DRIVERS\mrxsmb.sys [457856 2011-07-15] (Microsoft Corporation)
R1 Msfs; C:\WINXP\system32\Drivers\Msfs.sys [19072 2008-04-14] (Microsoft Corporation)
S3 MSKSSRV; C:\WINXP\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINXP\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation)
S3 MSPQM; C:\WINXP\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation)
R3 mssmbios; C:\WINXP\System32\DRIVERS\mssmbios.sys [15488 2010-09-16] (Microsoft Corporation)
R3 Mtlmnt5; C:\WINXP\System32\DRIVERS\Mtlmnt5.sys [126686 2008-04-13] (Smart Link)
S3 Mtlstrm; C:\WINXP\System32\DRIVERS\Mtlstrm.sys [1309184 2008-04-13] (Smart Link)
R0 Mup; C:\WINXP\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation)
R0 NDIS; C:\WINXP\system32\Drivers\NDIS.sys [182656 2008-04-14] (Microsoft Corporation)
R3 NdisTapi; C:\WINXP\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation)
R3 Ndisuio; C:\WINXP\System32\DRIVERS\ndisuio.sys [14592 2010-09-16] (Microsoft Corporation)
R3 NdisWan; C:\WINXP\System32\DRIVERS\ndiswan.sys [91520 2008-04-14] (Microsoft Corporation)
R3 NDProxy; C:\WINXP\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation)
R1 NetBIOS; C:\WINXP\System32\DRIVERS\netbios.sys [34688 2008-04-14] (Microsoft Corporation)
R1 NetBT; C:\WINXP\System32\DRIVERS\netbt.sys [162816 2008-04-14] (Microsoft Corporation)
R1 Npfs; C:\WINXP\system32\Drivers\Npfs.sys [30848 2008-04-14] (Microsoft Corporation)
R4 Ntfs; C:\WINXP\system32\Drivers\Ntfs.sys [574976 2008-04-14] (Microsoft Corporation)
S3 NtMtlFax; C:\WINXP\System32\DRIVERS\NtMtlFax.sys [180360 2008-04-13] (Smart Link)
R1 Null; C:\WINXP\system32\Drivers\Null.sys [2944 2008-04-14] (Microsoft Corporation)
S3 NwlnkFlt; C:\WINXP\System32\DRIVERS\nwlnkflt.sys [12416 2008-04-14] (Microsoft Corporation)
S3 NwlnkFwd; C:\WINXP\System32\DRIVERS\nwlnkfwd.sys [32512 2008-04-14] (Microsoft Corporation)
R3 Parport; C:\WINXP\System32\DRIVERS\parport.sys [80128 2010-09-16] (Microsoft Corporation)
R0 PartMgr; C:\WINXP\system32\Drivers\PartMgr.sys [19712 2008-04-14] (Microsoft Corporation)
R2 ParVdm; C:\WINXP\system32\Drivers\ParVdm.sys [6784 2008-04-14] (Microsoft Corporation)
R0 PCI; C:\WINXP\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation)
R0 PCIIde; C:\WINXP\system32\Drivers\PCIIde.sys [3328 2008-04-14] (Microsoft Corporation)
S4 Pcmcia; C:\WINXP\system32\Drivers\Pcmcia.sys [120192 2008-04-14] (Microsoft Corporation)
R3 PptpMiniport; C:\WINXP\System32\DRIVERS\raspptp.sys [48384 2008-04-14] (Microsoft Corporation)
R3 PSched; C:\WINXP\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation)
R3 Ptilink; C:\WINXP\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.)
R1 RasAcd; C:\WINXP\System32\DRIVERS\rasacd.sys [8832 2008-04-14] (Microsoft Corporation)
R3 Rasl2tp; C:\WINXP\System32\DRIVERS\rasl2tp.sys [51328 2008-04-14] (Microsoft Corporation)
R3 RasPppoe; C:\WINXP\System32\DRIVERS\raspppoe.sys [41472 2008-04-14] (Microsoft Corporation)
R3 Raspti; C:\WINXP\System32\DRIVERS\raspti.sys [16512 2008-04-14] (Microsoft Corporation)
R1 Rdbss; C:\WINXP\System32\DRIVERS\rdbss.sys [175744 2008-04-14] (Microsoft Corporation)
R1 RDPCDD; C:\WINXP\System32\DRIVERS\RDPCDD.sys [4224 2008-04-14] (Microsoft Corporation)
R3 rdpdr; C:\WINXP\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation)
S3 RDPWD; C:\WINXP\system32\Drivers\RDPWD.sys [139784 2012-07-04] (Microsoft Corporation)
R0 RecAgent; C:\WINXP\System32\DRIVERS\RecAgent.sys [13776 2008-04-13] (Smart Link)
R1 redbook; C:\WINXP\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Secdrv; C:\WINXP\System32\DRIVERS\secdrv.sys [20480 2008-04-14] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R3 senfilt; C:\WINXP\System32\drivers\senfilt.sys [732928 2004-09-17] (Creative Technology Ltd.)
R3 serenum; C:\WINXP\System32\DRIVERS\serenum.sys [15744 2008-04-14] (Microsoft Corporation)
R1 Serial; C:\WINXP\System32\DRIVERS\serial.sys [64512 2008-04-14] (Microsoft Corporation)
S1 Sfloppy; C:\WINXP\system32\Drivers\Sfloppy.sys [11392 2008-04-14] (Microsoft Corporation)
R3 Slntamr; C:\WINXP\System32\DRIVERS\slntamr.sys [404990 2008-04-13] (Smart Link)
S3 SlNtHal; C:\WINXP\System32\DRIVERS\Slnthal.sys [95424 2008-04-13] (Smart Link)
R3 SlWdmSup; C:\WINXP\System32\DRIVERS\SlWdmSup.sys [13240 2008-04-13] (Smart Link)
R3 smwdm; C:\WINXP\System32\drivers\smwdm.sys [260352 2005-01-27] (Analog Devices, Inc.)
S3 splitter; C:\WINXP\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation)
R0 sptd; C:\WINXP\System32\Drivers\sptd.sys [691696 2010-09-25] ()
R0 sr; C:\WINXP\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation)
R3 Srv; C:\WINXP\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation)
S3 ssudmdm; C:\WINXP\System32\DRIVERS\ssudmdm.sys [181344 2012-09-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
R2 StarOpen; C:\WINXP\system32\Drivers\StarOpen.sys [5504 2012-06-03] ()
R3 swenum; C:\WINXP\System32\DRIVERS\swenum.sys [4352 2010-09-16] (Microsoft Corporation)
S3 swmidi; C:\WINXP\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation)
R3 sysaudio; C:\WINXP\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation)
R1 Tcpip; C:\WINXP\System32\DRIVERS\tcpip.sys [361600 2010-09-16] (Microsoft Corporation)
S3 TDPIPE; C:\WINXP\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation)
S3 TDTCP; C:\WINXP\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation)
R1 TermDD; C:\WINXP\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation)
S4 Udfs; C:\WINXP\system32\Drivers\Udfs.sys [66048 2008-04-14] (Microsoft Corporation)
R3 Update; C:\WINXP\System32\DRIVERS\update.sys [384768 2008-04-14] (Microsoft Corporation)
S3 USBAAPL; C:\WINXP\System32\Drivers\usbaapl.sys [43520 2012-04-25] (Apple, Inc.)
S3 usbaudio; C:\WINXP\System32\drivers\usbaudio.sys [60160 2013-07-16] (Microsoft Corporation)
R3 usbccgp; C:\WINXP\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Microsoft Corporation)
R3 usbehci; C:\WINXP\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation)
R3 usbhub; C:\WINXP\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation)
R3 usbprint; C:\WINXP\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation)
R3 usbscan; C:\WINXP\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Microsoft Corporation)
R3 usbstor; C:\WINXP\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-14] (Microsoft Corporation)
R3 usbuhci; C:\WINXP\System32\DRIVERS\usbuhci.sys [20608 2008-04-14] (Microsoft Corporation)
R1 VgaSave; C:\WINXP\System32\drivers\vga.sys [20992 2008-04-14] (Microsoft Corporation)
R0 VolSnap; C:\WINXP\system32\Drivers\VolSnap.sys [52352 2008-04-14] (Microsoft Corporation)
R3 Wanarp; C:\WINXP\System32\DRIVERS\wanarp.sys [34560 2008-04-14] (Microsoft Corporation)
S3 Wdf01000; C:\WINXP\System32\Drivers\wdf01000.sys [503008 2008-03-27] (Microsoft Corporation)
R3 wdmaud; C:\WINXP\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation)
S3 WinUSB; C:\WINXP\System32\DRIVERS\WinUSB.sys [39368 2006-11-02] (Microsoft Corporation)
S3 WpdUsb; C:\WINXP\System32\DRIVERS\wpdusb.sys [38528 2010-09-16] (Microsoft Corporation)
R1 WS2IFSL; C:\WINXP\System32\drivers\ws2ifsl.sys [12032 2008-04-14] (Microsoft Corporation)
R0 WudfPf; C:\WINXP\System32\DRIVERS\WudfPf.sys [77568 2010-09-16] (Microsoft Corporation)
S3 WudfRd; C:\WINXP\System32\DRIVERS\wudfrd.sys [82944 2010-09-16] (Microsoft Corporation)
U3 alevcdwd; C:\WINXP\system32\Drivers\alevcdwd.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-05 16:28 - 2014-04-05 16:30 - 00000573 _____ () C:\Documents and Settings\Administrator\Desktop\eset2.txt
2014-04-05 15:37 - 2014-04-05 15:37 - 00000220 _____ () C:\Documents and Settings\Administrator\Desktop\eset1.txt
2014-04-05 14:43 - 2014-04-05 14:43 - 00000000 ____D () C:\Program Files\ESET
2014-04-05 14:42 - 2014-04-05 14:43 - 02347384 _____ (ESET) C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
2014-04-05 14:32 - 2014-04-05 14:38 - 00000000 ____D () C:\AdwCleaner
2014-04-05 14:31 - 2014-04-05 14:31 - 01426178 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
2014-04-05 14:28 - 2014-04-05 14:28 - 00003080 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt
2014-04-05 14:21 - 2014-04-05 14:21 - 00000000 ____D () C:\WINXP\ERUNT
2014-04-05 13:59 - 2014-04-05 14:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-04-05 13:58 - 2014-04-05 13:58 - 01038974 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\JRT.exe
2014-04-05 13:57 - 2014-04-05 13:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\mbar
2014-04-05 13:56 - 2014-04-05 13:56 - 00001050 _____ () C:\JavaRa.log
2014-04-05 13:56 - 2014-04-05 13:56 - 00001050 _____ () C:\Documents and Settings\Administrator\Desktop\JavaRa.log
2014-04-05 13:55 - 2014-04-05 13:55 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\RemoveJava
2014-04-05 13:51 - 2014-04-05 13:53 - 12589848 _____ (Malwarebytes Corp.) C:\Documents and Settings\Administrator\Desktop\mbar-1.07.0.1009.exe
2014-04-05 13:51 - 2014-04-05 13:51 - 00165483 _____ () C:\Documents and Settings\Administrator\Desktop\JavaRa-1.16-28-5-13.zip
2014-04-04 22:57 - 2014-04-04 22:58 - 00033110 _____ () C:\Documents and Settings\Administrator\Desktop\Addition.txt
2014-04-04 22:55 - 2014-04-05 16:31 - 00032339 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-04-04 22:54 - 2014-04-04 22:57 - 00000000 ____D () C:\FRST
2014-04-04 22:49 - 2014-04-04 22:50 - 01145856 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-04-04 22:49 - 2014-04-04 22:49 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\TFC.exe
2014-04-01 12:53 - 2014-04-01 12:53 - 00012953 _____ () C:\ComboFix.txt
2014-04-01 12:37 - 2014-04-01 12:37 - 00000000 _RSHD () C:\cmdcons
2014-04-01 12:37 - 2010-09-23 20:08 - 00000207 _____ () C:\Boot.bak
2014-04-01 12:37 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-04-01 12:33 - 2014-04-01 12:53 - 00000000 ____D () C:\Qoobox
2014-04-01 12:33 - 2014-04-01 12:52 - 00000000 ____D () C:\WINXP\erdnt
2014-04-01 12:33 - 2011-06-26 03:45 - 00256000 _____ () C:\WINXP\PEV.exe
2014-04-01 12:33 - 2010-11-07 14:20 - 00208896 _____ () C:\WINXP\MBR.exe
2014-04-01 12:33 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\WINXP\NIRCMD.exe
2014-04-01 12:33 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\WINXP\SWREG.exe
2014-04-01 12:33 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\WINXP\SWSC.exe
2014-04-01 12:33 - 2000-08-30 21:00 - 00212480 _____ (SteelWerX) C:\WINXP\SWXCACLS.exe
2014-04-01 12:33 - 2000-08-30 21:00 - 00098816 _____ () C:\WINXP\sed.exe
2014-04-01 12:33 - 2000-08-30 21:00 - 00080412 _____ () C:\WINXP\grep.exe
2014-04-01 12:33 - 2000-08-30 21:00 - 00068096 _____ () C:\WINXP\zip.exe
2014-04-01 12:32 - 2014-04-01 12:32 - 00000058 _____ () C:\Documents and Settings\Administrator\Desktop\mb1.txt
2014-04-01 12:29 - 2014-04-01 12:30 - 05192353 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
2014-03-28 21:19 - 2014-03-28 21:19 - 00021526 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt
2014-03-28 21:19 - 2014-03-28 21:18 - 00010815 _____ () C:\Documents and Settings\Administrator\Desktop\dds.txt
2014-03-28 21:17 - 2014-04-05 14:39 - 00000234 _____ () C:\WINXP\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-28 21:17 - 2014-04-01 12:26 - 00000228 _____ () C:\WINXP\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-28 19:49 - 2014-03-28 19:49 - 00014666 _____ () C:\Documents and Settings\Administrator\Desktop\mbam1.xml
2014-03-28 19:49 - 2014-03-28 19:49 - 00004969 _____ () C:\Documents and Settings\Administrator\Desktop\mbam1.txt
2014-03-28 18:58 - 2014-04-05 13:59 - 00107224 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 18:58 - 2014-04-05 13:57 - 00052312 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\mbamchameleon.sys
2014-03-28 18:58 - 2014-03-28 18:58 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-28 18:58 - 2014-03-28 18:58 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-03-28 18:58 - 2014-03-28 18:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-03-28 18:58 - 2014-03-28 18:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-28 18:58 - 2014-03-05 09:26 - 00023256 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\mbam.sys
2014-03-28 16:31 - 2014-03-28 16:31 - 00011467 _____ () C:\WINXP\KB2934207.log
2014-03-28 16:31 - 2014-03-28 16:31 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2934207$
2014-03-28 16:27 - 2014-03-28 16:31 - 00000000 ____D () C:\WINXP\system32\MRT
2014-03-28 16:10 - 2014-02-25 22:59 - 00013312 ____N (Microsoft Corporation) C:\WINXP\system32\xp_eos.exe
2014-03-28 16:10 - 2014-02-25 22:59 - 00013312 ____C (Microsoft Corporation) C:\WINXP\system32\dllcache\xp_eos.exe
2014-03-12 03:04 - 2014-03-12 03:04 - 00019695 _____ () C:\WINXP\KB2925418-IE8.log
2014-03-12 03:03 - 2014-03-12 03:03 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2929961$
2014-03-12 03:02 - 2014-03-12 03:02 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2930275$
2014-03-11 22:49 - 2014-03-12 03:03 - 00024160 _____ () C:\WINXP\KB2929961.log
2014-03-11 22:48 - 2014-03-12 03:02 - 00025476 _____ () C:\WINXP\KB2930275.log
 
==================== One Month Modified Files and Folders =======
 
2014-04-05 16:31 - 2014-04-04 22:55 - 00032339 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-04-05 16:30 - 2014-04-05 16:28 - 00000573 _____ () C:\Documents and Settings\Administrator\Desktop\eset2.txt
2014-04-05 16:05 - 2012-04-08 13:25 - 00000826 _____ () C:\WINXP\Tasks\Adobe Flash Player Updater.job
2014-04-05 15:37 - 2014-04-05 15:37 - 00000220 _____ () C:\Documents and Settings\Administrator\Desktop\eset1.txt
2014-04-05 15:36 - 2011-02-08 19:27 - 00001010 _____ () C:\WINXP\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1972579041-1177238915-500UA.job
2014-04-05 15:34 - 2010-10-26 19:12 - 00000900 _____ () C:\WINXP\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-05 14:49 - 2013-10-20 03:23 - 00000384 ____H () C:\WINXP\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-04-05 14:43 - 2014-04-05 14:43 - 00000000 ____D () C:\Program Files\ESET
2014-04-05 14:43 - 2014-04-05 14:42 - 02347384 _____ (ESET) C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
2014-04-05 14:40 - 2010-09-23 20:12 - 01982189 _____ () C:\WINXP\WindowsUpdate.log
2014-04-05 14:39 - 2014-03-28 21:17 - 00000234 _____ () C:\WINXP\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-05 14:39 - 2010-10-26 19:12 - 00000896 _____ () C:\WINXP\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-05 14:39 - 2010-09-23 20:18 - 00000006 ____H () C:\WINXP\Tasks\SA.DAT
2014-04-05 14:39 - 2010-09-23 17:04 - 00000159 _____ () C:\WINXP\wiadebug.log
2014-04-05 14:39 - 2010-09-23 17:04 - 00000048 _____ () C:\WINXP\wiaservc.log
2014-04-05 14:39 - 2008-04-14 09:00 - 00002206 _____ () C:\WINXP\system32\wpa.dbl
2014-04-05 14:38 - 2014-04-05 14:32 - 00000000 ____D () C:\AdwCleaner
2014-04-05 14:38 - 2010-09-23 20:18 - 00032528 _____ () C:\WINXP\SchedLgU.Txt
2014-04-05 14:38 - 2010-09-23 20:18 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-04-05 14:31 - 2014-04-05 14:31 - 01426178 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
2014-04-05 14:28 - 2014-04-05 14:28 - 00003080 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt
2014-04-05 14:23 - 2010-09-25 13:44 - 00131072 _____ () C:\WINXP\system32\config\OAlerts.evt
2014-04-05 14:21 - 2014-04-05 14:21 - 00000000 ____D () C:\WINXP\ERUNT
2014-04-05 14:21 - 2010-09-23 16:55 - 00000000 ____D () C:\WINXP
2014-04-05 14:20 - 2014-04-05 13:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-04-05 13:59 - 2014-03-28 18:58 - 00107224 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\MBAMSwissArmy.sys
2014-04-05 13:58 - 2014-04-05 13:58 - 01038974 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\JRT.exe
2014-04-05 13:57 - 2014-04-05 13:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\mbar
2014-04-05 13:57 - 2014-03-28 18:58 - 00052312 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\mbamchameleon.sys
2014-04-05 13:56 - 2014-04-05 13:56 - 00001050 _____ () C:\JavaRa.log
2014-04-05 13:56 - 2014-04-05 13:56 - 00001050 _____ () C:\Documents and Settings\Administrator\Desktop\JavaRa.log
2014-04-05 13:55 - 2014-04-05 13:55 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\RemoveJava
2014-04-05 13:53 - 2014-04-05 13:51 - 12589848 _____ (Malwarebytes Corp.) C:\Documents and Settings\Administrator\Desktop\mbar-1.07.0.1009.exe
2014-04-05 13:52 - 2010-09-23 21:38 - 00000000 ____D () C:\WINXP\system32\appmgmt
2014-04-05 13:51 - 2014-04-05 13:51 - 00165483 _____ () C:\Documents and Settings\Administrator\Desktop\JavaRa-1.16-28-5-13.zip
2014-04-05 12:36 - 2011-02-08 19:27 - 00000958 _____ () C:\WINXP\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1972579041-1177238915-500Core.job
2014-04-05 11:53 - 2011-10-20 15:44 - 01091612 _____ () C:\WINXP\KB2481109.log
2014-04-04 22:58 - 2014-04-04 22:57 - 00033110 _____ () C:\Documents and Settings\Administrator\Desktop\Addition.txt
2014-04-04 22:57 - 2014-04-04 22:54 - 00000000 ____D () C:\FRST
2014-04-04 22:50 - 2014-04-04 22:49 - 01145856 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-04-04 22:49 - 2014-04-04 22:49 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\TFC.exe
2014-04-02 23:50 - 2012-05-05 03:01 - 00001694 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-02 23:50 - 2011-02-06 16:42 - 00001945 _____ () C:\WINXP\epplauncher.mif
2014-04-02 23:50 - 2011-02-06 16:39 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-01 12:53 - 2014-04-01 12:53 - 00012953 _____ () C:\ComboFix.txt
2014-04-01 12:53 - 2014-04-01 12:33 - 00000000 ____D () C:\Qoobox
2014-04-01 12:52 - 2014-04-01 12:33 - 00000000 ____D () C:\WINXP\erdnt
2014-04-01 12:51 - 2008-04-14 09:00 - 00000227 _____ () C:\WINXP\system.ini
2014-04-01 12:37 - 2014-04-01 12:37 - 00000000 _RSHD () C:\cmdcons
2014-04-01 12:37 - 2010-09-23 16:58 - 00000323 __RSH () C:\boot.ini
2014-04-01 12:32 - 2014-04-01 12:32 - 00000058 _____ () C:\Documents and Settings\Administrator\Desktop\mb1.txt
2014-04-01 12:30 - 2014-04-01 12:29 - 05192353 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
2014-04-01 12:26 - 2014-03-28 21:17 - 00000228 _____ () C:\WINXP\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-28 21:19 - 2014-03-28 21:19 - 00021526 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt
2014-03-28 21:18 - 2014-03-28 21:19 - 00010815 _____ () C:\Documents and Settings\Administrator\Desktop\dds.txt
2014-03-28 21:16 - 2004-11-08 04:01 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2646524$
2014-03-28 19:52 - 2014-03-01 22:18 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-28 19:49 - 2014-03-28 19:49 - 00014666 _____ () C:\Documents and Settings\Administrator\Desktop\mbam1.xml
2014-03-28 19:49 - 2014-03-28 19:49 - 00004969 _____ () C:\Documents and Settings\Administrator\Desktop\mbam1.txt
2014-03-28 18:58 - 2014-03-28 18:58 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-28 18:58 - 2014-03-28 18:58 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-03-28 18:58 - 2014-03-28 18:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-03-28 18:58 - 2014-03-28 18:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-28 16:31 - 2014-03-28 16:31 - 00011467 _____ () C:\WINXP\KB2934207.log
2014-03-28 16:31 - 2014-03-28 16:31 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2934207$
2014-03-28 16:31 - 2014-03-28 16:27 - 00000000 ____D () C:\WINXP\system32\MRT
2014-03-28 16:31 - 2011-11-10 04:06 - 00338520 _____ () C:\WINXP\tsoc.log
2014-03-28 16:31 - 2011-11-10 04:06 - 00244674 _____ () C:\WINXP\comsetup.log
2014-03-28 16:31 - 2011-11-10 04:06 - 00223284 _____ () C:\WINXP\msmqinst.log
2014-03-28 16:31 - 2011-11-10 04:06 - 00148977 _____ () C:\WINXP\ntdtcsetup.log
2014-03-28 16:31 - 2011-11-10 04:06 - 00129960 _____ () C:\WINXP\netfxocm.log
2014-03-28 16:31 - 2011-11-10 04:06 - 00051000 _____ () C:\WINXP\MedCtrOC.log
2014-03-28 16:31 - 2011-11-10 04:06 - 00041040 _____ () C:\WINXP\ocmsn.log
2014-03-28 16:31 - 2011-11-10 04:06 - 00037320 _____ () C:\WINXP\tabletoc.log
2014-03-28 16:31 - 2011-11-10 04:06 - 00037080 _____ () C:\WINXP\msgsocm.log
2014-03-28 16:31 - 2011-11-10 04:06 - 00001374 _____ () C:\WINXP\imsins.log
2014-03-28 16:31 - 2011-11-10 04:05 - 00793000 _____ () C:\WINXP\iis6.log
2014-03-28 16:31 - 2011-11-10 04:05 - 00741443 _____ () C:\WINXP\FaxSetup.log
2014-03-28 16:31 - 2011-11-10 04:05 - 00423600 _____ () C:\WINXP\ocgen.log
2014-03-28 16:24 - 2011-02-08 19:32 - 00002344 _____ () C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
2014-03-14 08:29 - 2014-02-28 15:40 - 01871609 _____ () C:\Documents and Settings\Administrator\Desktop\MultiGenre Slideshow.pptx
2014-03-13 10:01 - 2011-11-01 20:02 - 00152468 _____ () C:\WINXP\setupapi.log
2014-03-13 09:53 - 2010-09-23 17:00 - 00593560 _____ () C:\WINXP\system32\PerfStringBackup.INI
2014-03-12 03:20 - 2010-09-23 16:58 - 00267800 _____ () C:\WINXP\system32\FNTCACHE.DAT
2014-03-12 03:04 - 2014-03-12 03:04 - 00019695 _____ () C:\WINXP\KB2925418-IE8.log
2014-03-12 03:04 - 2011-11-11 04:00 - 00061679 _____ () C:\WINXP\updspapi.log
2014-03-12 03:04 - 2011-11-10 04:06 - 00001374 _____ () C:\WINXP\imsins.BAK
2014-03-12 03:04 - 2010-09-25 13:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-03-12 03:03 - 2014-03-12 03:03 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2929961$
2014-03-12 03:03 - 2014-03-11 22:49 - 00024160 _____ () C:\WINXP\KB2929961.log
2014-03-12 03:02 - 2014-03-12 03:02 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2930275$
2014-03-12 03:02 - 2014-03-11 22:48 - 00025476 _____ () C:\WINXP\KB2930275.log
2014-03-11 23:05 - 2014-02-07 08:06 - 05128584 _____ (Adobe Systems Incorporated) C:\WINXP\system32\FlashPlayerInstaller.exe
2014-03-11 23:05 - 2012-04-08 13:25 - 00692616 _____ (Adobe Systems Incorporated) C:\WINXP\system32\FlashPlayerApp.exe
2014-03-11 23:05 - 2011-07-18 19:20 - 00071048 _____ (Adobe Systems Incorporated) C:\WINXP\system32\FlashPlayerCPLApp.cpl
2014-03-07 12:51 - 2014-02-11 18:35 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\ENGLISH 621
 
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINXP\explorer.exe
[2008-04-14 09:00] - [2008-04-14 09:00] - 1033728 ____A (Microsoft Corporation) 
 
C:\WINXP\system32\winlogon.exe
[2008-04-14 09:00] - [2008-04-14 09:00] - 0507904 ____A (Microsoft Corporation) 
 
C:\WINXP\system32\svchost.exe
[2008-04-14 09:00] - [2008-04-14 09:00] - 0014336 ____A (Microsoft Corporation) 
 
C:\WINXP\system32\services.exe
[2010-09-16 13:11] - [2010-09-16 13:11] - 0110592 ____A (Microsoft Corporation) 
 
C:\WINXP\system32\User32.dll
[2008-04-14 09:00] - [2008-04-14 09:00] - 0578560 ____A (Microsoft Corporation) 
 
C:\WINXP\system32\userinit.exe
[2008-04-14 09:00] - [2008-04-14 09:00] - 0026112 ____A (Microsoft Corporation) 
 
C:\WINXP\system32\rpcss.dll
[2010-09-16 13:11] - [2010-09-16 13:11] - 0401408 ____A (Microsoft Corporation) 
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINXP\system32\Drivers\volsnap.sys
[2008-04-14 09:00] - [2008-04-14 09:00] - 0052352 ____A (Microsoft Corporation) 
 
 
==================== End Of Log ============================
Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.