WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Vista Home Basic is running slow [Solved]

Started by kevin106 , Oct 20 2013 06:20 PM

This topic is locked

16 replies to this topic

#1 kevin106

Authentic Member

Authentic Member
35 posts

Posted 20 October 2013 - 06:20 PM

I suspect the machine has been infected. Scanning with DDS was done.

DDS.txt

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Kevin at 17:15:54.86 on Sun 10/20/2013
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.45.2
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1790.701 [GMT -7:00]
.
AV: Sophos Anti-Virus *Enabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sophos Anti-Virus *Enabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\vVX1000.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Windows\system32\msiexec.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kevin\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=1211&m=el1300g
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=1211&m=el1300g
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=1211&m=el1300g
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Google Update] "c:\users\kevin\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [eRecoveryService]
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe
StartupFolder: c:\users\kevin\appdata\roaming\micros~1\windows\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2013-10-19 132424]
R1 SKMScan;SKMScan;c:\windows\system32\drivers\skmscan.sys [2013-10-19 33096]
S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [2013-10-19 33696]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2013-10-19 22536]
.
=============== Created Last 30 ================
.
2013-10-20 23:34:48 50053120 ----a-w- c:\program files\GUTDF6.tmp
2013-10-20 23:34:48 -------- d-----w- c:\program files\GUMDE5.tmp
2013-10-19 21:06:05 -------- d-----w- c:\windows\system32\MRT
2013-10-19 20:54:50 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-10-19 20:54:50 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-10-19 20:52:31 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-10-19 20:52:30 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-10-19 20:52:30 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-10-19 20:52:30 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-10-19 20:52:30 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-10-19 20:52:30 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-10-19 20:52:29 798208 ----a-w- c:\windows\system32\FntCache.dll
2013-10-19 20:52:29 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-10-19 20:52:29 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-10-19 20:52:12 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-19 20:52:12 37376 ----a-w- c:\windows\system32\cdd.dll
2013-10-19 20:50:13 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-19 20:50:09 2050048 ----a-w- c:\windows\system32\win32k.sys
2013-10-19 20:50:01 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-10-19 20:48:13 2048 ----a-w- c:\windows\system32\tzres.dll
2013-10-19 20:47:21 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-10-19 20:47:06 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-19 20:47:06 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-19 20:47:05 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-19 20:47:05 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-19 20:47:05 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-19 20:47:04 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-19 20:46:58 73344 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2013-10-19 20:46:50 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-10-19 20:46:49 37376 ----a-w- c:\windows\system32\printcom.dll
2013-10-19 20:46:42 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-10-19 20:46:27 812544 ----a-w- c:\windows\system32\certutil.exe
2013-10-19 20:46:26 41984 ----a-w- c:\windows\system32\certenc.dll
2013-10-19 20:45:24 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-19 20:45:20 615936 ----a-w- c:\windows\system32\themeui.dll
2013-10-19 20:45:17 293376 ----a-w- c:\windows\system32\atmfd.dll
2013-10-19 20:45:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-10-19 20:44:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-10-19 20:44:54 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-10-19 20:44:53 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-10-19 20:44:45 505344 ----a-w- c:\windows\system32\qedit.dll
2013-10-19 20:44:41 532480 ----a-w- c:\windows\system32\comctl32.dll
2013-10-19 20:44:25 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-10-19 20:43:21 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-19 20:22:16 62576 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{4b59a7a3-d6e5-4f8e-8fc8-65e929c2abbd}\offreg.dll
2013-10-19 20:02:36 -------- d-----w- c:\program files\common files\Sophos
2013-10-19 19:42:27 132424 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2013-10-19 19:42:10 33096 ----a-w- c:\windows\system32\drivers\skmscan.sys
2013-10-19 19:41:14 7796464 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{4b59a7a3-d6e5-4f8e-8fc8-65e929c2abbd}\mpengine.dll
2013-10-19 19:35:38 -------- d-----w- c:\program files\common files\Cisco Systems
2013-10-19 19:35:35 30784 ----a-w- c:\windows\system32\SophosBootTasks.exe
2013-10-19 19:34:13 33696 ----a-w- c:\windows\system32\drivers\sdcfilter.sys
2013-10-19 19:33:48 131824 ----a-w- c:\windows\system32\sdccoinstaller.dll
2013-10-19 19:33:37 22536 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2013-10-19 19:32:55 -------- d-----w- c:\program files\Sophos
2013-10-19 19:32:55 -------- d-----w- c:\progra~2\Sophos
2013-10-19 19:22:58 -------- d-----w- c:\progra~2\Oracle
2013-10-19 19:21:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-19 19:14:26 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2013-10-19 19:14:18 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-10-19 19:14:18 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-10-19 19:14:18 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-10-19 19:14:18 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-10-19 18:59:47 50053120 ----a-w- c:\program files\GUT453A.tmp
2013-10-19 18:59:47 -------- d-----w- c:\program files\GUM4539.tmp
.
==================== Find3M ====================
.
2013-10-19 19:02:11 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-19 19:02:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-22 10:22:59 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 10:14:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-22 10:13:22 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 10:08:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-09-22 10:06:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-09-22 10:03:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-03 21:35:12 238872 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 17:17:30.44 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 12/11/2011 3:06:15 PM
System Uptime: 10/20/2013 4:38:09 PM (1 hours ago)
.
Motherboard: eMachines | | WMCP61M
Processor: AMD Athlon™ Processor 2650e | Socket AM2 | 1600/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 136 GiB total, 87.855 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&315534DA&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&315534DA&0
Service: i8042prt
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP328: 10/19/2013 12:39:47 PM - Windows Update
RP329: 10/19/2013 1:42:55 PM - Windows Update
RP330: 10/20/2013 4:03:47 PM - Windows Update
.
==== Installed Programs ======================
.
??????? 2.7
AC3Filter (remove only)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.8)
Agere Systems PCI-SV92EX Soft Modem
Cisco Systems VPN Client 5.0.07.0290
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerDVD
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DING!
DivX Setup
eMachines Games
eMachines Recovery Management
Google Chrome
Google Drive
Google Talk Plugin
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Java 7 Update 45
Java Auto Updater
Java™ 6 Update 37
Java™ 6 Update 5
Junk Mail filter update
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
MSVCRT
NVIDIA Control Panel 307.83
NVIDIA Drivers
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
NVIDIA Update 1.10.8
NVIDIA Update Components
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Secure Download Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Segoe UI
Sophos Anti-Virus
Sophos AutoUpdate
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
10/20/2013 4:41:17 PM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
10/20/2013 4:34:56 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
10/19/2013 2:28:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
10/19/2013 2:28:19 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/19/2013 2:20:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/19/2013 12:59:06 PM, Error: PlugPlayManager [11] - The device Root\LEGACY_SKMSCAN\0000 disappeared from the system without first being prepared for removal.
10/19/2013 12:00:36 PM, Error: PlugPlayManager [11] - The device Root\LEGACY_SYMEVENT\0000 disappeared from the system without first being prepared for removal.
10/19/2013 11:48:23 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.4 for the Network Card with network address 001F16F02C66 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

Edited by kevin106, 20 October 2013 - 06:21 PM.

Advertisements

Register to Remove

#2 OCD

SuperHelper

Malware Team
5,574 posts

Posted 24 October 2013 - 04:51 PM

Hi kevin106,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

Security Check

Download Security Check by screen317 from here or here.

Save it to your Desktop.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

aswMBR

Download aswMBR.exe and save it to your desktop.

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================

OTL

Download OTL to your desktop.

Make sure all other windows are closed and to let it run uninterrupted.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in

%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
services.*
/md5stop
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
BASESERVICES
DRIVES
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
- You may need two posts to fit them both in.

=========================

In your next post please provide the following:
checkup.txt
aswMBR.txt
attach MBR.zip
OTL.txt
Extras.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#3 kevin106

Authentic Member

Authentic Member
35 posts

Posted 26 October 2013 - 02:01 AM

checkup.txt

Results of screen317's Security Check version 0.99.74
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Sophos Anti-Virus
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 37
Java 7 Update 45
Java™ 6 Update 5
Java version out of Date!
Adobe Reader 10.1.8 Adobe Reader out of Date!
Google Chrome 25.0.1364.172
Google Chrome 30.0.1599.101
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCui.exe
Sophos Sophos Anti-Virus SavService.exe
Sophos Sophos Anti-Virus SAVAdminService.exe
Sophos Sophos Anti-Virus Web Control swc_service.exe
Sophos Sophos Anti-Virus Web Intelligence swi_service.exe
Windows Defender MSASCui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

aswMBR.txt

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-25 23:34:34
-----------------------------
23:34:34.237 OS Version: Windows 6.0.6002 Service Pack 2
23:34:34.238 Number of processors: 1 586 0x7F02
23:34:34.239 ComputerName: KEVIN-PC UserName: Kevin
23:34:37.036 Initialize success
23:39:41.187 AVAST engine defs: 13102501
23:43:23.449 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000054
23:43:23.464 Disk 0 Vendor: WDC_WD16 01.0 Size: 152627MB BusType: 3
23:43:23.578 Disk 0 MBR read successfully
23:43:23.586 Disk 0 MBR scan
23:43:23.619 Disk 0 unknown MBR code
23:43:23.645 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
23:43:23.689 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 139313 MB offset 27265024
23:43:23.713 Disk 0 scanning sectors +312579760
23:43:23.805 Disk 0 scanning C:\Windows\system32\drivers
23:43:57.479 Service scanning
23:45:17.404 Modules scanning
23:45:28.781 Disk 0 trace - called modules:
23:45:28.812 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
23:45:29.174 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853a82f8]
23:45:29.190 3 CLASSPNP.SYS[8779d8b3] -> nt!IofCallDriver -> [0x84e31a60]
23:45:29.207 5 acpi.sys[8060f6bc] -> nt!IofCallDriver -> \Device\00000054[0x84e31c90]
23:45:30.619 AVAST engine scan C:\Windows
23:45:38.402 AVAST engine scan C:\Windows\system32
00:00:09.167 AVAST engine scan C:\Windows\system32\drivers
00:00:40.822 AVAST engine scan C:\Users\Kevin
00:13:14.457 AVAST engine scan C:\ProgramData
00:19:26.052 Scan finished successfully
00:21:24.667 Disk 0 MBR has been saved successfully to "C:\Users\Kevin\Desktop\MBR.dat"
00:21:24.786 The log file has been saved successfully to "C:\Users\Kevin\Desktop\aswMBR.txt"

OTL.txt

OTL logfile created on: 10/26/2013 12:24:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kevin\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.54 Gb Available Physical Memory | 30.80% Memory free
3.74 Gb Paging File | 1.81 Gb Available in Paging File | 48.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.05 Gb Total Space | 78.05 Gb Free Space | 57.37% Space Free | Partition Type: NTFS

Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kevin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
PRC - C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe (RealNetworks, Inc.)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe ()
PRC - C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe (Google Inc.)
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)

========== Modules (No Company Name) ==========

MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\wx._gdi_.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\win32com.shell.shell.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\_elementtree.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\win32api.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\wx._html2.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\_socket.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\_multiprocessing.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\win32ts.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\win32crypt.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\wx._misc_.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\windows._cacheinvalidation.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\pythoncom27.dll ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\_ctypes.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\win32profile.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\wx._core_.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\PyWinTypes27.dll ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\win32security.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\_ssl.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\wx._windows_.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\_hashlib.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\wx._wizard.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\win32file.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\win32process.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\win32pdh.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\win32inet.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\wx._controls_.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\pyexpat.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\win32event.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\unicodedata.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Temp\_MEI45682\select.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\30.0.1599.101\libglesv2.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\30.0.1599.101\libegl.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll ()
MOD - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Hook\rndlpepperbrowserrecordhelper.dll ()
MOD - C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()

========== Services (SafeList) ==========

SRV - (Norton Internet Security) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 File not found
SRV - (SAVAdminService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
SRV - (swi_service) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
SRV - (SAVService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SRV - (swi_update) -- C:\ProgramData\Sophos\Web Intelligence\swi_update.exe (Sophos Limited)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
SRV - (Sophos Web Control Service) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (ETService) -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)

========== Driver Services (SafeList) ==========

DRV - (RTL8187) -- system32\DRIVERS\wg111v2.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (aswMBR) -- C:\Users\Kevin\AppData\Local\Temp\aswMBR.sys File not found
DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Limited)
DRV - (SKMScan) -- C:\Windows\System32\drivers\skmscan.sys (Sophos Limited)
DRV - (sdcfilter) -- C:\Windows\System32\drivers\sdcfilter.sys (Sophos Limited)
DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...A...1&m=el1300g
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...A...1&m=el1300g
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...amp;rlz=1I7ACEW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...A...1&m=el1300g
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {B7A1E16B-130D-4471-8448-9D05461C946C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...p...eo=US&ver=5
IE - HKCU\..\SearchScopes\{B7A1E16B-130D-4471-8448-9D05461C946C}: "URL" = http://www.google.co...1I7ACEW_enUS461
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/10/22 20:46:42 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{g
oogle:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:ins
tantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncodin
g}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugk
ey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U15 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Google Drive = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: WOT = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.1.1_0\
CHR - Extension: WOT = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.2.0_0\
CHR - Extension: YouTube = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealDownloader = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Unblock Youku = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.6.9.1_0\
CHR - Extension: Unblock Youku = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.6.9.2_0\
CHR - Extension: Gmail = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe File not found
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1A86727-33BF-44FA-8120-60EEE205B08E}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\eM1_Wide.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\eM1_Wide.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/25 23:44:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2013/10/25 23:33:35 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Kevin\Desktop\aswMBR.exe
[2013/10/25 22:55:07 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Mozilla
[2013/10/25 22:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2013/10/25 22:23:36 | 000,031,224 | ---- | C] (Sophos Limited) -- C:\Windows\System32\SophosBootTasks.exe
[2013/10/25 22:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2013/10/25 22:21:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/10/22 20:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/10/22 20:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/10/22 20:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/10/22 20:45:51 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013/10/22 20:45:28 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013/10/22 20:45:28 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013/10/22 20:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/10/22 20:45:26 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/10/19 14:06:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/10/19 14:00:45 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/10/19 14:00:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/10/19 14:00:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/10/19 14:00:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/10/19 14:00:41 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/10/19 14:00:39 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/10/19 14:00:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/10/19 14:00:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/10/19 13:52:31 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/10/19 13:52:30 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/10/19 13:52:30 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/10/19 13:52:30 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/10/19 13:52:30 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/10/19 13:52:30 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/10/19 13:52:29 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/10/19 13:52:29 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/10/19 13:52:12 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/10/19 13:50:13 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/19 13:50:09 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/10/19 13:48:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/10/19 13:47:05 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/10/19 13:47:05 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/10/19 13:46:49 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2013/10/19 13:46:42 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/10/19 13:46:27 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013/10/19 13:46:26 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013/10/19 13:45:17 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/10/19 13:45:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/10/19 13:44:55 | 003,603,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/10/19 13:44:54 | 003,551,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/10/19 13:44:45 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/10/19 13:44:25 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013/10/19 13:43:21 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013/10/19 13:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sophos
[2013/10/19 12:42:27 | 000,132,424 | ---- | C] (Sophos Limited) -- C:\Windows\System32\drivers\savonaccess.sys
[2013/10/19 12:42:10 | 000,033,096 | ---- | C] (Sophos Limited) -- C:\Windows\System32\drivers\skmscan.sys
[2013/10/19 12:40:09 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\TFC.exe
[2013/10/19 12:34:13 | 000,033,696 | ---- | C] (Sophos Limited) -- C:\Windows\System32\drivers\sdcfilter.sys
[2013/10/19 12:33:48 | 000,131,824 | ---- | C] (Sophos Plc) -- C:\Windows\System32\sdccoinstaller.dll
[2013/10/19 12:33:37 | 000,022,536 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\SophosBootDriver.sys
[2013/10/19 12:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013/10/19 12:32:55 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2013/10/19 12:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/19 12:22:19 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/10/19 12:22:10 | 099,652,463 | ---- | C] (Igor Pavlov) -- C:\Users\Kevin\Desktop\sophos_preconfig.exe
[2013/10/19 12:21:50 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/10/19 12:21:50 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/10/19 12:21:50 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/10/19 12:15:02 | 000,915,368 | ---- | C] (Oracle Corporation) -- C:\Users\Kevin\Desktop\chromeinstall-7u45.exe
[2013/10/19 12:01:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/26 00:21:54 | 000,000,461 | ---- | M] () -- C:\Users\Kevin\Desktop\MBR.zip
[2013/10/26 00:21:24 | 000,000,512 | ---- | M] () -- C:\Users\Kevin\Desktop\MBR.dat
[2013/10/26 00:11:29 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/26 00:11:29 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/25 23:58:29 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/25 23:54:10 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3388105646-1375458503-231880925-1000UA.job
[2013/10/25 23:45:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2013/10/25 23:39:23 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/25 23:34:12 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Kevin\Desktop\aswMBR.exe
[2013/10/25 22:16:28 | 000,031,224 | ---- | M] (Sophos Limited) -- C:\Windows\System32\SophosBootTasks.exe
[2013/10/25 22:16:16 | 000,891,167 | ---- | M] () -- C:\Users\Kevin\Desktop\SecurityCheck.exe
[2013/10/25 22:12:07 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013/10/25 22:11:53 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/25 22:11:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/22 20:46:59 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/10/22 20:45:51 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013/10/22 20:45:28 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013/10/22 20:45:28 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013/10/22 20:45:27 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/10/22 19:25:08 | 000,392,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/22 19:07:11 | 000,000,000 | ---- | M] () -- C:\END
[2013/10/22 16:54:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3388105646-1375458503-231880925-1000Core.job
[2013/10/20 17:15:22 | 000,625,664 | ---- | M] () -- C:\Users\Kevin\Desktop\dds.scr
[2013/10/20 17:11:04 | 000,002,044 | ---- | M] () -- C:\Users\Kevin\Desktop\Google Chrome.lnk
[2013/10/20 16:48:20 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/20 16:48:19 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/19 12:42:27 | 000,132,424 | ---- | M] (Sophos Limited) -- C:\Windows\System32\drivers\savonaccess.sys
[2013/10/19 12:42:10 | 000,033,096 | ---- | M] (Sophos Limited) -- C:\Windows\System32\drivers\skmscan.sys
[2013/10/19 12:40:15 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\TFC.exe
[2013/10/19 12:34:13 | 000,033,696 | ---- | M] (Sophos Limited) -- C:\Windows\System32\drivers\sdcfilter.sys
[2013/10/19 12:33:48 | 000,131,824 | ---- | M] (Sophos Plc) -- C:\Windows\System32\sdccoinstaller.dll
[2013/10/19 12:33:37 | 000,022,536 | ---- | M] (Sophos Plc) -- C:\Windows\System32\drivers\SophosBootDriver.sys
[2013/10/19 12:29:44 | 099,652,463 | ---- | M] (Igor Pavlov) -- C:\Users\Kevin\Desktop\sophos_preconfig.exe
[2013/10/19 12:21:29 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/10/19 12:21:23 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/10/19 12:21:23 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/10/19 12:21:23 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/10/19 12:15:03 | 000,915,368 | ---- | M] (Oracle Corporation) -- C:\Users\Kevin\Desktop\chromeinstall-7u45.exe
[2013/10/19 12:02:11 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/10/19 12:02:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/26 00:21:53 | 000,000,461 | ---- | C] () -- C:\Users\Kevin\Desktop\MBR.zip
[2013/10/26 00:21:24 | 000,000,512 | ---- | C] () -- C:\Users\Kevin\Desktop\MBR.dat
[2013/10/25 22:15:48 | 000,891,167 | ---- | C] () -- C:\Users\Kevin\Desktop\SecurityCheck.exe
[2013/10/22 20:46:59 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/10/22 19:07:11 | 000,000,000 | ---- | C] () -- C:\END
[2013/10/20 17:15:12 | 000,625,664 | ---- | C] () -- C:\Users\Kevin\Desktop\dds.scr
[2013/02/16 22:25:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2013/02/16 22:25:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/12/12 05:04:52 | 000,000,680 | ---- | C] () -- C:\Users\Kevin\AppData\Local\d3d9caps.dat
[2011/12/11 22:08:21 | 000,016,896 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/11 18:12:18 | 000,017,408 | ---- | C] () -- C:\Users\Kevin\AppData\Local\WebpageIcons.db
[2011/12/11 17:31:35 | 000,000,108 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/11 15:22:04 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2011/12/11 15:04:35 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin

========== ZeroAccess Check ==========

[2006/11/02 05:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/07/03 22:39:05 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\e-academy Inc
[2013/01/16 07:45:32 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\GetRightToGo
[2011/12/11 17:00:38 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\ID Vault
[2013/01/15 22:35:54 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\ImgBurn
[2012/01/28 20:57:52 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Southwest Airlines
[2012/09/02 17:49:08 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Thinstall

========== Purity Check ==========

========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.EXE >
[2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 20:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 19:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 19:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2006/11/02 05:38:53 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\en-US\explorer.exe.mui
[2006/11/02 05:38:53 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_03bbc52176b6ba20\explorer.exe.mui

< MD5 for: EXPLORER.EXE-A80E4F97.PF >
[2013/10/22 20:39:54 | 000,024,562 | ---- | M] () MD5=CCBA02E9D1ADF6C9AA23B9CD65619B50 -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf

< MD5 for: EXPLORER.ZIP >
[2009/06/03 21:15:06 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip

< MD5 for: IEXPLORE.EXE >
[2008/04/24 21:22:36 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=07ED775D6DB4BFA96D7CFB09EB228418 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\iexplore.exe
[2008/06/26 20:54:09 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=157F8DE991396C536820D7FA5C8DCF7D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\iexplore.exe
[2008/02/21 19:44:11 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=182CAF7403705ACCB51211A761080B8F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe
[2008/10/01 20:50:01 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=19403B64906C9EAC627E3C10847B0FDA -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15\iexplore.exe
[2009/04/10 23:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) MD5=2C5168C856455CC43C4B4E1CC1920001 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[2013/02/21 21:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16476_none_5878891febce184e\iexplore.exe
[2013/04/04 15:47:49 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=3F00BE80B9CEA20B7FE7363D15EDDB94 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16483_none_586ab855ebd8e83a\iexplore.exe
[2013/02/21 21:10:31 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=4145E2B5663F6FACC08EFDB17B658BB2 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20586_none_58f755ff04f3d409\iexplore.exe
[2013/09/22 03:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=45BDA923BE52906D1460BCB13AC2AB7A -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/09/22 03:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=45BDA923BE52906D1460BCB13AC2AB7A -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16514_none_58b769f9eb9f3b21\iexplore.exe
[2008/06/26 18:41:30 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=4DBD95312B1C96C5285D38F1D748CD4D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27\iexplore.exe
[2008/01/20 19:33:22 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=5B92133D3E7FB2644677686305E29E81 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
[2008/10/01 20:32:01 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=6655B851D9EEF7C83395EE52D551B448 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333\iexplore.exe
[2013/02/27 21:45:13 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16464_none_58815877ebc7c9af\iexplore.exe
[2011/04/21 07:34:57 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=6C93AC7C0A8718E2A1543DB1B1B3B19F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22905_none_2ff0ad763317887e\iexplore.exe
[2011/04/21 08:02:30 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=77B9A891222FB46B13E414B99E1AF842 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18639_none_2f4a9e431a0ea795\iexplore.exe
[2008/02/20 21:43:03 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=9437CA21CD48C9B6BFD6F5AC0143D251 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe
[2008/04/24 19:04:08 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=9F1427F203CA078005C9943800929640 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\iexplore.exe
[2013/02/01 21:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20580_none_58f1544304f93bff\iexplore.exe
[2013/04/04 14:55:02 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=C036AB1ED8BAC04FE4A349BA263077BB -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20593_none_58e9853504fea3f5\iexplore.exe
[2013/02/01 21:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16470_none_58728763ebd38044\iexplore.exe
[2013/09/22 05:14:29 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=F87E95A127E83277B9AE500D7A18C998 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20625_none_5937372304c41033\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2006/11/02 05:38:50 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=3CCDDDBC49DEACA370F39A9F0E146A1B -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_3b55b11a57da5590\iexplore.exe.mui
[2013/02/27 21:45:15 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/02/27 21:45:15 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.1.8112.16421_en-us_52562cc123574ecd\iexplore.exe.mui

< MD5 for: SERVICES >
[2006/09/18 14:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 14:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.CFG >
[2013/09/03 06:53:56 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2008/01/20 19:34:36 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 05:38:29 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 05:38:29 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/01/20 19:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 19:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 19:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 19:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 19:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 19:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 19:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 19:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\ProgramData\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 19:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\ProgramData\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 19:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 19:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 19:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 19:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 19:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 19:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 19:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 19:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 19:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Users\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 19:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Users\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 19:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Users\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 19:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
File not found Unable to obtain MD5 -- C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 14:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 14:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 14:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 05:39:04 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 14:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 05:39:04 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 14:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: WINLOGON.EXE >
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 19:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2008/01/20 19:35:28 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\System32\en-US\winlogon.exe.mui
[2008/01/20 19:35:28 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_caf8918b0416723a\winlogon.exe.mui
[2006/11/02 05:38:26 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=A1D2856F3EC3C86EBBF1442B0245A8B3 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c8c1cf8f072b6166\winlogon.exe.mui

< MD5 for: WINLOGON.MOF >
[2006/09/18 14:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\System32\wbem\winlogon.mof
[2006/09/18 14:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_7e0207d478fccc94\winlogon.mof

< %SYSTEMDRIVE%\*.* >
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/03/12 14:02:32 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/12/11 15:29:06 | 000,000,032 | ---- | M] () -- C:\cds.log
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013/10/22 19:07:11 | 000,000,000 | ---- | M] () -- C:\END
[2009/03/12 14:42:32 | 000,000,165 | ---- | M] () -- C:\Labelprint.log
[2013/10/25 22:11:05 | 2191,269,888 | -HS- | M] () -- C:\pagefile.sys
[2009/03/12 14:32:57 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\Fonts\*.com >
[2006/11/02 05:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 05:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2013/02/27 00:24:35 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 14:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/23 00:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 19:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is E62E-8C0F
Directory of C:\
11/02/2006 05:59 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [.]
11/02/2006 05:59 AM <JUNCTION> Desktop [.]
11/02/2006 05:59 AM <JUNCTION> Documents [.]
11/02/2006 05:59 AM <JUNCTION> Favorites [.]
11/02/2006 05:59 AM <JUNCTION> Start Menu [.]
11/02/2006 05:59 AM <JUNCTION> Templates [.]
0 File(s) 0 bytes
Directory of C:\Users
11/02/2006 05:59 AM <SYMLINKD> All Users [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 05:59 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 05:59 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 05:59 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
12/11/2011 03:17 PM <JUNCTION> Application Data [.]
11/02/2006 05:59 AM <JUNCTION> Desktop [.]
11/02/2006 05:59 AM <JUNCTION> Documents [.]
11/02/2006 05:59 AM <JUNCTION> Favorites [.]
11/02/2006 05:59 AM <JUNCTION> Start Menu [.]
11/02/2006 05:59 AM <JUNCTION> Templates [.]
0 File(s) 0 bytes
Directory of C:\Users\Default
11/02/2006 05:59 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
11/02/2006 05:59 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
11/02/2006 05:59 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
11/02/2006 05:59 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
11/02/2006 05:59 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/02/2006 05:59 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/02/2006 05:59 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
11/02/2006 05:59 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
11/02/2006 05:59 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
11/02/2006 05:59 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
11/02/2006 05:59 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
11/02/2006 05:59 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
11/02/2006 05:59 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
11/02/2006 05:59 AM <JUNCTION> My Music [C:\Users\Default\Music]
11/02/2006 05:59 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
11/02/2006 05:59 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Guest
04/08/2013 07:16 PM <JUNCTION> Application Data [C:\Users\Guest\AppData\Roaming]
04/08/2013 07:16 PM <JUNCTION> Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies]
04/08/2013 07:16 PM <JUNCTION> Local Settings [C:\Users\Guest\AppData\Local]
04/08/2013 07:16 PM <JUNCTION> My Documents [C:\Users\Guest\Documents]
04/08/2013 07:16 PM <JUNCTION> NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/08/2013 07:16 PM <JUNCTION> PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/08/2013 07:16 PM <JUNCTION> Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent]
04/08/2013 07:16 PM <JUNCTION> SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo]
04/08/2013 07:16 PM <JUNCTION> Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu]
04/08/2013 07:16 PM <JUNCTION> Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Guest\AppData\Local
04/08/2013 07:16 PM <JUNCTION> Application Data [C:\Users\Guest\AppData\Local]
04/08/2013 07:16 PM <JUNCTION> History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History]
04/08/2013 07:16 PM <JUNCTION> Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Guest\Documents
04/08/2013 07:16 PM <JUNCTION> My Music [C:\Users\Guest\Music]
04/08/2013 07:16 PM <JUNCTION> My Pictures [C:\Users\Guest\Pictures]
04/08/2013 07:16 PM <JUNCTION> My Videos [C:\Users\Guest\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Kevin
12/11/2011 03:15 PM <JUNCTION> Application Data [C:\Users\Kevin\AppData\Roaming]
12/11/2011 03:15 PM <JUNCTION> Cookies [C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies]
12/11/2011 03:15 PM <JUNCTION> Local Settings [C:\Users\Kevin\AppData\Local]
12/11/2011 03:15 PM <JUNCTION> My Documents [C:\Users\Kevin\Documents]
12/11/2011 03:15 PM <JUNCTION> NetHood [C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/11/2011 03:15 PM <JUNCTION> PrintHood [C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/11/2011 03:15 PM <JUNCTION> Recent [C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Recent]
12/11/2011 03:15 PM <JUNCTION> SendTo [C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\SendTo]
12/11/2011 03:15 PM <JUNCTION> Start Menu [C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu]
12/11/2011 03:15 PM <JUNCTION> Templates [C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Kevin\AppData\Local
12/11/2011 03:15 PM <JUNCTION> Application Data [C:\Users\Kevin\AppData\Local]
12/11/2011 03:15 PM <JUNCTION> History [C:\Users\Kevin\AppData\Local\Microsoft\Windows\History]
12/11/2011 03:15 PM <JUNCTION> Temporary Internet Files [C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Kevin\Documents
12/11/2011 03:15 PM <JUNCTION> My Music [C:\Users\Kevin\Music]
12/11/2011 03:15 PM <JUNCTION> My Pictures [C:\Users\Kevin\Pictures]
12/11/2011 03:15 PM <JUNCTION> My Videos [C:\Users\Kevin\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
11/02/2006 05:59 AM <JUNCTION> My Music [C:\Users\Public\Music]
11/02/2006 05:59 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
11/02/2006 05:59 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser
01/29/2013 10:56 PM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Roaming]
01/29/2013 10:56 PM <JUNCTION> Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
01/29/2013 10:56 PM <JUNCTION> Local Settings [C:\Users\UpdatusUser\AppData\Local]
01/29/2013 10:56 PM <JUNCTION> My Documents [C:\Users\UpdatusUser\Documents]
01/29/2013 10:56 PM <JUNCTION> NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/29/2013 10:56 PM <JUNCTION> PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/29/2013 10:56 PM <JUNCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
01/29/2013 10:56 PM <JUNCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
01/29/2013 10:56 PM <JUNCTION> Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
01/29/2013 10:56 PM <JUNCTION> Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\AppData\Local
01/29/2013 10:56 PM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Local]
01/29/2013 10:56 PM <JUNCTION> History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
01/29/2013 10:56 PM <JUNCTION> Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\Documents
01/29/2013 10:56 PM <JUNCTION> My Music [C:\Users\UpdatusUser\Music]
01/29/2013 10:56 PM <JUNCTION> My Pictures [C:\Users\UpdatusUser\Pictures]
01/29/2013 10:56 PM <JUNCTION> My Videos [C:\Users\UpdatusUser\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
250 Dir(s) 83,296,829,440 bytes free

< %systemroot%\System32\config\*.sav >
[2008/01/20 20:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 20:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 20:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/03/02 10:08:28 | 000,000,286 | -HS- | M] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2013/10/25 23:34:12 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Kevin\Desktop\aswMBR.exe
[2013/10/19 12:15:03 | 000,915,368 | ---- | M] (Oracle Corporation) -- C:\Users\Kevin\Desktop\chromeinstall-7u45.exe
[2011/12/11 16:29:40 | 015,010,872 | ---- | M] (Google Inc.) -- C:\Users\Kevin\Desktop\GooglePinyinInstaller.exe
[2013/10/25 23:45:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2013/10/25 22:16:16 | 000,891,167 | ---- | M] () -- C:\Users\Kevin\Desktop\SecurityCheck.exe
[2013/10/19 12:29:44 | 099,652,463 | ---- | M] (Igor Pavlov) -- C:\Users\Kevin\Desktop\sophos_preconfig.exe
[2013/10/19 12:40:15 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2009/06/26 17:21:02 | 000,013,023 | ---- | M] () -- C:\Windows\VX1000.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-10-26 05:38:07

========== Base Services ==========
SRV - [2006/11/02 02:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/20 19:33:54 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/20 19:33:53 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/10 23:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/10 23:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 07:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/10 23:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/20 19:34:20 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/07 21:16:55 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/10 23:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/10 23:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 08:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/20 19:34:51 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/10 23:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/20 19:33:46 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/10 23:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/10 23:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/20 19:34:43 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/20 19:33:50 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/20 19:34:04 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/20 19:33:15 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/20 19:34:35 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/10 23:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 07:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 07:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/10 23:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/20 19:34:00 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/10 23:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/10 23:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/20 19:34:19 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 07:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/10 23:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 09:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 04:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/10 23:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 11:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/10 23:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 04:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/10 23:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/10 23:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/10 23:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/10 23:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/20 19:32:53 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/20 19:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/10 23:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/10 23:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/10 23:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/10 23:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/10 23:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 15:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/10 23:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 12:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 04:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD16 00AAJS-22L7A SCSI Disk Device
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic- Compact Flash USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic- SM/xD/SD/MMC/MS USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 13.00GB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 136.00GB
Starting Offset: 13959692288
Hidden sectors: 0

========== Files - Unicode (All) ==========
[2013/03/18 23:54:18 | 000,097,717 | ---- | M] ()(C:\Users\Kevin\Desktop\????.png) -- C:\Users\Kevin\Desktop\有一血泉.png
[2013/03/18 23:54:17 | 000,097,717 | ---- | C] ()(C:\Users\Kevin\Desktop\????.png) -- C:\Users\Kevin\Desktop\有一血泉.png
[2013/03/07 23:56:39 | 002,836,608 | ---- | M] ()(C:\Users\Kevin\Desktop\???.mp3) -- C:\Users\Kevin\Desktop\主的爱.mp3
[2013/03/07 23:56:31 | 002,836,608 | ---- | C] ()(C:\Users\Kevin\Desktop\???.mp3) -- C:\Users\Kevin\Desktop\主的爱.mp3
[2013/03/07 23:18:54 | 002,297,297 | ---- | M] ()(C:\Users\Kevin\Desktop\?????.jpg) -- C:\Users\Kevin\Desktop\救贖的恩典.jpg
[2013/03/07 23:18:52 | 002,297,297 | ---- | C] ()(C:\Users\Kevin\Desktop\?????.jpg) -- C:\Users\Kevin\Desktop\救贖的恩典.jpg
[2013/03/07 23:07:51 | 000,461,601 | ---- | M] ()(C:\Users\Kevin\Desktop\???.pdf) -- C:\Users\Kevin\Desktop\主的愛.pdf
[2013/03/07 23:07:49 | 000,461,601 | ---- | C] ()(C:\Users\Kevin\Desktop\???.pdf) -- C:\Users\Kevin\Desktop\主的愛.pdf
[2013/03/07 22:54:37 | 000,545,043 | ---- | M] ()(C:\Users\Kevin\Desktop\?????.pdf) -- C:\Users\Kevin\Desktop\人們需要主.pdf
[2013/03/07 22:54:34 | 000,545,043 | ---- | C] ()(C:\Users\Kevin\Desktop\?????.pdf) -- C:\Users\Kevin\Desktop\人們需要主.pdf
[2012/09/30 20:03:06 | 001,000,548 | ---- | M] ()(C:\Users\Kevin\Desktop\??????????? - ????(mitbbs.pdf) -- C:\Users\Kevin\Desktop\我也贴一点业界找工经历 - 未名空间(mitbbs.pdf
[2012/09/30 20:03:04 | 001,000,548 | ---- | C] ()(C:\Users\Kevin\Desktop\??????????? - ????(mitbbs.pdf) -- C:\Users\Kevin\Desktop\我也贴一点业界找工经历 - 未名空间(mitbbs.pdf
[2012/09/30 17:09:34 | 001,093,377 | ---- | M] ()(C:\Users\Kevin\Desktop\?????????????????? - ????(mitbbs.pdf) -- C:\Users\Kevin\Desktop\科普一下制药公司的相关职位和工作职能 - 未名空间(mitbbs.pdf
[2012/09/30 17:09:32 | 001,093,377 | ---- | C] ()(C:\Users\Kevin\Desktop\?????????????????? - ????(mitbbs.pdf) -- C:\Users\Kevin\Desktop\科普一下制药公司的相关职位和工作职能 - 未名空间(mitbbs.pdf
[2012/08/27 20:32:19 | 000,000,000 | ---D | M](C:\Users\Kevin\Desktop\????) -- C:\Users\Kevin\Desktop\將天敞開
[2012/08/27 20:32:15 | 000,000,000 | ---D | C](C:\Users\Kevin\Desktop\????) -- C:\Users\Kevin\Desktop\將天敞開
[2012/07/16 23:16:40 | 000,085,491 | ---- | C] ()(C:\Users\Kevin\Desktop\????2.jpg) -- C:\Users\Kevin\Desktop\无价至宝2.jpg
[2012/07/16 23:16:37 | 000,085,491 | ---- | M] ()(C:\Users\Kevin\Desktop\????2.jpg) -- C:\Users\Kevin\Desktop\无价至宝2.jpg
[2012/07/16 23:16:33 | 000,106,330 | ---- | C] ()(C:\Users\Kevin\Desktop\????1.jpg) -- C:\Users\Kevin\Desktop\无价至宝1.jpg
[2012/07/16 23:16:27 | 000,106,330 | ---- | M] ()(C:\Users\Kevin\Desktop\????1.jpg) -- C:\Users\Kevin\Desktop\无价至宝1.jpg
[2012/07/16 21:43:18 | 000,089,553 | ---- | C] ()(C:\Users\Kevin\Desktop\???????.docx) -- C:\Users\Kevin\Desktop\耶和華坐著為王.docx
[2012/07/16 21:43:11 | 000,089,553 | ---- | M] ()(C:\Users\Kevin\Desktop\???????.docx) -- C:\Users\Kevin\Desktop\耶和華坐著為王.docx
[2012/05/02 22:19:20 | 000,000,000 | ---D | M](C:\Users\Kevin\Desktop\????) -- C:\Users\Kevin\Desktop\讚美之泉
[2012/05/02 22:09:23 | 000,000,000 | ---D | C](C:\Users\Kevin\Desktop\SOP15????-?????????) -- C:\Users\Kevin\Desktop\SOP15赞美之泉-爱可以在更多一点点
[2012/05/02 22:07:47 | 000,000,000 | ---D | C](C:\Users\Kevin\Desktop\????) -- C:\Users\Kevin\Desktop\讚美之泉
[2012/04/03 20:32:00 | 000,000,000 | ---D | C](C:\Users\Kevin\Desktop\??????????) -- C:\Users\Kevin\Desktop\回蔚莫文蔚巡迴演唱會
[2012/03/30 20:15:31 | 000,000,000 | ---D | M](C:\Users\Kevin\Desktop\??????????) -- C:\Users\Kevin\Desktop\回蔚莫文蔚巡迴演唱會
[2011/11/29 11:12:13 | 000,000,000 | ---D | M](C:\Users\Kevin\Desktop\SOP15????-?????????) -- C:\Users\Kevin\Desktop\SOP15赞美之泉-爱可以在更多一点点

< End of report >

Extras.txt

OTL Extras logfile created on: 10/26/2013 12:24:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kevin\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.54 Gb Available Physical Memory | 30.80% Memory free
3.74 Gb Paging File | 1.81 Gb Available in Paging File | 48.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.05 Gb Total Space | 78.05 Gb Free Space | 57.37% Space Free | Partition Type: NTFS

Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{052298CE-25AB-4809-BD68-7AFDAB76E8BE}" = lport=50001 | protocol=17 | dir=in | name=sina_live |
"{31634956-1E05-45E3-8576-2E1D0398D4D2}" = lport=6002 | protocol=6 | dir=in | name=sina_live |
"{3B8772D4-D033-418C-9FE7-E80891A8A18D}" = lport=50000 | protocol=17 | dir=in | name=sina_live |
"{3C1B2DE3-D2AE-42D5-880E-44A4207F5FCC}" = lport=6001 | protocol=6 | dir=in | name=sina_live |
"{400743A8-1DEF-452A-B561-BE5FCCB11800}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{461FC992-C24D-49DD-86D7-A8A270C5A835}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{56811FD8-0B52-49D5-865D-BA99602CDFF3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{886AF06B-FFD0-4479-9B3C-C01F0562D655}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F25FE399-154D-4C06-BB1C-D25565E719E6}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2A689967-953D-497C-8A34-73ECA866C501}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{31042420-6559-43C8-A802-FB0C3326BAC2}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{50C77DE2-71B8-44EA-B820-1FB34A192951}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{53C88B46-2091-4095-B9CD-FDFD09B241A3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{5986F901-4CDD-4759-8194-31C62D79F546}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5BF104BD-95E7-43A3-92FC-48BFF5AFAE8B}" = protocol=17 | dir=in | app=c:\program files\netgear\wg111v2\wg111v2.exe |
"{62B8C648-6822-4C7A-B69D-B41AB02FAF0E}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{6A18ABDE-4316-4FBC-BDA6-D6D4215B1ECC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{7FD4A393-BE34-4572-8E96-8E4F584580E8}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{8564318B-8059-4582-9DBF-4CC291DACA01}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{913A4235-4AB6-404B-9CCE-2C5002BCA982}" = protocol=6 | dir=in | app=c:\program files\netgear\wg111v2\wg111v2.exe |
"{9FABDD76-EC7F-4C19-8DC9-8B8422CC62B6}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{A2A98FA4-7DC8-40E5-AF1C-E5B57B024B90}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{B8704675-5887-43C3-BF1F-0833C6FEA487}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C1D54EBE-A9FF-4B63-A223-EFC0D0268167}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{D1FDD9AE-9C46-4FBD-AC7E-0ECAEEF14BBE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E29194D1-F0B9-4AEA-8905-677A63802981}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{E781313B-E407-44A9-BA2A-2F11FAF5574E}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{F2EDB7BF-C70D-489C-BD0F-643DBED77019}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F387BD28-95D0-43A6-9890-96787894FC75}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{192A227B-A8C8-4C6D-B939-21FAEB007E1E}" = Google Drive
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4320988A-7DE0-478D-A38B-CE9509BCE320}" = Sophos Anti-Virus
"{43AC7CBC-1D6A-3B5B-81B1-A0C166FE48F4}" = Google Talk Plugin
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6CEF2BC6-8929-44EE-8360-175513E1A49A}" = Secure Download Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"GooglePinyin2" = 谷歌拼音输入法 2.7
"ImgBurn" = ImgBurn
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"RealPlayer 16.0" = RealPlayer
"WildTangent emachines Master Uninstall" = eMachines Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/24/2013 11:59:50 AM | Computer Name = Kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/25/2013 12:20:12 PM | Computer Name = Kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/25/2013 6:17:28 PM | Computer Name = Kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/26/2013 12:43:44 PM | Computer Name = Kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/27/2013 12:56:14 PM | Computer Name = Kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/27/2013 7:08:18 PM | Computer Name = Kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/28/2013 8:24:24 PM | Computer Name = Kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/29/2013 11:31:59 AM | Computer Name = Kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/30/2013 12:12:43 PM | Computer Name = Kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/31/2013 11:52:03 AM | Computer Name = Kevin-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 10/19/2013 5:28:19 PM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/20/2013 6:57:57 PM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/20/2013 7:34:56 PM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7043
Description =

Error - 10/20/2013 7:41:17 PM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/21/2013 11:50:09 PM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/22/2013 11:50:06 AM | Computer Name = Kevin-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.6 for the Network Card with network
address 001F16F02C66 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 10/22/2013 11:51:16 AM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/22/2013 10:26:20 PM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/26/2013 1:13:14 AM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/26/2013 3:09:09 AM | Computer Name = Kevin-PC | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort1.

< End of report >

Attached Files

MBR.zip 461bytes 165 downloads

#4 OCD

SuperHelper

Malware Team
5,574 posts

Posted 26 October 2013 - 08:45 AM

Hi kevin106,

Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

Ask.com

=========================

AdwCleaner v3: Scan & Clean

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
Click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

Run OTL.exe

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:OTL
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&...eo=US&ver=5
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe File not found

:Files
ipconfig /flushdns /c

:Commands
[purity]
[createrestorepoint]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

=========================

In your next post please provide the following:
AdwCleaner[S0].txt
OTL.txt
What symptoms are you experiencing to make you think there is an infection on your computer?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#5 kevin106

Authentic Member

Authentic Member
35 posts

Posted 26 October 2013 - 12:31 PM

Hi OCD,

I did not find any program associated with ask.com in Programs and Features. Nothing was removed there.

AdwCleaner[S0].txt

# AdwCleaner v3.010 - Report created 26/10/2013 at 10:21:18
# Updated 20/10/2013 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : Kevin - KEVIN-PC
# Running from : C:\Users\Kevin\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Kevin\AppData\Local\thinstall
Folder Deleted : C:\Users\Kevin\AppData\Roaming\thinstall
File Deleted : C:\END

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514

-\\ Google Chrome v

[ File : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1110 octets] - [26/10/2013 10:13:26]
AdwCleaner[S0].txt - [1048 octets] - [26/10/2013 10:21:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1108 octets] ##########

OTL.txt

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXMediaServer not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kevin\Desktop\cmd.bat deleted successfully.
C:\Users\Kevin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: GST

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kevin
->Temp folder emptied: 40803673 bytes
->Temporary Internet Files folder emptied: 43914 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 9023780 bytes
->Flash cache emptied: 34990 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74512515 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 119.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10262013_111322

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP000000541BAB39B93BD306FA not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

---------------------------------------------------------------
The symptoms I was experiencing: took me 1 minute to load up the homepage after I clicked my browser; the audio went on after I closed the page with a video in; constant freezing with a lot of programs that were running.

#6 OCD

SuperHelper

Malware Team
5,574 posts

Posted 26 October 2013 - 09:45 PM

Hi kevin106,

Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

Java™ 6 Update 37
Java™ 6 Update 5
Adobe Reader 10.1.8

=========================

Adobe Reader:

Go to http://get.adobe.com.../otherversions/

Use the drop down menu's to select your operating system
Select your language > Select The current version of Adobe Reader for your language
Remove the check mark from the box "Free! McAfee Security Scan Plus"
Click the Download button, and follow the onscreen directions to complete the installation.

Please note, depending on your settings, you may have to temporarily disable your antivirus software for the Adobe Reader update.

=========================

Reboot

=========================

ComboFix

Refer to the ComboFix User's Guide

Download ComboFix from the following location:

Link

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.
---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

=========================

In your next post please provide the following:
Combofix.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#7 kevin106

Authentic Member

Authentic Member
35 posts

Posted 27 October 2013 - 01:24 AM

During combofix scan, pev.exe has stopped working; however, the scan continued and finished.

Combofix.txt

ComboFix 13-10-26.01 - Kevin 10/26/2013 23:56:50.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1790.756 [GMT -7:00]
Running from: c:\users\Kevin\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kevin\AppData\Local\Temp\_MEI53242\_ctypes.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\_elementtree.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\_hashlib.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\_multiprocessing.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\_socket.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\_ssl.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\msvcp100.dll
c:\users\Kevin\AppData\Local\Temp\_MEI53242\msvcr100.dll
c:\users\Kevin\AppData\Local\Temp\_MEI53242\pyexpat.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\pysqlite2._sqlite.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\python27.dll
c:\users\Kevin\AppData\Local\Temp\_MEI53242\pythoncom27.dll
c:\users\Kevin\AppData\Local\Temp\_MEI53242\PyWinTypes27.dll
c:\users\Kevin\AppData\Local\Temp\_MEI53242\select.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\unicodedata.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\win32api.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\win32com.shell.shell.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\win32crypt.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\win32event.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\win32file.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\win32inet.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\win32pdh.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\win32process.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\win32profile.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\win32security.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\win32ts.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\windows._cacheinvalidation.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\wx._controls_.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\wx._core_.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\wx._gdi_.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\wx._html2.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\wx._misc_.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\wx._windows_.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\wx._wizard.pyd
c:\users\Kevin\AppData\Local\Temp\_MEI53242\wxbase294u_net_vc90.dll
c:\users\Kevin\AppData\Local\Temp\_MEI53242\wxbase294u_vc90.dll
c:\users\Kevin\AppData\Local\Temp\_MEI53242\wxmsw294u_adv_vc90.dll
c:\users\Kevin\AppData\Local\Temp\_MEI53242\wxmsw294u_core_vc90.dll
c:\users\Kevin\AppData\Local\Temp\_MEI53242\wxmsw294u_html_vc90.dll
c:\users\Kevin\AppData\Local\Temp\_MEI53242\wxmsw294u_webview_vc90.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-09-27 to 2013-10-27 )))))))))))))))))))))))))))))))
.
.
2013-10-27 07:12 . 2013-10-27 07:15 -------- d-----w- c:\users\Kevin\AppData\Local\temp
2013-10-27 07:12 . 2013-10-27 07:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-27 06:34 . 2013-10-27 06:35 -------- d-----w- c:\program files\Common Files\Adobe
2013-10-27 06:21 . 2013-10-19 19:21 873384 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-10-27 06:21 . 2013-10-19 19:21 796072 ----a-w- c:\windows\system32\deployJava1.dll
2013-10-26 17:28 . 2013-10-26 17:28 -------- d-----w- C:\_OTL
2013-10-26 17:13 . 2013-10-26 17:21 -------- d-----w- C:\AdwCleaner
2013-10-26 05:37 . 2013-10-16 08:20 7796464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6ABEF56F-7271-4D5C-B18D-1BFED7C417ED}\mpengine.dll
2013-10-26 05:23 . 2013-10-26 05:16 31224 ----a-w- c:\windows\system32\SophosBootTasks.exe
2013-10-26 05:23 . 2013-10-26 05:23 -------- d-----w- c:\program files\Common Files\Cisco Systems
2013-10-23 03:46 . 2013-10-23 03:46 -------- d-----w- c:\program files\RealNetworks
2013-10-23 03:46 . 2013-10-23 03:46 -------- d-----w- c:\programdata\RealNetworks
2013-10-23 03:46 . 2013-10-23 03:46 -------- d-----w- c:\program files\Common Files\xing shared
2013-10-20 23:34 . 2013-10-20 23:34 -------- d-----w- c:\program files\GUMDE5.tmp
2013-10-20 23:34 . 2013-10-20 23:34 50053120 ----a-w- c:\program files\GUTDF6.tmp
2013-10-19 21:06 . 2013-10-19 21:10 -------- d-----w- c:\windows\system32\MRT
2013-10-19 20:54 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-10-19 20:54 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-10-19 20:52 . 2013-08-27 01:52 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-10-19 20:52 . 2013-08-27 02:47 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-10-19 20:52 . 2013-08-27 02:47 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-10-19 20:52 . 2013-08-27 02:47 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-10-19 20:52 . 2013-08-27 02:47 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-10-19 20:52 . 2013-08-27 01:50 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-10-19 20:52 . 2013-08-27 01:32 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-10-19 20:52 . 2013-08-27 01:28 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-10-19 20:52 . 2013-08-27 01:28 798208 ----a-w- c:\windows\system32\FntCache.dll
2013-10-19 20:52 . 2013-08-01 03:16 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-19 20:52 . 2013-08-01 02:49 37376 ----a-w- c:\windows\system32\cdd.dll
2013-10-19 20:50 . 2013-07-20 10:44 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-19 20:50 . 2013-08-29 07:36 2050048 ----a-w- c:\windows\system32\win32k.sys
2013-10-19 20:50 . 2013-07-05 04:53 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-10-19 20:48 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-10-19 20:47 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-10-19 20:47 . 2013-06-29 02:07 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-19 20:47 . 2013-06-29 02:07 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-19 20:47 . 2013-06-29 02:07 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-19 20:47 . 2013-06-29 02:06 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-19 20:47 . 2011-05-05 13:54 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-19 20:47 . 2011-05-05 13:54 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-19 20:46 . 2013-07-12 09:04 73344 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2013-10-19 20:46 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-10-19 20:46 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
2013-10-19 20:46 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-10-19 20:46 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2013-10-19 20:46 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
2013-10-19 20:45 . 2013-06-26 23:01 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-19 20:45 . 2013-07-16 04:35 615936 ----a-w- c:\windows\system32\themeui.dll
2013-10-19 20:45 . 2013-06-04 01:49 293376 ----a-w- c:\windows\system32\atmfd.dll
2013-10-19 20:45 . 2013-06-04 04:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-10-19 20:44 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-10-19 20:44 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-10-19 20:44 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-10-19 20:44 . 2013-06-01 04:06 505344 ----a-w- c:\windows\system32\qedit.dll
2013-10-19 20:44 . 2013-07-04 04:21 532480 ----a-w- c:\windows\system32\comctl32.dll
2013-10-19 20:44 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-10-19 20:43 . 2013-07-03 02:10 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-19 20:02 . 2013-10-19 20:02 -------- d-----w- c:\program files\Common Files\Sophos
2013-10-19 19:42 . 2013-10-19 19:42 132424 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2013-10-19 19:42 . 2013-10-19 19:42 33096 ----a-w- c:\windows\system32\drivers\skmscan.sys
2013-10-19 19:34 . 2013-10-19 19:34 33696 ----a-w- c:\windows\system32\drivers\sdcfilter.sys
2013-10-19 19:33 . 2013-10-19 19:33 131824 ----a-w- c:\windows\system32\sdccoinstaller.dll
2013-10-19 19:33 . 2013-10-19 19:33 22536 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2013-10-19 19:32 . 2013-10-26 05:26 -------- d-----w- c:\programdata\Sophos
2013-10-19 19:32 . 2013-10-19 19:35 -------- d-----w- c:\program files\Sophos
2013-10-19 19:22 . 2013-10-19 19:23 -------- d-----w- c:\programdata\Oracle
2013-10-19 19:21 . 2013-10-19 19:21 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-19 19:14 . 2013-04-09 03:51 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-10-19 19:14 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-10-19 19:14 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-10-19 19:14 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-10-19 19:14 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-10-19 18:59 . 2013-10-19 19:01 -------- d-----w- c:\program files\GUM4539.tmp
2013-10-19 18:59 . 2013-10-19 18:59 50053120 ----a-w- c:\program files\GUT453A.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-19 19:02 . 2012-06-28 04:43 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-19 19:02 . 2012-06-28 04:43 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-03 21:35 . 2011-12-12 09:24 238872 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-26 00:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-26 00:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-26 00:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-26 00:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-26 00:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-26 00:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-09-26 20133824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-25 210216]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2013-10-19 929272]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2013-10-23 295512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico -user_logon [2012-3-3 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ GOOGLEPINYIN2.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
sina_live_deamon REG_MULTI_SZ sina_live_deamon
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-28 19:02]
.
2013-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-18 00:57]
.
2013-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-18 00:57]
.
2013-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3388105646-1375458503-231880925-1000Core.job
- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-11 22:25]
.
2013-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3388105646-1375458503-231880925-1000UA.job
- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-11 22:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=1211&m=el1300g
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-eRecoveryService - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-27 00:16
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Sophos\Sophos Anti-Virus\SavService.exe
c:\program files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
c:\program files\Google\Google Pinyin 2\GooglePinyinService.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\program files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2013-10-27 00:21:44 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-27 07:21
.
Pre-Run: 80,583,675,904 bytes free
Post-Run: 80,425,930,752 bytes free
.
- - End Of File - - 8B16BBBF9DF9A542F780E7D92DC9EE6E
4C1C466E0D9E7B73AD314F6E31C2964F

#8 OCD

SuperHelper

Malware Team
5,574 posts

Posted 27 October 2013 - 09:24 AM

Hi kevin106,

Hi sekirsc,

Malwarebytes' Anti-Malware

Locate Malwarebytes' Anti-Malware (it should be on your desktop).
If not, download it here

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
Select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================

ESET Online Scanner

*Note:

It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply

Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.

=========================

In your next post please provide the following:

MBAM log
ESET's log.txt
How's the computer running, any symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#9 kevin106

Authentic Member

Authentic Member
35 posts

Posted 28 October 2013 - 01:21 AM

No infection was found by ESET. I think the computer is running a bit smooth now.
Two programs were quarantined by Sophos: regedit.exe and NIRCMD.exe.

mbam.txt

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.27.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Kevin :: KEVIN-PC [administrator]

10/27/2013 5:01:42 PM
mbam-log-2013-10-27 (17-01-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 251358
Time elapsed: 11 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 OCD

SuperHelper

Malware Team
5,574 posts

Posted 28 October 2013 - 05:19 PM

Hi kevin106,

Two programs were quarantined by Sophos: regedit.exe and NIRCMD.exe.

When did this occur? Before or after you initially submitted your logs for assistance.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

Advertisements

Register to Remove

#11 kevin106

Authentic Member

Authentic Member
35 posts

Posted 29 October 2013 - 12:37 AM

regedit.exe: after the scan of combofix NIRCMD.exe: after the scan of either mbam or eset I did disable my Sophos before scanning, as you instructed.

Edited by kevin106, 29 October 2013 - 12:38 AM.

#12 OCD

SuperHelper

Malware Team
5,574 posts

Posted 29 October 2013 - 01:02 AM

Hi kevin106,

Re-run OTL (it should be located on your desktop).

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Uncheck the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.

=========================

In your next post please provide the following:
OTL.txt
Any remaining issues?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#13 kevin106

Authentic Member

Authentic Member
35 posts

Posted 30 October 2013 - 12:48 AM

OTL.txt

OTL logfile created on: 10/29/2013 11:27:38 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kevin\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 37.50% Memory free
3.74 Gb Paging File | 1.92 Gb Available in Paging File | 51.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.05 Gb Total Space | 71.45 Gb Free Space | 52.52% Space Free | Partition Type: NTFS

Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kevin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
PRC - C:\Program Files\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe (RealNetworks, Inc.)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe ()
PRC - C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe (Google Inc.)
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)

========== Modules (No Company Name) ==========

MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\wx._gdi_.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\windows._cacheinvalidation.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\win32com.shell.shell.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\_elementtree.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\win32api.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\wx._html2.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\_socket.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\_multiprocessing.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\win32ts.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\win32crypt.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\pythoncom27.dll ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\_ctypes.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\win32profile.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\wx._core_.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\wx._misc_.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\PyWinTypes27.dll ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\win32security.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\_ssl.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\wx._windows_.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\_hashlib.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\wx._wizard.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\win32file.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\win32process.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\win32pdh.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\win32inet.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\wx._controls_.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\unicodedata.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\pyexpat.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\win32event.pyd ()
MOD - C:\Users\Kevin\AppData\Local\temp\_MEI25362\select.pyd ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\30.0.1599.101\libglesv2.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\30.0.1599.101\libegl.dll ()
MOD - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll ()
MOD - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Hook\rndlpepperbrowserrecordhelper.dll ()
MOD - C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()

========== Services (SafeList) ==========

SRV - (Norton Internet Security) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 File not found
SRV - (SAVAdminService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
SRV - (swi_service) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
SRV - (SAVService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SRV - (swi_update) -- C:\ProgramData\Sophos\Web Intelligence\swi_update.exe (Sophos Limited)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
SRV - (Sophos Web Control Service) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (ETService) -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)

========== Driver Services (SafeList) ==========

DRV - (RTL8187) -- system32\DRIVERS\wg111v2.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Limited)
DRV - (SKMScan) -- C:\Windows\System32\drivers\skmscan.sys (Sophos Limited)
DRV - (sdcfilter) -- C:\Windows\System32\drivers\sdcfilter.sys (Sophos Limited)
DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...A...1&m=el1300g
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...amp;rlz=1I7ACEW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE8SRC
IE - HKCU\..\SearchScopes\{B7A1E16B-130D-4471-8448-9D05461C946C}: "URL" = http://www.google.co...1I7ACEW_enUS461
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/10/22 20:46:42 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{g
oogle:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:ins
tantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncodin
g}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugk
ey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 7 U45 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Disabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Google Drive = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: WOT = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.2.0_0\
CHR - Extension: YouTube = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealDownloader = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Docs PDF/PowerPoint Viewer (by Google) = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0\
CHR - Extension: Unblock Youku = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.6.9.2_0\
CHR - Extension: Gmail = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/10/27 00:14:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1A86727-33BF-44FA-8120-60EEE205B08E}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\eM1_Wide.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\eM1_Wide.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/27 22:30:30 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Kevin\Desktop\esetsmartinstaller_enu.exe
[2013/10/27 17:00:35 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes
[2013/10/27 17:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/27 17:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/27 17:00:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/10/27 16:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/27 09:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/10/27 09:48:18 | 050,107,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Kevin\Desktop\AdbeRdr11003_en_US.exe
[2013/10/27 09:03:22 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Kevin\Desktop\mbam-setup-1.75.0.1300.exe
[2013/10/27 00:21:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/10/27 00:21:47 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\temp
[2013/10/27 00:20:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/10/26 23:52:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/10/26 23:52:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/10/26 23:52:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/26 23:51:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/10/26 23:32:36 | 005,136,694 | R--- | C] (Swearware) -- C:\Users\Kevin\Desktop\ComboFix.exe
[2013/10/26 23:21:14 | 000,873,384 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/10/26 23:21:14 | 000,796,072 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/10/26 10:28:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/26 10:13:16 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/25 23:44:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2013/10/25 23:33:35 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Kevin\Desktop\aswMBR.exe
[2013/10/25 22:55:07 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Mozilla
[2013/10/25 22:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2013/10/25 22:23:36 | 000,031,224 | ---- | C] (Sophos Limited) -- C:\Windows\System32\SophosBootTasks.exe
[2013/10/25 22:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2013/10/22 20:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/10/22 20:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/10/22 20:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/10/22 20:45:51 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013/10/22 20:45:28 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013/10/22 20:45:28 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013/10/22 20:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/10/22 20:45:26 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/10/19 14:06:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/10/19 14:00:45 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/10/19 14:00:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/10/19 14:00:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/10/19 14:00:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/10/19 14:00:41 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/10/19 14:00:39 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/10/19 14:00:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/10/19 14:00:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/10/19 13:52:31 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/10/19 13:52:30 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/10/19 13:52:30 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/10/19 13:52:30 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/10/19 13:52:30 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/10/19 13:52:30 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/10/19 13:52:29 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/10/19 13:52:29 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/10/19 13:52:12 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/10/19 13:50:13 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/19 13:50:09 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/10/19 13:48:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/10/19 13:47:05 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/10/19 13:47:05 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/10/19 13:46:49 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2013/10/19 13:46:42 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/10/19 13:46:27 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013/10/19 13:46:26 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013/10/19 13:45:17 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/10/19 13:45:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/10/19 13:44:55 | 003,603,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/10/19 13:44:54 | 003,551,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/10/19 13:44:45 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/10/19 13:44:25 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013/10/19 13:43:21 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013/10/19 13:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sophos
[2013/10/19 12:42:27 | 000,132,424 | ---- | C] (Sophos Limited) -- C:\Windows\System32\drivers\savonaccess.sys
[2013/10/19 12:42:10 | 000,033,096 | ---- | C] (Sophos Limited) -- C:\Windows\System32\drivers\skmscan.sys
[2013/10/19 12:40:09 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\TFC.exe
[2013/10/19 12:34:13 | 000,033,696 | ---- | C] (Sophos Limited) -- C:\Windows\System32\drivers\sdcfilter.sys
[2013/10/19 12:33:48 | 000,131,824 | ---- | C] (Sophos Plc) -- C:\Windows\System32\sdccoinstaller.dll
[2013/10/19 12:33:37 | 000,022,536 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\SophosBootDriver.sys
[2013/10/19 12:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013/10/19 12:32:55 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2013/10/19 12:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/19 12:22:19 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/10/19 12:22:10 | 099,652,463 | ---- | C] (Igor Pavlov) -- C:\Users\Kevin\Desktop\sophos_preconfig.exe
[2013/10/19 12:21:50 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/10/19 12:21:50 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/10/19 12:21:50 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/10/19 12:15:02 | 000,915,368 | ---- | C] (Oracle Corporation) -- C:\Users\Kevin\Desktop\chromeinstall-7u45.exe
[2013/10/19 12:01:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/29 23:19:35 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/29 23:19:35 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/29 22:58:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/29 22:54:10 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3388105646-1375458503-231880925-1000UA.job
[2013/10/29 22:39:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/29 22:36:38 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/29 21:20:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013/10/29 21:19:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/27 22:30:36 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Kevin\Desktop\esetsmartinstaller_enu.exe
[2013/10/27 17:00:13 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/27 16:54:18 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3388105646-1375458503-231880925-1000Core.job
[2013/10/27 09:56:03 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/10/27 09:50:15 | 050,107,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Kevin\Desktop\AdbeRdr11003_en_US.exe
[2013/10/27 09:03:46 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Kevin\Desktop\mbam-setup-1.75.0.1300.exe
[2013/10/27 00:14:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/10/26 23:33:50 | 005,136,694 | R--- | M] (Swearware) -- C:\Users\Kevin\Desktop\ComboFix.exe
[2013/10/26 10:11:54 | 001,060,070 | ---- | M] () -- C:\Users\Kevin\Desktop\AdwCleaner.exe
[2013/10/26 00:21:54 | 000,000,461 | ---- | M] () -- C:\Users\Kevin\Desktop\MBR.zip
[2013/10/26 00:21:24 | 000,000,512 | ---- | M] () -- C:\Users\Kevin\Desktop\MBR.dat
[2013/10/25 23:45:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2013/10/25 23:34:12 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Kevin\Desktop\aswMBR.exe
[2013/10/25 22:16:28 | 000,031,224 | ---- | M] (Sophos Limited) -- C:\Windows\System32\SophosBootTasks.exe
[2013/10/25 22:16:16 | 000,891,167 | ---- | M] () -- C:\Users\Kevin\Desktop\SecurityCheck.exe
[2013/10/22 20:46:59 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/10/22 20:45:51 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013/10/22 20:45:28 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013/10/22 20:45:28 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013/10/22 20:45:27 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/10/22 19:25:08 | 000,392,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/20 17:15:22 | 000,625,664 | ---- | M] () -- C:\Users\Kevin\Desktop\dds.scr
[2013/10/20 17:11:04 | 000,002,044 | ---- | M] () -- C:\Users\Kevin\Desktop\Google Chrome.lnk
[2013/10/20 16:48:20 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/20 16:48:19 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/19 12:42:27 | 000,132,424 | ---- | M] (Sophos Limited) -- C:\Windows\System32\drivers\savonaccess.sys
[2013/10/19 12:42:10 | 000,033,096 | ---- | M] (Sophos Limited) -- C:\Windows\System32\drivers\skmscan.sys
[2013/10/19 12:40:15 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\TFC.exe
[2013/10/19 12:34:13 | 000,033,696 | ---- | M] (Sophos Limited) -- C:\Windows\System32\drivers\sdcfilter.sys
[2013/10/19 12:33:48 | 000,131,824 | ---- | M] (Sophos Plc) -- C:\Windows\System32\sdccoinstaller.dll
[2013/10/19 12:33:37 | 000,022,536 | ---- | M] (Sophos Plc) -- C:\Windows\System32\drivers\SophosBootDriver.sys
[2013/10/19 12:29:44 | 099,652,463 | ---- | M] (Igor Pavlov) -- C:\Users\Kevin\Desktop\sophos_preconfig.exe
[2013/10/19 12:21:29 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/10/19 12:21:23 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/10/19 12:21:23 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/10/19 12:21:23 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/10/19 12:21:22 | 000,873,384 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/10/19 12:21:22 | 000,796,072 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/10/19 12:15:03 | 000,915,368 | ---- | M] (Oracle Corporation) -- C:\Users\Kevin\Desktop\chromeinstall-7u45.exe
[2013/10/19 12:02:11 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/10/19 12:02:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/27 17:00:13 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/27 09:56:03 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/10/27 09:56:03 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/10/26 23:52:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/26 23:52:51 | 000,060,416 | ---- | C] () -- C:\Windows\NIRCMD.exe
[2013/10/26 23:52:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/26 23:52:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/26 23:52:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/26 23:52:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/26 10:10:25 | 001,060,070 | ---- | C] () -- C:\Users\Kevin\Desktop\AdwCleaner.exe
[2013/10/26 00:21:53 | 000,000,461 | ---- | C] () -- C:\Users\Kevin\Desktop\MBR.zip
[2013/10/26 00:21:24 | 000,000,512 | ---- | C] () -- C:\Users\Kevin\Desktop\MBR.dat
[2013/10/25 22:15:48 | 000,891,167 | ---- | C] () -- C:\Users\Kevin\Desktop\SecurityCheck.exe
[2013/10/22 20:46:59 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/10/20 17:15:12 | 000,625,664 | ---- | C] () -- C:\Users\Kevin\Desktop\dds.scr
[2013/02/16 22:25:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2013/02/16 22:25:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/12/12 05:04:52 | 000,000,680 | ---- | C] () -- C:\Users\Kevin\AppData\Local\d3d9caps.dat
[2011/12/11 22:08:21 | 000,016,896 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/11 18:12:18 | 000,017,408 | ---- | C] () -- C:\Users\Kevin\AppData\Local\WebpageIcons.db
[2011/12/11 15:22:04 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2011/12/11 15:04:35 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin

========== ZeroAccess Check ==========

[2006/11/02 05:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Files - Unicode (All) ==========
[2013/03/18 23:54:18 | 000,097,717 | ---- | M] ()(C:\Users\Kevin\Desktop\????.png) -- C:\Users\Kevin\Desktop\有一血泉.png
[2013/03/18 23:54:17 | 000,097,717 | ---- | C] ()(C:\Users\Kevin\Desktop\????.png) -- C:\Users\Kevin\Desktop\有一血泉.png
[2013/03/07 23:56:39 | 002,836,608 | ---- | M] ()(C:\Users\Kevin\Desktop\???.mp3) -- C:\Users\Kevin\Desktop\主的爱.mp3
[2013/03/07 23:56:31 | 002,836,608 | ---- | C] ()(C:\Users\Kevin\Desktop\???.mp3) -- C:\Users\Kevin\Desktop\主的爱.mp3
[2013/03/07 23:18:54 | 002,297,297 | ---- | M] ()(C:\Users\Kevin\Desktop\?????.jpg) -- C:\Users\Kevin\Desktop\救贖的恩典.jpg
[2013/03/07 23:18:52 | 002,297,297 | ---- | C] ()(C:\Users\Kevin\Desktop\?????.jpg) -- C:\Users\Kevin\Desktop\救贖的恩典.jpg
[2013/03/07 23:07:51 | 000,461,601 | ---- | M] ()(C:\Users\Kevin\Desktop\???.pdf) -- C:\Users\Kevin\Desktop\主的愛.pdf
[2013/03/07 23:07:49 | 000,461,601 | ---- | C] ()(C:\Users\Kevin\Desktop\???.pdf) -- C:\Users\Kevin\Desktop\主的愛.pdf
[2013/03/07 22:54:37 | 000,545,043 | ---- | M] ()(C:\Users\Kevin\Desktop\?????.pdf) -- C:\Users\Kevin\Desktop\人們需要主.pdf
[2013/03/07 22:54:34 | 000,545,043 | ---- | C] ()(C:\Users\Kevin\Desktop\?????.pdf) -- C:\Users\Kevin\Desktop\人們需要主.pdf
[2012/09/30 20:03:06 | 001,000,548 | ---- | M] ()(C:\Users\Kevin\Desktop\??????????? - ????(mitbbs.pdf) -- C:\Users\Kevin\Desktop\我也贴一点业界找工经历 - 未名空间(mitbbs.pdf
[2012/09/30 20:03:04 | 001,000,548 | ---- | C] ()(C:\Users\Kevin\Desktop\??????????? - ????(mitbbs.pdf) -- C:\Users\Kevin\Desktop\我也贴一点业界找工经历 - 未名空间(mitbbs.pdf
[2012/09/30 17:09:34 | 001,093,377 | ---- | M] ()(C:\Users\Kevin\Desktop\?????????????????? - ????(mitbbs.pdf) -- C:\Users\Kevin\Desktop\科普一下制药公司的相关职位和工作职能 - 未名空间(mitbbs.pdf
[2012/09/30 17:09:32 | 001,093,377 | ---- | C] ()(C:\Users\Kevin\Desktop\?????????????????? - ????(mitbbs.pdf) -- C:\Users\Kevin\Desktop\科普一下制药公司的相关职位和工作职能 - 未名空间(mitbbs.pdf
[2012/08/27 20:32:19 | 000,000,000 | ---D | M](C:\Users\Kevin\Desktop\????) -- C:\Users\Kevin\Desktop\將天敞開
[2012/08/27 20:32:15 | 000,000,000 | ---D | C](C:\Users\Kevin\Desktop\????) -- C:\Users\Kevin\Desktop\將天敞開
[2012/07/16 23:16:40 | 000,085,491 | ---- | C] ()(C:\Users\Kevin\Desktop\????2.jpg) -- C:\Users\Kevin\Desktop\无价至宝2.jpg
[2012/07/16 23:16:37 | 000,085,491 | ---- | M] ()(C:\Users\Kevin\Desktop\????2.jpg) -- C:\Users\Kevin\Desktop\无价至宝2.jpg
[2012/07/16 23:16:33 | 000,106,330 | ---- | C] ()(C:\Users\Kevin\Desktop\????1.jpg) -- C:\Users\Kevin\Desktop\无价至宝1.jpg
[2012/07/16 23:16:27 | 000,106,330 | ---- | M] ()(C:\Users\Kevin\Desktop\????1.jpg) -- C:\Users\Kevin\Desktop\无价至宝1.jpg
[2012/07/16 21:43:18 | 000,089,553 | ---- | C] ()(C:\Users\Kevin\Desktop\???????.docx) -- C:\Users\Kevin\Desktop\耶和華坐著為王.docx
[2012/07/16 21:43:11 | 000,089,553 | ---- | M] ()(C:\Users\Kevin\Desktop\???????.docx) -- C:\Users\Kevin\Desktop\耶和華坐著為王.docx
[2012/05/02 22:19:20 | 000,000,000 | ---D | M](C:\Users\Kevin\Desktop\????) -- C:\Users\Kevin\Desktop\讚美之泉
[2012/05/02 22:09:23 | 000,000,000 | ---D | C](C:\Users\Kevin\Desktop\SOP15????-?????????) -- C:\Users\Kevin\Desktop\SOP15赞美之泉-爱可以在更多一点点
[2012/05/02 22:07:47 | 000,000,000 | ---D | C](C:\Users\Kevin\Desktop\????) -- C:\Users\Kevin\Desktop\讚美之泉
[2012/04/03 20:32:00 | 000,000,000 | ---D | C](C:\Users\Kevin\Desktop\??????????) -- C:\Users\Kevin\Desktop\回蔚莫文蔚巡迴演唱會
[2012/03/30 20:15:31 | 000,000,000 | ---D | M](C:\Users\Kevin\Desktop\??????????) -- C:\Users\Kevin\Desktop\回蔚莫文蔚巡迴演唱會
[2011/11/29 11:12:13 | 000,000,000 | ---D | M](C:\Users\Kevin\Desktop\SOP15????-?????????) -- C:\Users\Kevin\Desktop\SOP15赞美之泉-爱可以在更多一点点

< End of report >
--------------------------------------------------------------------
NIRCMD.exe was quarantined by Sophos again.

#14 OCD

SuperHelper

Malware Team
5,574 posts

Posted 30 October 2013 - 01:14 AM

Hi kevin106,

NirCmd is a command-line utility that allows writing to and deletion of values and keys in the registry. BOClean targets nircmd.exe while ComboFix is unpacking, and while it's trying to run. Panda, Sophos and others target NirSoft tools as well.

Certain files that are part of the combofix tool such as nircmd.exe may at times be detected by some anti-virus as a "RiskTool", "Hacking tool, "Potentially unwanted tool" or even "Spyware-Adware". Anti-virus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user or even remove them.

Such programs may have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. Potentially unwanted does not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others.

=========================

This issue will be resolved when we clean up when we are finished.

Your log looks good. :thumbup:

Are there any other issues we haven't addressed?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#15 kevin106

Authentic Member

Authentic Member
35 posts

Posted 30 October 2013 - 07:23 PM

Hi OCD, Thanks for the workshop! Everything else looks good. Appreciate your help!

Body Background

skin color theme