Author Topic: USB Port Infected (Read 2184 times)

tanya · « **on:** March 01, 2014, 04:06:57 AM »

Hello,

I have a virus which began with an infected USB Drive. Now every time I plug in any USB Drive it doesn\'t work, all files have become shortcuts and none of them work. Microsoft Security Essentials has identified the virus as follows - Worm:VBS/Jenxcus!Ink It quarantines it but every time I use a USB it keeps coming back. I tried Super Antispyware but it hasn\'t identified it either. I tried to format all my USB\'s but even after formatting when I plug in the USB the virus comes back. I am not sure if any other areas of the computer are infected yet. Please help removing this!

Here is the hijack this log -

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:34:05 PM, on 3/1/2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.16518)

Boot mode: Normal

Running processes:

C:\\Windows\\system32\\taskhost.exe

C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamgui.exe

C:\\Windows\\system32\\Dwm.exe

C:\\Windows\\Explorer.EXE

C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe

C:\\Program Files\\Microsoft Security Client\\msseces.exe

C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe

C:\\Program Files\\iTunes\\iTunesHelper.exe

C:\\Windows\\System32\\wscript.exe

C:\\Program Files\\Mozilla Firefox\\firefox.exe

C:\\Program Files\\Mozilla Firefox\\plugin-container.exe

C:\\Users\\compag\\AppData\\Local\\Google\\Google Talk Plugin\\googletalkplugin.exe

C:\\Program Files\\Mozilla Firefox\\plugin-container.exe

C:\\Windows\\system32\\Macromed\\Flash\\FlashPlayerPlugin_12_0_0_70.exe

C:\\Windows\\system32\\Macromed\\Flash\\FlashPlayerPlugin_12_0_0_70.exe

C:\\Users\\compag\\AppData\\Roaming\\VanToM Folder\\Server.exe

C:\\Windows\\system32\\wuauclt.exe

C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe

C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe

C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe

C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe

C:\\Program Files\\Trend Micro\\HiJackThis\\HiJackThis.exe

C:\\Windows\\system32\\DllHost.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896\'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157\'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141\'>http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896\'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896\'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141\'>http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =

R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,ProxyOverride = *.local

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll

O4 - HKLM\\..\\Run: [Adobe ARM] \"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"

O4 - HKLM\\..\\Run: [APSDaemon] \"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"

O4 - HKLM\\..\\Run: [MSC] \"C:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey

O4 - HKLM\\..\\Run: [GrooveMonitor] \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\"

O4 - HKLM\\..\\Run: [iTunesHelper] \"C:\\Program Files\\iTunes\\iTunesHelper.exe\"

O4 - HKCU\\..\\Run: [Skype] \"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun

O4 - HKCU\\..\\Run: [Google Update] \"C:\\Users\\compag\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c

O4 - HKCU\\..\\Run: [uTorrent] \"C:\\Users\\compag\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED

O4 - HKCU\\..\\Run: [MICROS~1] wscript.exe //B \"C:\\Users\\compag\\AppData\\Local\\Temp\\MICROS~1.VBS\"

O4 - HKCU\\..\\Run: [Server] C:\\Users\\compag\\AppData\\Roaming\\VanToM Folder\\Server.exe

O4 - HKCU\\..\\Run: [SUPERAntiSpyware] C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe

O4 - HKUS\\S-1-5-18\\..\\RunOnce: [SPReview] \"C:\\Windows\\System32\\SPReview\\SPReview.exe\" /sp:1 /errorfwlink:\"http://go.microsoft.com/fwlink/?LinkID=122915\'>http://go.microsoft.com/fwlink/?LinkID=122915\" /build:7601 (User \'SYSTEM\')

O4 - HKUS\\.DEFAULT\\..\\RunOnce: [SPReview] \"C:\\Windows\\System32\\SPReview\\SPReview.exe\" /sp:1 /errorfwlink:\"http://go.microsoft.com/fwlink/?LinkID=122915\'>http://go.microsoft.com/fwlink/?LinkID=122915\" /build:7601 (User \'Default user\')

O4 - Startup: MICROS~1.VBS

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~1\\Office12\\ONBttnIE.dll

O9 - Extra \'Tools\' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~1\\Office12\\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~1\\Office12\\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\\Program Files\\Microsoft Office\\Office12\\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~1\\COMMON~1\\Skype\\SKYPE4~1.DLL

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\\Program Files\\SUPERAntiSpyware\\SASCORE.EXE

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\\Windows\\system32\\Macromed\\Flash\\FlashPlayerUpdateService.exe

O23 - Service: AMD External Events Utility - AMD - C:\\Windows\\system32\\atiesrxx.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\\Program Files\\Mozilla Maintenance Service\\maintenanceservice.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\\Program Files\\Skype\\Updater\\Updater.exe

--

End of file - 6415 bytes

Thank you!

Tanya

guestolo · « **Reply #1 on:** March 01, 2014, 09:53:25 AM »

hello again

Can you do the following please:

Download [color=\"#FF0000\"]OTL.exe[/color][/url] by OldTimer to your Desktop.

Close all windows and right click on OTL.exe and choose to \"Run as Administrator\"
Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

tanya · « **Reply #2 on:** March 01, 2014, 10:27:25 AM »

Thank you. Here is the OTL log -

OTL logfile created on: 3/1/2014 8:43:35 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\\Users\\compag\\Desktop

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16518)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 63.88% Memory free

3.49 Gb Paging File | 2.45 Gb Available in Paging File | 70.17% Paging File free

Paging file location(s): ?:\\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files

Drive C: | 97.56 Gb Total Space | 64.21 Gb Free Space | 65.81% Space Free | Partition Type: NTFS

Drive D: | 146.48 Gb Total Space | 145.17 Gb Free Space | 99.10% Space Free | Partition Type: NTFS

Drive E: | 221.62 Gb Total Space | 157.67 Gb Free Space | 71.15% Space Free | Partition Type: NTFS

Computer Name: COMPAG-PC | User Name: compag | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/01 20:41:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\compag\\Desktop\\OTL.exe

PRC - [2014/01/11 03:07:53 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\taskhost.exe

PRC - [2014/01/07 03:07:38 | 005,625,624 | ---- | M] (SUPERAntiSpyware) -- C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe

PRC - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- C:\\Program Files\\Microsoft Security Client\\NisSrv.exe

PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\\Program Files\\Microsoft Security Client\\MsMpEng.exe

PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\\Program Files\\Microsoft Security Client\\msseces.exe

PRC - [2013/10/11 04:24:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\\Program Files\\SUPERAntiSpyware\\SASCore.exe

PRC - [2013/09/03 19:23:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamscheduler.exe

PRC - [2013/02/13 10:15:28 | 000,060,216 | ---- | M] (The Pidgin developer community) -- C:\\Program Files\\Pidgin\\pidgin.exe

PRC - [2010/11/20 17:47:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\explorer.exe

PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\\Windows\\System32\\atieclxx.exe

PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\\Windows\\System32\\atiesrxx.exe

========== Modules (No Company Name) ==========

MOD - [2014/02/06 00:52:52 | 000,073,544 | ---- | M] () -- C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\zlib1.dll

MOD - [2014/02/06 00:52:32 | 001,044,808 | ---- | M] () -- C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\libxml2.dll

MOD - [2014/01/08 14:02:30 | 000,090,496 | ---- | M] () -- C:\\Program Files\\Pidgin\\Gtk\\lib\\gtk-2.0\\2.10.0\\engines\\libwimp.dll

MOD - [2014/01/08 14:02:29 | 000,279,059 | ---- | M] () -- C:\\Program Files\\Pidgin\\Gtk\\bin\\libfontconfig-1.dll

MOD - [2014/01/08 14:02:29 | 000,216,992 | ---- | M] () -- C:\\Program Files\\Pidgin\\Gtk\\bin\\libpng14-14.dll

MOD - [2014/01/08 14:02:29 | 000,100,352 | ---- | M] () -- C:\\Program Files\\Pidgin\\Gtk\\bin\\zlib1.dll

MOD - [2014/01/08 14:02:28 | 000,904,525 | ---- | M] () -- C:\\Program Files\\Pidgin\\Gtk\\bin\\libcairo-2.dll

MOD - [2014/01/08 14:02:28 | 000,553,382 | ---- | M] () -- C:\\Program Files\\Pidgin\\Gtk\\bin\\freetype6.dll

MOD - [2014/01/08 14:02:28 | 000,177,586 | ---- | M] () -- C:\\Program Files\\Pidgin\\Gtk\\bin\\libexpat-1.dll

MOD - [2013/02/13 10:15:08 | 000,069,575 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\spellchk.dll

MOD - [2013/02/13 10:15:08 | 000,044,494 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\xmppdisco.dll

MOD - [2013/02/13 10:15:08 | 000,037,191 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\xmppconsole.dll

MOD - [2013/02/13 10:15:08 | 000,032,020 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\ticker.dll

MOD - [2013/02/13 10:15:08 | 000,030,771 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\winprefs.dll

MOD - [2013/02/13 10:15:08 | 000,030,353 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\themeedit.dll

MOD - [2013/02/13 10:15:08 | 000,029,791 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\win2ktrans.dll

MOD - [2013/02/13 10:15:08 | 000,029,256 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\pidginrc.dll

MOD - [2013/02/13 10:15:08 | 000,027,811 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\ssl-nss.dll

MOD - [2013/02/13 10:15:08 | 000,023,305 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\timestamp_format.dll

MOD - [2013/02/13 10:15:08 | 000,018,399 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\timestamp.dll

MOD - [2013/02/13 10:15:08 | 000,015,978 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\statenotify.dll

MOD - [2013/02/13 10:15:08 | 000,015,429 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\relnot.dll

MOD - [2013/02/13 10:15:08 | 000,015,380 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\psychic.dll

MOD - [2013/02/13 10:15:08 | 000,015,045 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\sendbutton.dll

MOD - [2013/02/13 10:15:08 | 000,012,004 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\ssl.dll

MOD - [2013/02/13 10:15:06 | 000,415,553 | ---- | M] () -- C:\\Program Files\\Pidgin\\libjabber.dll

MOD - [2013/02/13 10:15:06 | 000,373,657 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libmsn.dll

MOD - [2013/02/13 10:15:06 | 000,310,491 | ---- | M] () -- C:\\Program Files\\Pidgin\\liboscar.dll

MOD - [2013/02/13 10:15:06 | 000,228,908 | ---- | M] () -- C:\\Program Files\\Pidgin\\libymsg.dll

MOD - [2013/02/13 10:15:06 | 000,209,619 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libgg.dll

MOD - [2013/02/13 10:15:06 | 000,171,090 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libsilc.dll

MOD - [2013/02/13 10:15:06 | 000,149,933 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libmxit.dll

MOD - [2013/02/13 10:15:06 | 000,123,540 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libnovell.dll

MOD - [2013/02/13 10:15:06 | 000,116,583 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libsametime.dll

MOD - [2013/02/13 10:15:06 | 000,106,670 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libmyspace.dll

MOD - [2013/02/13 10:15:06 | 000,105,620 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libirc.dll

MOD - [2013/02/13 10:15:06 | 000,092,874 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libbonjour.dll

MOD - [2013/02/13 10:15:06 | 000,055,758 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libsimple.dll

MOD - [2013/02/13 10:15:06 | 000,047,391 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\log_reader.dll

MOD - [2013/02/13 10:15:06 | 000,029,225 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\notify.dll

MOD - [2013/02/13 10:15:06 | 000,024,924 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\convcolors.dll

MOD - [2013/02/13 10:15:06 | 000,022,832 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libyahoo.dll

MOD - [2013/02/13 10:15:06 | 000,021,795 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\markerline.dll

MOD - [2013/02/13 10:15:06 | 000,021,337 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libxmpp.dll

MOD - [2013/02/13 10:15:06 | 000,020,997 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\autoaccept.dll

MOD - [2013/02/13 10:15:06 | 000,019,793 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libyahoojp.dll

MOD - [2013/02/13 10:15:06 | 000,019,043 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\idle.dll

MOD - [2013/02/13 10:15:06 | 000,018,882 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\history.dll

MOD - [2013/02/13 10:15:06 | 000,018,555 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\joinpart.dll

MOD - [2013/02/13 10:15:06 | 000,017,023 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\offlinemsg.dll

MOD - [2013/02/13 10:15:06 | 000,016,005 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libicq.dll

MOD - [2013/02/13 10:15:06 | 000,015,702 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\extplacement.dll

MOD - [2013/02/13 10:15:06 | 000,015,074 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\libaim.dll

MOD - [2013/02/13 10:15:06 | 000,014,147 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\gtkbuddynote.dll

MOD - [2013/02/13 10:15:06 | 000,013,456 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\newline.dll

MOD - [2013/02/13 10:15:06 | 000,013,253 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\buddynote.dll

MOD - [2013/02/13 10:15:06 | 000,012,865 | ---- | M] () -- C:\\Program Files\\Pidgin\\plugins\\iconaway.dll

MOD - [2013/02/13 10:14:56 | 000,671,031 | ---- | M] () -- C:\\Program Files\\Pidgin\\exchndl.dll

MOD - [2013/02/13 10:14:56 | 000,028,160 | ---- | M] () -- C:\\Program Files\\Pidgin\\libssp-0.dll

MOD - [2013/02/13 10:14:54 | 000,475,580 | ---- | M] () -- C:\\Program Files\\Pidgin\\spellcheck\\libgtkspell-0.dll

MOD - [2013/02/13 10:14:00 | 000,425,984 | ---- | M] () -- C:\\Program Files\\Pidgin\\sqlite3.dll

MOD - [2013/02/13 10:13:54 | 002,097,721 | ---- | M] () -- C:\\Program Files\\Pidgin\\libsilc-1-1-2.dll

MOD - [2013/02/13 10:13:54 | 000,818,985 | ---- | M] () -- C:\\Program Files\\Pidgin\\libsilcclient-1-1-3.dll

MOD - [2013/02/13 10:13:54 | 000,152,852 | ---- | M] () -- C:\\Program Files\\Pidgin\\libmeanwhile-1.dll

MOD - [2013/02/13 10:13:46 | 001,274,655 | ---- | M] () -- C:\\Program Files\\Pidgin\\libxml2-2.dll

MOD - [2013/02/13 10:13:46 | 000,190,464 | ---- | M] () -- C:\\Program Files\\Pidgin\\libsasl.dll

MOD - [2013/02/13 10:13:46 | 000,140,288 | ---- | M] () -- C:\\Program Files\\Pidgin\\sasl2\\saslDIGESTMD5.dll

MOD - [2013/02/13 10:13:46 | 000,115,712 | ---- | M] () -- C:\\Program Files\\Pidgin\\sasl2\\saslCRAMMD5.dll

MOD - [2013/02/13 10:13:46 | 000,102,912 | ---- | M] () -- C:\\Program Files\\Pidgin\\sasl2\\saslPLAIN.dll

MOD - [2013/02/13 10:13:46 | 000,102,912 | ---- | M] () -- C:\\Program Files\\Pidgin\\sasl2\\saslLOGIN.dll

MOD - [2013/02/13 10:13:46 | 000,102,400 | ---- | M] () -- C:\\Program Files\\Pidgin\\sasl2\\saslANONYMOUS.dll

MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\\Program Files\\WinRAR\\RarExt.dll

========== Services (SafeList) ==========

SRV - [2014/02/21 00:55:40 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\\Windows\\System32\\Macromed\\Flash\\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/02/14 12:37:34 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\\Program Files\\Mozilla Maintenance Service\\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2014/02/06 15:17:18 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\System32\\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV - [2014/01/09 03:03:40 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\System32\\Wat\\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\\Program Files\\Microsoft Security Client\\NisSrv.exe -- (NisSrv)

SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\\Program Files\\Microsoft Security Client\\MsMpEng.exe -- (MsMpSvc)

SRV - [2013/10/11 04:24:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\\Program Files\\SUPERAntiSpyware\\SASCore.exe -- (!SASCORE)

SRV - [2013/09/03 19:23:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe -- (AdobeARMservice)

SRV - [2013/05/27 10:27:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/09/10 18:57:18 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\\Program Files\\Skype\\Updater\\Updater.exe -- (SkypeUpdate)

SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\\Windows\\System32\\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2009/07/14 06:46:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\System32\\StorSvc.dll -- (StorSvc)

SRV - [2009/07/14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\System32\\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\System32\\PeerDistSvc.dll -- (PeerDistSvc)

========== Driver Services (SafeList) ==========

DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\NisDrvWFP.sys -- (NisDrv)

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\mbam.sys -- (MBAMProtector)

DRV - [2011/07/22 21:57:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\\Program Files\\SUPERAntiSpyware\\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/13 03:25:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\\Program Files\\SUPERAntiSpyware\\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/11/20 18:00:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\\Windows\\System32\\drivers\\vmbus.sys -- (vmbus)

DRV - [2010/11/20 18:00:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\\Windows\\System32\\drivers\\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 18:00:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\storvsc.sys -- (storvsc)

DRV - [2010/11/20 15:54:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 15:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\winusb.sys -- (WinUsb)

DRV - [2010/11/20 14:44:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 14:44:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\vms3cap.sys -- (s3cap)

DRV - [2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\atikmdag.sys -- (atikmdag)

DRV - [2009/07/14 05:15:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\serial.sys -- (Serial)

DRV - [2009/07/14 03:43:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\AGRSM.sys -- (AgereSoftModem)

DRV - [2009/07/14 03:32:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\yk62x86.sys -- (yukonw7)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache = http://in.msn.com/?rd=1&ucc=IN&dcc=IN&opt=0&ocid=iehp\'>http://in.msn.com/?rd=1&ucc=IN&dcc=IN&opt=0&ocid=iehp

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache_TIMESTAMP = 16 D5 19 57 49 0E CF 01 [binary data]

IE - HKCU\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyOverride\" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1

FF - user.js - File not found

FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\system32\\Macromed\\Flash\\NPSWF32_12_0_0_70.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=: File not found

FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=1.0: C:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@EDVR/WebClient: C:\\windows\\system32\\WebClient\\npwebclient.dll (Google)

FF - HKLM\\Software\\MozillaPlugins\\@google.com/npPicasa3,version=3.0.0: C:\\Program Files\\Google\\Picasa3\\npPicasa3.dll (Google, Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\\Software\\MozillaPlugins\\@videolan.org/vlc,version=2.1.2: C:\\Program Files\\VideoLAN\\VLC\\npvlc.dll (VideoLAN)

FF - HKLM\\Software\\MozillaPlugins\\Adobe Reader: C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\\Software\\MozillaPlugins\\@talk.google.com/GoogleTalkPlugin: C:\\Users\\compag\\AppData\\Roaming\\Mozilla\\plugins\\npgoogletalk.dll (Google)

FF - HKCU\\Software\\MozillaPlugins\\@talk.google.com/O1DPlugin: C:\\Users\\compag\\AppData\\Roaming\\Mozilla\\plugins\\npo1d.dll (Google)

FF - HKCU\\Software\\MozillaPlugins\\@talk.google.com/O3DPlugin: C:\\Users\\compag\\AppData\\Roaming\\Mozilla\\plugins\\npgtpo3dautoplugin.dll ()

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Users\\compag\\AppData\\Local\\Google\\Update\\1.3.22.5\\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Users\\compag\\AppData\\Local\\Google\\Update\\1.3.22.5\\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 27.0.1\\extensions\\\\Components: C:\\Program Files\\Mozilla Firefox\\components

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 27.0.1\\extensions\\\\Plugins: C:\\Program Files\\Mozilla Firefox\\plugins

FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 27.0.1\\extensions\\\\Components: C:\\Program Files\\Mozilla Firefox\\components

FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 27.0.1\\extensions\\\\Plugins: C:\\Program Files\\Mozilla Firefox\\plugins

[2014/01/07 23:36:22 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\compag\\AppData\\Roaming\\mozilla\\Extensions

[2014/02/14 12:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files\\Mozilla Firefox\\browser\\extensions

[2014/02/14 12:37:36 | 000,000,000 | ---D | M] (Default) -- C:\\Program Files\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.google.com/\'>http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\Application\\33.0.1750.117\\PepperFlash\\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\Application\\33.0.1750.117\\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\Application\\33.0.1750.117\\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.dll

CHR - plugin: Picasa (Enabled) = C:\\Program Files\\Google\\Picasa3\\npPicasa3.dll

CHR - Extension: Entanglement Web App = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aciahcmjmecflokailenpkdchphgkefd\\3.4.9_0\\

CHR - Extension: Google Docs = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.5_0\\

CHR - Extension: Google Drive = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\6.3_0\\

CHR - Extension: YouTube = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.6_0\\

CHR - Extension: Google Search = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.20_0\\

CHR - Extension: Poppit = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\mcbkbpnkkkipelfledbfocopglifcfmi\\2.2_0\\

CHR - Extension: Google Wallet = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\0.0.6.1_0\\

CHR - Extension: Gmail = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\7_0\\

O1 HOSTS File: ([2009/06/11 03:09:37 | 000,000,824 | ---- | M]) - C:\\Windows\\System32\\drivers\\etc\\hosts

O4 - HKLM..\\Run: [APSDaemon] C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\\Run: [MSC] C:\\Program Files\\Microsoft Security Client\\msseces.exe (Microsoft Corporation)

O4 - HKCU..\\Run: [MICROS~1] wscript.exe //B \"C:\\Users\\compag\\AppData\\Local\\Temp\\MICROS~1.VBS\" File not found

O4 - HKCU..\\Run: [SUPERAntiSpyware] C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe (SUPERAntiSpyware)

O4 - HKCU..\\Run: [uTorrent] C:\\Users\\compag\\AppData\\Roaming\\uTorrent\\uTorrent.exe (BitTorrent Inc.)

O4 - Startup: C:\\Users\\compag\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MICROS~1.VBS ()

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\\Windows\\System32\\GPhotos.scr (Google Inc.)

O10 - NameSpace_Catalog5\\Catalog_Entries\\000000000006 [] - C:\\Program Files\\Bonjour\\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 192.168.5.1

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{B2885AC2-8378-4262-AEDD-2365DCA7CC4E}: DhcpNameServer = 192.168.5.1

O18 - Protocol\\Handler\\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\Program Files\\Common Files\\Skype\\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\System32\\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\\Windows\\System32\\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/11 03:12:20 | 000,000,024 | ---- | M] () - C:\\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\\..comfile [open] -- \"%1\" %*

O35 - HKLM\\..exefile [open] -- \"%1\" %*

O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/01 20:41:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Users\\compag\\Desktop\\OTL.exe

[2014/03/01 14:27:35 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\HiJackThis

[2014/03/01 14:27:31 | 000,000,000 | ---D | C] -- C:\\Program Files\\Trend Micro

[2014/03/01 14:03:57 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\AppData\\Roaming\\SUPERAntiSpyware.com

[2014/03/01 14:03:23 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SUPERAntiSpyware

[2014/03/01 14:03:18 | 000,000,000 | ---D | C] -- C:\\ProgramData\\SUPERAntiSpyware.com

[2014/03/01 14:03:18 | 000,000,000 | ---D | C] -- C:\\Program Files\\SUPERAntiSpyware

[2014/02/27 14:03:36 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\AppData\\Roaming\\VanToM Folder

[2014/02/24 15:11:38 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\AppData\\Roaming\\Malwarebytes

[2014/02/24 15:11:24 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Malwarebytes\' Anti-Malware

[2014/02/24 15:11:19 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Malwarebytes

[2014/02/24 15:11:15 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\\Windows\\System32\\drivers\\mbam.sys

[2014/02/24 15:11:15 | 000,000,000 | ---D | C] -- C:\\Program Files\\Malwarebytes\' Anti-Malware

[2014/02/24 15:10:54 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\AppData\\Local\\Programs

[2014/02/22 13:29:33 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\iTunes

[2014/02/22 13:27:35 | 000,000,000 | ---D | C] -- C:\\Program Files\\iPod

[2014/02/22 13:27:33 | 000,000,000 | ---D | C] -- C:\\Program Files\\iTunes

[2014/02/22 13:27:33 | 000,000,000 | ---D | C] -- C:\\ProgramData\\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2014/02/20 12:26:34 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\Desktop\\Coins

[2014/02/14 12:36:45 | 000,000,000 | ---D | C] -- C:\\Program Files\\Mozilla Firefox

[2014/02/13 11:09:07 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\Desktop\\Pics

[2014/02/13 03:02:57 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieui.dll

[2014/02/13 03:02:56 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\mshtml.tlb

[2014/02/13 03:02:56 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ie4uinit.exe

[2014/02/13 03:02:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieetwcollectorres.dll

[2014/02/13 03:02:55 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\jsproxy.dll

[2014/02/13 03:02:54 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\msrating.dll

[2014/02/13 03:02:54 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\iesetup.dll

[2014/02/13 03:02:54 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\iernonce.dll

[2014/02/13 03:02:53 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\jscript9diag.dll

[2014/02/13 03:02:53 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieUnatt.exe

[2014/02/13 03:02:53 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieetwcollector.exe

[2014/02/13 03:02:53 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieetwproxystub.dll

[2014/02/13 03:02:52 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieapfltr.dll

[2014/02/13 03:02:52 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\msfeeds.dll

[2014/02/13 03:02:48 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\inetcpl.cpl

[2014/02/13 03:02:43 | 004,244,480 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\jscript9.dll

[2014/02/12 14:16:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\msxml3r.dll

[2014/02/12 14:16:23 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\d2d1.dll

[2014/02/12 14:16:23 | 001,987,584 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\d3d10warp.dll

[2014/02/03 15:34:23 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\Desktop\\Transcription

[2014/02/03 15:32:29 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\Desktop\\PS Invoices

[2014/02/03 15:21:36 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\Desktop\\SD Card

[2014/01/31 12:44:51 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\Desktop\\Iphone Music

[2 C:\\Users\\compag\\Desktop\\*.tmp files -> C:\\Users\\compag\\Desktop\\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/01 20:41:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\compag\\Desktop\\OTL.exe

[2014/03/01 20:29:00 | 000,000,912 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskUserS-1-5-21-1194522279-2361252024-777755393-1000UA.job

[2014/03/01 19:56:58 | 000,010,336 | -H-- | M] () -- C:\\Windows\\System32\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/03/01 19:56:58 | 000,010,336 | -H-- | M] () -- C:\\Windows\\System32\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/03/01 19:55:00 | 000,000,830 | ---- | M] () -- C:\\Windows\\tasks\\Adobe Flash Player Updater.job

[2014/03/01 17:02:06 | 000,615,360 | ---- | M] () -- C:\\Windows\\System32\\perfh009.dat

[2014/03/01 17:02:06 | 000,103,702 | ---- | M] () -- C:\\Windows\\System32\\perfc009.dat

[2014/03/01 16:56:48 | 000,000,512 | ---- | M] () -- C:\\Windows\\tasks\\SUPERAntiSpyware Scheduled Task 64347694-cc76-4149-b9e6-f717b7f47d8b.job

[2014/03/01 16:56:48 | 000,000,512 | ---- | M] () -- C:\\Windows\\tasks\\SUPERAntiSpyware Scheduled Task 399b3e82-3ea0-4076-9ec6-540468bd563c.job

[2014/03/01 16:56:37 | 000,067,584 | --S- | M] () -- C:\\Windows\\bootstat.dat

[2014/03/01 16:56:35 | 1406,820,352 | -HS- | M] () -- C:\\hiberfil.sys

[2014/03/01 16:54:33 | 000,137,262 | ---- | M] () -- C:\\Users\\compag\\Desktop\\products-2014-03-01.csv

[2014/03/01 15:29:04 | 000,000,860 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskUserS-1-5-21-1194522279-2361252024-777755393-1000Core.job

[2014/03/01 14:27:35 | 000,002,969 | ---- | M] () -- C:\\Users\\compag\\Desktop\\HiJackThis.lnk

[2014/03/01 14:03:23 | 000,001,961 | ---- | M] () -- C:\\Users\\Public\\Desktop\\SUPERAntiSpyware Professional.lnk

[2014/02/27 12:51:54 | 018,072,752 | ---- | M] () -- C:\\Users\\compag\\Desktop\\Dr. T. Colin Campbell 2014.mp3

[2014/02/25 17:01:56 | 019,933,232 | ---- | M] () -- C:\\Users\\compag\\Desktop\\Marc David 2014.mp3

[2014/02/25 09:48:14 | 021,135,616 | ---- | M] () -- C:\\Users\\compag\\Desktop\\WSO2-Prakash Iyer-022414.WMA

[2014/02/24 15:11:24 | 000,001,067 | ---- | M] () -- C:\\Users\\Public\\Desktop\\Malwarebytes Anti-Malware.lnk

[2014/02/22 13:29:33 | 000,001,753 | ---- | M] () -- C:\\Users\\Public\\Desktop\\iTunes.lnk

[2014/02/21 01:58:22 | 000,002,372 | ---- | M] () -- C:\\Users\\compag\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk

[2014/02/21 01:58:22 | 000,002,370 | ---- | M] () -- C:\\Users\\compag\\Desktop\\Google Chrome.lnk

[2014/02/21 00:55:39 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\\Windows\\System32\\FlashPlayerApp.exe

[2014/02/21 00:55:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\\Windows\\System32\\FlashPlayerCPLApp.cpl

[2014/02/19 23:23:37 | 027,971,170 | ---- | M] () -- C:\\Users\\compag\\Desktop\\WSO2-Rajesh Kaveti-021814.WMA

[2014/02/19 19:35:23 | 012,540,910 | ---- | M] () -- C:\\Users\\compag\\Desktop\\Rep Race 2013 - Leg 2 Audio part 1.mp3

[2014/02/19 19:32:29 | 024,668,592 | ---- | M] () -- C:\\Users\\compag\\Desktop\\Paul Hawken 2014.mp3

[2014/02/12 01:35:24 | 000,012,180 | ---- | M] () -- C:\\Users\\compag\\Desktop\\test.csv

[2014/02/12 01:07:07 | 000,071,337 | ---- | M] () -- C:\\Users\\compag\\Desktop\\BS.jpg

[2014/02/12 01:06:23 | 000,061,225 | ---- | M] () -- C:\\Users\\compag\\Desktop\\PS.jpg

[2014/02/10 07:10:42 | 003,175,836 | ---- | M] () -- C:\\Users\\compag\\Desktop\\products-2014-02-09.csv

[2014/02/06 15:50:26 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\mshtml.tlb

[2014/02/06 15:49:55 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ieetwcollectorres.dll

[2014/02/06 15:31:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\iesetup.dll

[2014/02/06 15:30:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ieetwproxystub.dll

[2014/02/06 15:22:56 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\jsproxy.dll

[2014/02/06 15:22:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\iernonce.dll

[2014/02/06 15:19:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ieui.dll

[2014/02/06 15:17:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ieUnatt.exe

[2014/02/06 15:17:18 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ieetwcollector.exe

[2014/02/06 15:16:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\jscript9diag.dll

[2014/02/06 15:04:32 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ie4uinit.exe

[2014/02/06 14:55:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\msrating.dll

[2014/02/06 14:55:36 | 004,244,480 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\jscript9.dll

[2014/02/06 14:43:13 | 000,524,288 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\msfeeds.dll

[2014/02/06 14:39:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\inetcpl.cpl

[2014/02/06 14:04:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ieapfltr.dll

[2 C:\\Users\\compag\\Desktop\\*.tmp files -> C:\\Users\\compag\\Desktop\\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/01 15:03:06 | 000,137,262 | ---- | C] () -- C:\\Users\\compag\\Desktop\\products-2014-03-01.csv

[2014/03/01 14:27:35 | 000,002,969 | ---- | C] () -- C:\\Users\\compag\\Desktop\\HiJackThis.lnk

[2014/03/01 14:04:30 | 000,000,512 | ---- | C] () -- C:\\Windows\\tasks\\SUPERAntiSpyware Scheduled Task 399b3e82-3ea0-4076-9ec6-540468bd563c.job

[2014/03/01 14:04:29 | 000,000,512 | ---- | C] () -- C:\\Windows\\tasks\\SUPERAntiSpyware Scheduled Task 64347694-cc76-4149-b9e6-f717b7f47d8b.job

[2014/03/01 14:03:23 | 000,001,961 | ---- | C] () -- C:\\Users\\Public\\Desktop\\SUPERAntiSpyware Professional.lnk

[2014/02/27 12:44:43 | 018,072,752 | ---- | C] () -- C:\\Users\\compag\\Desktop\\Dr. T. Colin Campbell 2014.mp3

[2014/02/25 17:01:15 | 019,933,232 | ---- | C] () -- C:\\Users\\compag\\Desktop\\Marc David 2014.mp3

[2014/02/25 09:47:45 | 021,135,616 | ---- | C] () -- C:\\Users\\compag\\Desktop\\WSO2-Prakash Iyer-022414.WMA

[2014/02/24 15:11:24 | 000,001,067 | ---- | C] () -- C:\\Users\\Public\\Desktop\\Malwarebytes Anti-Malware.lnk

[2014/02/22 13:29:33 | 000,001,753 | ---- | C] () -- C:\\Users\\Public\\Desktop\\iTunes.lnk

[2014/02/21 22:56:45 | 000,163,840 | -HS- | C] () -- C:\\Users\\compag\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MICROS~1.VBS

[2014/02/19 23:19:14 | 027,971,170 | ---- | C] () -- C:\\Users\\compag\\Desktop\\WSO2-Rajesh Kaveti-021814.WMA

[2014/02/19 19:35:02 | 012,540,910 | ---- | C] () -- C:\\Users\\compag\\Desktop\\Rep Race 2013 - Leg 2 Audio part 1.mp3

[2014/02/19 19:31:37 | 024,668,592 | ---- | C] () -- C:\\Users\\compag\\Desktop\\Paul Hawken 2014.mp3

[2014/02/12 01:07:07 | 000,071,337 | ---- | C] () -- C:\\Users\\compag\\Desktop\\BS.jpg

[2014/02/12 01:06:23 | 000,061,225 | ---- | C] () -- C:\\Users\\compag\\Desktop\\PS.jpg

[2014/02/10 04:26:57 | 000,012,180 | ---- | C] () -- C:\\Users\\compag\\Desktop\\test.csv

[2014/02/10 03:33:54 | 003,175,836 | ---- | C] () -- C:\\Users\\compag\\Desktop\\products-2014-02-09.csv

[2014/01/09 14:16:33 | 000,066,048 | ---- | C] () -- C:\\Windows\\System32\\PrintBrmUi.exe

[2014/01/07 23:39:19 | 000,000,083 | ---- | C] () -- C:\\Windows\\K7TSUsrInfo.dat

[2013/12/31 06:34:05 | 000,000,000 | ---- | C] () -- C:\\Windows\\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\\Windows\\assembly\\Desktop.ini

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32]

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

\"\" = %SystemRoot%\\system32\\shell32.dll -- [2013/07/26 07:25:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32]

\"\" = %systemroot%\\system32\\wbem\\fastprox.dll -- [2010/11/20 17:49:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32]

\"\" = %systemroot%\\system32\\wbem\\wbemess.dll -- [2009/07/14 06:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Both

< End of report >

tanya · « **Reply #3 on:** March 01, 2014, 10:28:41 AM »

Here is the Extras.txt -

OTL Extras logfile created on: 3/1/2014 8:43:35 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Users\\compag\\Desktop

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16518)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 63.88% Memory free

3.49 Gb Paging File | 2.45 Gb Available in Paging File | 70.17% Paging File free

Paging file location(s): ?:\\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files

Drive C: | 97.56 Gb Total Space | 64.21 Gb Free Space | 65.81% Space Free | Partition Type: NTFS

Drive D: | 146.48 Gb Total Space | 145.17 Gb Free Space | 99.10% Space Free | Partition Type: NTFS

Drive E: | 221.62 Gb Total Space | 157.67 Gb Free Space | 71.15% Space Free | Partition Type: NTFS

Computer Name: COMPAG-PC | User Name: compag | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<extension>]

.cpl [@ = cplfile] -- C:\\Windows\\System32\\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\\Windows\\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<key>\\shell\\[command]\\command]

batfile [open] -- \"%1\" %*

cmdfile [open] -- \"%1\" %*

comfile [open] -- \"%1\" %*

cplfile [cplopen] -- %SystemRoot%\\System32\\control.exe \"%1\",%* (Microsoft Corporation)

exefile [open] -- \"%1\" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\\System32\\InfDefaultInstall.exe \"%1\" (Microsoft Corporation)

piffile [open] -- \"%1\" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- \"%1\"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- \"%1\" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\\system32\\rundll32.exe %SystemRoot%\\system32\\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- \"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --playlist-enqueue \"%1\" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd \"%V\" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- \"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --no-playlist-enqueue \"%1\" (VideoLAN)

Folder [open] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center]

\"cval\" = 1

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc]

\"VistaSp1\" = Reg Error: Unknown registry data type -- File not found

\"AntiVirusOverride\" = 0

\"AntiSpywareOverride\" = 0

\"FirewallOverride\" = 0

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc\\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile]

\"DisableNotifications\" = 0

\"EnableFirewall\" = 1

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile]

\"DisableNotifications\" = 0

\"EnableFirewall\" = 1

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\PublicProfile]

\"DisableNotifications\" = 0

\"EnableFirewall\" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules]

\"{228F7DC2-BDC7-4D52-B2B8-60BB7FD2FCA3}\" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\\system32\\svchost.exe |

\"{2D8CBFDA-A206-42DE-9234-13DC5620E6BA}\" = rport=139 | protocol=6 | dir=out | app=system |

\"{3F7584A4-5FFD-4409-B5E5-A3F0D2F419B7}\" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\\system32\\svchost.exe |

\"{4701C308-BD98-4B3E-882E-DEE6A3CFF121}\" = lport=10243 | protocol=6 | dir=in | app=system |

\"{4B377148-A720-47A5-AB12-B06B2719AEAE}\" = lport=6004 | protocol=17 | dir=in | app=c:\\program files\\microsoft office\\office12\\outlook.exe |

\"{4E73AA51-69ED-422E-A890-6C18A7D58A1D}\" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

\"{5C44EE20-6093-41FF-B867-16E7D69438B0}\" = lport=137 | protocol=17 | dir=in | app=system |

\"{6FD5F47D-F6BA-4DF6-BF3D-F7A09B8FA970}\" = lport=139 | protocol=6 | dir=in | app=system |

\"{788CC156-56C9-4956-B422-1BA5B5B28E51}\" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\\system32\\svchost.exe |

\"{8E0CFC3E-A0EC-4FBC-B049-EABE8B840C3B}\" = rport=137 | protocol=17 | dir=out | app=system |

\"{94F17EF3-364A-451F-8AB9-BD9BA2BD16E5}\" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\\system32\\svchost.exe |

\"{96CF727D-5907-49B7-BFEC-555F15EA68E2}\" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\\system32\\svchost.exe |

\"{999EB99F-FFED-4BB4-AAFA-D02EEB0C4A31}\" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\\system32\\spoolsv.exe |

\"{A96BB7E1-2CB7-4DAF-A567-DC8CB1F5452D}\" = lport=445 | protocol=6 | dir=in | app=system |

\"{B67C1643-BB15-43BE-BEB7-748EBC6E8F41}\" = lport=2869 | protocol=6 | dir=in | app=system |

\"{B988D69A-FA66-48B6-B763-956BEADBA1EB}\" = rport=138 | protocol=17 | dir=out | app=system |

\"{C5CE5616-6C01-40EA-9C52-4C992C687ECA}\" = rport=445 | protocol=6 | dir=out | app=system |

\"{C7C7EBFD-6F54-4163-8AD6-C823190583C8}\" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\\system32\\svchost.exe |

\"{CCCB0DF8-F969-4296-ABC5-C1D75DC6628A}\" = lport=138 | protocol=17 | dir=in | app=system |

\"{D43C9FBF-0DA7-45C1-BC3F-B1D0615D8BB9}\" = rport=10243 | protocol=6 | dir=out | app=system |

\"{DE308684-AA92-45A0-BA40-B5244EDF8348}\" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\\system32\\svchost.exe |

\"{E38EC2F6-66BE-4DF6-B6D2-3B92731F0BE4}\" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\\system32\\svchost.exe |

\"{E7AB3A98-BD16-4F8A-BA98-EE7EEB20600E}\" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\\system32\\svchost.exe |

\"{F74409AA-3774-41A1-8F1B-6825E35D42FA}\" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\\system32\\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules]

\"{0908BB37-5FDD-4A71-9966-72CCF3714C37}\" = protocol=6 | dir=in | app=c:\\program files\\microsoft office\\office12\\onenote.exe |

\"{10EA36A8-9A5C-409E-9D5D-843DD8BC9783}\" = protocol=17 | dir=in | app=c:\\users\\compag\\appdata\\local\\google\\google talk plugin\\googletalkplugin.exe |

\"{15B0C77C-84F6-4950-8936-DF9D66DE5C96}\" = protocol=6 | dir=in | app=c:\\users\\compag\\appdata\\local\\google\\google talk plugin\\googletalkplugin.exe |

\"{1B2B38AD-71F6-4C0A-936C-B6AABB7103E1}\" = protocol=17 | dir=in | app=c:\\program files\\bonjour\\mdnsresponder.exe |

\"{2E353CD4-E7C1-404D-8155-E56B99DB8611}\" = protocol=6 | dir=out | app=%programfiles%\\windows media player\\wmpnetwk.exe |

\"{4909F3FD-2BF7-48A8-AF68-B1B5134E2799}\" = protocol=6 | dir=in | app=c:\\users\\compag\\appdata\\roaming\\utorrent\\utorrent.exe |

\"{4F3EB955-CA47-4550-B095-DAEAB28F7FB1}\" = protocol=6 | dir=out | app=system |

\"{57AA2A96-CC10-4BCF-B89C-62EE612A68C6}\" = protocol=58 | dir=in | [email protected],-28545 |

\"{608E8F0F-AAEA-4990-AFBB-AD76DAD9CF0F}\" = protocol=6 | dir=in | app=c:\\program files\\microsoft office\\office12\\groove.exe |

\"{60D3758F-83E1-4354-92F7-97E10BB8E395}\" = dir=in | app=c:\\program files\\skype\\phone\\skype.exe |

\"{68A66745-B2D1-41D4-9624-06C94C01675F}\" = protocol=6 | dir=in | app=%programfiles%\\windows media player\\wmpnetwk.exe |

\"{71E9C800-EF4B-4A92-B806-C63DF20E3FBD}\" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\\system32\\svchost.exe |

\"{763D3C27-E110-4353-99DC-BE08092D2C96}\" = protocol=17 | dir=in | app=%programfiles%\\windows media player\\wmplayer.exe |

\"{82D26153-3712-41EB-BAED-EC55A6732926}\" = protocol=17 | dir=in | app=c:\\users\\compag\\appdata\\roaming\\utorrent\\utorrent.exe |

\"{84226B46-AB48-4B5F-B0BD-F3A220EE088C}\" = dir=in | app=c:\\program files\\itunes\\itunes.exe |

\"{8D6135DE-1939-4029-92F3-8C22A630BD24}\" = protocol=17 | dir=in | app=c:\\program files\\microsoft office\\office12\\onenote.exe |

\"{9987FB9C-7D93-4566-9D31-B64414B3E7D7}\" = protocol=17 | dir=out | app=%programfiles%\\windows media player\\wmplayer.exe |

\"{B24877BA-6C13-4338-90AB-58A977EABE0F}\" = protocol=17 | dir=in | app=%programfiles%\\windows media player\\wmpnetwk.exe |

\"{BD6676E5-DBDF-4D41-B042-9431239C0C0F}\" = protocol=17 | dir=in | app=%programfiles%\\windows media player\\wmplayer.exe |

\"{C2613690-1C37-4825-A071-B74D53B10AFF}\" = protocol=58 | dir=out | [email protected],-28546 |

\"{C4282389-642F-46F9-A6BF-AF59EC688725}\" = protocol=1 | dir=out | [email protected],-28544 |

\"{C5B95EA3-B79F-4A85-81BD-BE21B9EB441F}\" = protocol=6 | dir=out | app=%programfiles%\\windows media player\\wmplayer.exe |

\"{D422B0AE-75EF-4F6D-A848-C789692316FB}\" = protocol=1 | dir=in | [email protected],-28543 |

\"{DB52F325-600A-4393-91C7-23BBBFEC28C7}\" = protocol=17 | dir=out | app=%programfiles%\\windows media player\\wmplayer.exe |

\"{DF76AE04-6E1A-49AE-8C23-B8C533169FD0}\" = protocol=6 | dir=in | app=c:\\program files\\bonjour\\mdnsresponder.exe |

\"{E1134135-EBC6-4DFB-93C4-C818A659309E}\" = protocol=6 | dir=out | app=%programfiles%\\windows media player\\wmplayer.exe |

\"{E1DB4CD1-6DA4-4595-8B57-151A7A824C13}\" = protocol=17 | dir=out | app=%programfiles%\\windows media player\\wmpnetwk.exe |

\"{F372E68B-6360-4D40-8A89-8CA9F8DBCCAE}\" = protocol=17 | dir=in | app=c:\\program files\\microsoft office\\office12\\groove.exe |

\"TCP Query User{9E8B81FA-3C7F-445B-B0D6-066F84F0A533}C:\\program files\\ps3 media server\\jre\\bin\\javaw.exe\" = protocol=6 | dir=in | app=c:\\program files\\ps3 media server\\jre\\bin\\javaw.exe |

\"UDP Query User{BFC7A529-E04B-4AC5-87E1-B9211277C6FB}C:\\program files\\ps3 media server\\jre\\bin\\javaw.exe\" = protocol=17 | dir=in | app=c:\\program files\\ps3 media server\\jre\\bin\\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]

\"{00A61104-74B5-4056-AD00-4397EF4FB141}\" = iCloud

\"{0CD47142-BA4F-46B0-AA92-2675864928B8}\" = Microsoft Security Client

\"{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}\" = Apple Mobile Device Support

\"{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}\" = Apple Application Support

\"{45A66726-69BC-466B-A7A4-12FCBA4883D7}\" = HiJackThis

\"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\" = Apple Software Update

\"{79155F2B-9895-49D7-8612-D92580E0DE5B}\" = Bonjour

\"{90120000-0015-0409-0000-0000000FF1CE}\" = Microsoft Office Access MUI (English) 2007

\"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}\" = Microsoft Office 2007 Service Pack 3 (SP3)

\"{90120000-0016-0409-0000-0000000FF1CE}\" = Microsoft Office Excel MUI (English) 2007

\"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}\" = Microsoft Office 2007 Service Pack 3 (SP3)

\"{90120000-0018-0409-0000-0000000FF1CE}\" = Microsoft Office PowerPoint MUI (English) 2007

\"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}\" = Microsoft Office 2007 Service Pack 3 (SP3)

\"{90120000-0019-0409-0000-0000000FF1CE}\" = Microsoft Office Publisher MUI (English) 2007

\"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}\" = Microsoft Office 2007 Service Pack 3 (SP3)

\"{90120000-001A-0409-0000-0000000FF1CE}\" = Microsoft Office Outlook MUI (English) 2007

\"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}\" = Microsoft Office 2007 Service Pack 3 (SP3)

\"{90120000-001B-0409-0000-0000000FF1CE}\" = Microsoft Office Word MUI (English) 2007

\"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}\" = Microsoft Office 2007 Service Pack 3 (SP3)

\"{90120000-001F-0409-0000-0000000FF1CE}\" = Microsoft Office Proof (English) 2007

\"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}\" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

\"{90120000-001F-040C-0000-0000000FF1CE}\" = Microsoft Office Proof (French) 2007

\"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}\" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

\"{90120000-001F-0C0A-0000-0000000FF1CE}\" = Microsoft Office Proof (Spanish) 2007

\"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}\" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

\"{90120000-002C-0409-0000-0000000FF1CE}\" = Microsoft Office Proofing (English) 2007

\"{90120000-0030-0000-0000-0000000FF1CE}\" = Microsoft Office Enterprise 2007

\"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}\" = Microsoft Office 2007 Service Pack 3 (SP3)

\"{90120000-0044-0409-0000-0000000FF1CE}\" = Microsoft Office InfoPath MUI (English) 2007

\"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}\" = Microsoft Office 2007 Service Pack 3 (SP3)

\"{90120000-006E-0409-0000-0000000FF1CE}\" = Microsoft Office Shared MUI (English) 2007

\"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}\" = Microsoft Office 2007 Service Pack 3 (SP3)

\"{90120000-00A1-0409-0000-0000000FF1CE}\" = Microsoft Office OneNote MUI (English) 2007

\"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}\" = Microsoft Office 2007 Service Pack 3 (SP3)

\"{90120000-00BA-0409-0000-0000000FF1CE}\" = Microsoft Office Groove MUI (English) 2007

\"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}\" = Microsoft Office 2007 Service Pack 3 (SP3)

\"{90120000-0114-0409-0000-0000000FF1CE}\" = Microsoft Office Groove Setup Metadata MUI (English) 2007

\"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}\" = Microsoft Office 2007 Service Pack 3 (SP3)

\"{90120000-0115-0409-0000-0000000FF1CE}\" = Microsoft Office Shared Setup Metadata MUI (English) 2007

\"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}\" = Microsoft Office 2007 Service Pack 3 (SP3)

\"{90120000-0117-0409-0000-0000000FF1CE}\" = Microsoft Office Access Setup Metadata MUI (English) 2007

\"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}\" = Microsoft Office 2007 Service Pack 3 (SP3)

\"{AC76BA86-7AD7-1033-7B44-AA1000000001}\" = Adobe Reader X (10.1.

\"{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}\" = iTunes

\"{CCE68200-4ED0-3E0A-A7F2-504897E356AB}\" = Google Talk Plugin

\"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\" = SUPERAntiSpyware

\"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\" = Skype™ 5.11

\"Adobe Flash Player Plugin\" = Adobe Flash Player 12 Plugin

\"ENTERPRISE\" = Microsoft Office Enterprise 2007

\"Malwarebytes\' Anti-Malware_is1\" = Malwarebytes Anti-Malware version 1.75.0.1300

\"Microsoft Security Client\" = Microsoft Security Essentials

\"Mozilla Firefox 27.0.1 (x86 en-US)\" = Mozilla Firefox 27.0.1 (x86 en-US)

\"MozillaMaintenanceService\" = Mozilla Maintenance Service

\"Picasa 3\" = Picasa 3

\"Pidgin\" = Pidgin

\"PS3 Media Server\" = PS3 Media Server

\"Scribe\" = Express Scribe

\"VLC media player\" = VLC media player 2.1.2

\"WavePad\" = WavePad Sound Editor

\"WebClient\" = WebClient

\"WinRAR archiver\" = WinRAR 4.01 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]

\"Google Chrome\" = Google Chrome

\"uTorrent\" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 3/1/2014 12:44:26 AM | Computer Name = compag-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 9407

Error - 3/1/2014 1:11:25 AM | Computer Name = compag-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/1/2014 1:11:25 AM | Computer Name = compag-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1628619

Error - 3/1/2014 1:11:25 AM | Computer Name = compag-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1628619

Error - 3/1/2014 1:11:26 AM | Computer Name = compag-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/1/2014 1:11:26 AM | Computer Name = compag-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1629992

Error - 3/1/2014 1:11:26 AM | Computer Name = compag-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1629992

Error - 3/1/2014 1:11:29 AM | Computer Name = compag-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/1/2014 1:11:29 AM | Computer Name = compag-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1632956

Error - 3/1/2014 1:11:29 AM | Computer Name = compag-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1632956

[ System Events ]

Error - 2/26/2014 2:14:24 AM | Computer Name = compag-PC | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

Error - 2/26/2014 2:14:24 AM | Computer Name = compag-PC | Source = atikmdag | ID = 43029

Description = Display is not active

Error - 2/26/2014 2:14:47 AM | Computer Name = compag-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18

Description = A fatal hardware error has occurred.    Reported by component: Processor

Core Error Source: 3 Error Type: 256 Processor ID: 0    The details view of this entry

contains further information.

Error - 2/26/2014 2:14:47 AM | Computer Name = compag-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18

Description = A fatal hardware error has occurred.    Reported by component: Processor

Core Error Source: 3 Error Type: 256 Processor ID: 0    The details view of this entry

contains further information.

Error - 2/26/2014 2:14:47 AM | Computer Name = compag-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18

Description = A fatal hardware error has occurred.    Reported by component: Processor

Core Error Source: 3 Error Type: 256 Processor ID: 0    The details view of this entry

contains further information.

Error - 2/26/2014 2:14:47 AM | Computer Name = compag-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18

Description = A fatal hardware error has occurred.    Reported by component: Processor

Core Error Source: 3 Error Type: 256 Processor ID: 1    The details view of this entry

contains further information.

Error - 2/26/2014 4:57:38 AM | Computer Name = compag-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 1:47:19 PM on ?2/?26/?2014 was unexpected.

Error - 2/26/2014 4:57:39 AM | Computer Name = COMPAG-PC | Source = BugCheck | ID = 1001

Description =

Error - 2/26/2014 4:57:35 AM | Computer Name = compag-PC | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

Error - 2/26/2014 4:57:35 AM | Computer Name = compag-PC | Source = atikmdag | ID = 43029

Description = Display is not active

< End of report >

guestolo · « **Reply #4 on:** March 01, 2014, 10:42:54 AM »

Download ComboFix from the following location

Link 1
Save it ONLY to your Desktop

--------------------------------------------------------------------
Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool

To temporarily disable Microsoft Security Essentials:

Open Microsoft Security Essentials.

Click on Settings > Real-time protection.

In the righ pane, uncheck \"Turn-on real-time protection\".

Click on the Save Changes button.

Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it\'s running, it may cause it to stall

ComboFix will/may run again on startup, it will prompt that it\'s creating a log

This process could take up to 10 minutes, let it run uninterrupted please

tanya · « **Reply #5 on:** March 01, 2014, 01:11:14 PM »

Here is the log for Combofix -

ComboFix 14-02-24.02 - compag 03/01/2014 23:28:40.1.2 - x86

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.1789.763 [GMT 5.5:30]

Running from: c:\\users\\compag\\Desktop\\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((   Files Created from 2014-02-01 to 2014-03-01 )))))))))))))))))))))))))))))))

.

.

2014-03-01 18:05 . 2014-03-01 18:05   --------   d-----w-   c:\\users\\Default\\AppData\\Local\\temp

2014-03-01 08:57 . 2014-03-01 08:57   388096   ----a-r-   c:\\users\\compag\\AppData\\Roaming\\Microsoft\\Installer\\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\\HiJackThis.exe

2014-03-01 08:57 . 2014-03-01 08:57   --------   d-----w-   c:\\program files\\Trend Micro

2014-03-01 08:33 . 2014-03-01 08:33   --------   d-----w-   c:\\users\\compag\\AppData\\Roaming\\SUPERAntiSpyware.com

2014-03-01 08:33 . 2014-03-01 08:33   --------   d-----w-   c:\\program files\\SUPERAntiSpyware

2014-03-01 08:33 . 2014-03-01 08:33   --------   d-----w-   c:\\programdata\\SUPERAntiSpyware.com

2014-02-28 12:55 . 2014-02-20 20:26   765968   ----a-w-   c:\\programdata\\Microsoft\\Microsoft Antimalware\\Definition Updates\\{2F983C2E-FF27-4557-9E0D-AFDE24EFFC59}\\gapaengine.dll

2014-02-28 12:55 . 2014-02-06 07:08   7947048   ----a-w-   c:\\programdata\\Microsoft\\Microsoft Antimalware\\Definition Updates\\{B103AF87-1A32-430A-A085-B3E2AC69D2BC}\\mpengine.dll

2014-02-27 08:33 . 2014-03-01 11:26   --------   d-----w-   c:\\users\\compag\\AppData\\Roaming\\VanToM Folder

2014-02-27 05:25 . 2014-02-06 07:08   7947048   ----a-w-   c:\\programdata\\Microsoft\\Microsoft Antimalware\\Definition Updates\\Backup\\mpengine.dll

2014-02-24 09:41 . 2014-02-24 09:41   --------   d-----w-   c:\\users\\compag\\AppData\\Roaming\\Malwarebytes

2014-02-24 09:41 . 2014-02-24 09:41   --------   d-----w-   c:\\programdata\\Malwarebytes

2014-02-24 09:41 . 2014-02-24 09:41   --------   d-----w-   c:\\program files\\Malwarebytes\' Anti-Malware

2014-02-24 09:41 . 2013-04-04 09:20   22856   ----a-w-   c:\\windows\\system32\\drivers\\mbam.sys

2014-02-24 09:40 . 2014-02-24 09:40   --------   d-----w-   c:\\users\\compag\\AppData\\Local\\Programs

2014-02-22 07:57 . 2014-02-22 07:57   --------   d-----w-   c:\\program files\\iPod

2014-02-22 07:57 . 2014-02-22 07:59   --------   d-----w-   c:\\programdata\\188F1432-103A-4ffb-80F1-36B633C5C9E1

2014-02-22 07:57 . 2014-02-22 07:59   --------   d-----w-   c:\\program files\\iTunes

2014-02-21 17:26 . 2013-09-25 15:52   163840   --sha-w-   c:\\users\\compag\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MICROS~1.VBS

2014-02-12 08:46 . 2013-12-06 02:02   2048   ----a-w-   c:\\windows\\system32\\msxml3r.dll

2014-02-12 08:46 . 2013-12-06 02:02   1237504   ----a-w-   c:\\windows\\system32\\msxml3.dll

2014-02-12 08:46 . 2013-12-24 23:09   1987584   ----a-w-   c:\\windows\\system32\\d3d10warp.dll

2014-02-12 08:46 . 2013-11-26 08:16   3419136   ----a-w-   c:\\windows\\system32\\d2d1.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-02-20 20:26 . 2014-01-23 18:59   765968   ----a-w-   c:\\programdata\\Microsoft\\Microsoft Antimalware\\Definition Updates\\NISBackup\\gapaengine.dll

2014-02-20 19:25 . 2014-01-08 08:04   71048   ----a-w-   c:\\windows\\system32\\FlashPlayerCPLApp.cpl

2014-02-20 19:25 . 2014-01-08 08:04   692616   ----a-w-   c:\\windows\\system32\\FlashPlayerApp.exe

2014-01-19 07:32 . 2014-01-07 18:20   231584   ------w-   c:\\windows\\system32\\MpSigStub.exe

2014-01-10 22:56 . 2014-01-10 22:56   646144   ----a-w-   c:\\windows\\system32\\MsSpellCheckingFacility.exe

2014-01-10 22:56 . 2014-01-10 22:56   71680   ----a-w-   c:\\windows\\system32\\RegisterIEPKEYs.exe

2014-01-10 22:56 . 2014-01-10 22:56   645120   ----a-w-   c:\\windows\\system32\\jsIntl.dll

2014-01-10 22:56 . 2014-01-10 22:56   194048   ----a-w-   c:\\windows\\system32\\elshyph.dll

2014-01-10 22:56 . 2014-01-10 22:56   182272   ----a-w-   c:\\windows\\system32\\msls31.dll

2014-01-10 22:56 . 2014-01-10 22:56   62464   ----a-w-   c:\\windows\\system32\\tdc.ocx

2014-01-10 22:56 . 2014-01-10 22:56   34816   ----a-w-   c:\\windows\\system32\\JavaScriptCollectionAgent.dll

2014-01-10 22:56 . 2014-01-10 22:56   337408   ----a-w-   c:\\windows\\system32\\html.iec

2014-01-10 22:56 . 2014-01-10 22:56   1051136   ----a-w-   c:\\windows\\system32\\mshtmlmedia.dll

2014-01-10 22:56 . 2014-01-10 22:56   24576   ----a-w-   c:\\windows\\system32\\licmgr10.dll

2014-01-10 22:56 . 2014-01-10 22:56   151552   ----a-w-   c:\\windows\\system32\\iexpress.exe

2014-01-10 22:56 . 2014-01-10 22:56   139264   ----a-w-   c:\\windows\\system32\\wextract.exe

2014-01-10 22:56 . 2014-01-10 22:56   61952   ----a-w-   c:\\windows\\system32\\MshtmlDac.dll

2014-01-10 22:56 . 2014-01-10 22:56   36352   ----a-w-   c:\\windows\\system32\\imgutil.dll

2014-01-10 22:56 . 2014-01-10 22:56   13312   ----a-w-   c:\\windows\\system32\\mshta.exe

2014-01-10 22:56 . 2014-01-10 22:56   111616   ----a-w-   c:\\windows\\system32\\IEAdvpack.dll

2014-01-10 22:56 . 2014-01-10 22:56   86016   ----a-w-   c:\\windows\\system32\\iesysprep.dll

2014-01-10 22:56 . 2014-01-10 22:56   74240   ----a-w-   c:\\windows\\system32\\SetIEInstalledDate.exe

2014-01-10 22:56 . 2014-01-10 22:56   48640   ----a-w-   c:\\windows\\system32\\mshtmler.dll

2014-01-10 22:55 . 2014-01-10 22:55   640512   ----a-w-   c:\\windows\\system32\\advapi32.dll

2014-01-10 22:55 . 2014-01-10 22:55   619520   ----a-w-   c:\\windows\\system32\\tdh.dll

2014-01-10 22:55 . 2014-01-10 22:55   3969472   ----a-w-   c:\\windows\\system32\\ntkrnlpa.exe

2014-01-10 22:55 . 2014-01-10 22:55   3914176   ----a-w-   c:\\windows\\system32\\ntoskrnl.exe

2014-01-10 22:55 . 2014-01-10 22:55   1289096   ----a-w-   c:\\windows\\system32\\ntdll.dll

2014-01-10 22:55 . 2014-01-10 22:55   338944   ----a-w-   c:\\windows\\system32\\drivers\\afd.sys

2014-01-10 22:55 . 2014-01-10 22:55   231424   ----a-w-   c:\\windows\\system32\\mswsock.dll

2014-01-10 22:55 . 2014-01-10 22:55   1294272   ----a-w-   c:\\windows\\system32\\drivers\\tcpip.sys

2014-01-10 21:37 . 2014-01-10 21:37   49152   ----a-w-   c:\\windows\\system32\\taskhost.exe

2014-01-10 21:36 . 2014-01-10 21:36   9728   ---ha-w-   c:\\windows\\system32\\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2014-01-10 21:36 . 2014-01-10 21:36   5632   ---ha-w-   c:\\windows\\system32\\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2014-01-10 21:36 . 2014-01-10 21:36   5632   ---ha-w-   c:\\windows\\system32\\api-ms-win-downlevel-ole32-l1-1-0.dll

2014-01-10 21:36 . 2014-01-10 21:36   417792   ----a-w-   c:\\windows\\system32\\WMPhoto.dll

2014-01-10 21:36 . 2014-01-10 21:36   4096   ---ha-w-   c:\\windows\\system32\\api-ms-win-downlevel-user32-l1-1-0.dll

2014-01-10 21:36 . 2014-01-10 21:36   364544   ----a-w-   c:\\windows\\system32\\XpsGdiConverter.dll

2014-01-10 21:36 . 2014-01-10 21:36   3584   ---ha-w-   c:\\windows\\system32\\api-ms-win-downlevel-advapi32-l2-1-0.dll

2014-01-10 21:36 . 2014-01-10 21:36   3072   ---ha-w-   c:\\windows\\system32\\api-ms-win-downlevel-version-l1-1-0.dll

2014-01-10 21:36 . 2014-01-10 21:36   3072   ---ha-w-   c:\\windows\\system32\\api-ms-win-downlevel-shell32-l1-1-0.dll

2014-01-10 21:36 . 2014-01-10 21:36   2560   ---ha-w-   c:\\windows\\system32\\api-ms-win-downlevel-normaliz-l1-1-0.dll

2014-01-10 21:36 . 2014-01-10 21:36   2284544   ----a-w-   c:\\windows\\system32\\msmpeg2vdec.dll

2014-01-10 21:36 . 2014-01-10 21:36   1158144   ----a-w-   c:\\windows\\system32\\XpsPrint.dll

2014-01-10 21:36 . 2014-01-10 21:36   10752   ---ha-w-   c:\\windows\\system32\\api-ms-win-downlevel-advapi32-l1-1-0.dll

2014-01-10 21:36 . 2014-01-10 21:36   906240   ----a-w-   c:\\windows\\system32\\FntCache.dll

2014-01-10 21:36 . 2014-01-10 21:36   604160   ----a-w-   c:\\windows\\system32\\d3d10level9.dll

2014-01-10 21:36 . 2014-01-10 21:36   293376   ----a-w-   c:\\windows\\system32\\dxgi.dll

2014-01-10 21:36 . 2014-01-10 21:36   249856   ----a-w-   c:\\windows\\system32\\d3d10_1core.dll

2014-01-10 21:36 . 2014-01-10 21:36   220160   ----a-w-   c:\\windows\\system32\\d3d10core.dll

2014-01-10 21:36 . 2014-01-10 21:36   207872   ----a-w-   c:\\windows\\system32\\WindowsCodecsExt.dll

2014-01-10 21:36 . 2014-01-10 21:36   187392   ----a-w-   c:\\windows\\system32\\UIAnimation.dll

2014-01-10 21:36 . 2014-01-10 21:36   161792   ----a-w-   c:\\windows\\system32\\d3d10_1.dll

2014-01-10 21:36 . 2014-01-10 21:36   1247744   ----a-w-   c:\\windows\\system32\\DWrite.dll

2014-01-10 21:36 . 2014-01-10 21:36   1230336   ----a-w-   c:\\windows\\system32\\WindowsCodecs.dll

2014-01-10 21:36 . 2014-01-10 21:36   1080832   ----a-w-   c:\\windows\\system32\\d3d10.dll

2014-01-10 21:34 . 2014-01-10 21:34   1505280   ----a-w-   c:\\windows\\system32\\d3d11.dll

2014-01-09 23:24 . 2009-07-14 02:05   152576   ----a-w-   c:\\windows\\system32\\msclmd.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]

\"Skype\"=\"c:\\program files\\Skype\\Phone\\Skype.exe\" [2012-09-10 17984688]

\"uTorrent\"=\"c:\\users\\compag\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" [2014-01-25 905296]

\"SUPERAntiSpyware\"=\"c:\\program files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe\" [2014-01-06 5625624]

.

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]

\"Adobe ARM\"=\"c:\\program files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\" [2013-04-04 958576]

\"APSDaemon\"=\"c:\\program files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\" [2014-02-05 43848]

\"MSC\"=\"c:\\program files\\Microsoft Security Client\\msseces.exe\" [2013-10-23 948440]

\"GrooveMonitor\"=\"c:\\program files\\Microsoft Office\\Office12\\GrooveMonitor.exe\" [2009-02-26 30040]

\"iTunesHelper\"=\"c:\\program files\\iTunes\\iTunesHelper.exe\" [2014-02-06 152392]

.

[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce]

\"SPReview\"=\"c:\\windows\\System32\\SPReview\\SPReview.exe\" [2014-01-09 280576]

.

c:\\users\\compag\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\

MICROS~1.VBS [2013-9-25 163840]

.

[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\policies\\system]

\"ConsentPromptBehaviorAdmin\"= 5 (0x5)

\"ConsentPromptBehaviorUser\"= 3 (0x3)

\"EnableUIADesktopToggle\"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]

\"aux\"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\!SASCORE]

@=\"\"

.

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\MsMpSvc]

@=\"Service\"

.

R2 MBAMScheduler;MBAMScheduler;c:\\program files\\Malwarebytes\' Anti-Malware\\mbamscheduler.exe [2013-04-04 418376]

R2 MBAMService;MBAMService;c:\\program files\\Malwarebytes\' Anti-Malware\\mbamservice.exe [2013-04-04 701512]

R2 SkypeUpdate;Skype Updater;c:\\program files\\Skype\\Updater\\Updater.exe [2012-09-10 160944]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\\windows\\system32\\IEEtwCollector.exe [2014-02-06 108032]

R3 MBAMProtector;MBAMProtector;c:\\windows\\system32\\drivers\\mbam.sys [2013-04-04 22856]

R3 NisDrv;Microsoft Network Inspection System;c:\\windows\\system32\\DRIVERS\\NisDrvWFP.sys [2013-09-27 104768]

R3 NisSrv;Microsoft Network Inspection;c:\\program files\\Microsoft Security Client\\NisSrv.exe [2013-10-23 280288]

R3 TsUsbFlt;TsUsbFlt;c:\\windows\\system32\\drivers\\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\\windows\\system32\\Wat\\WatAdminSvc.exe [2014-01-08 1343400]

S1 SASDIFSV;SASDIFSV;c:\\program files\\SUPERAntiSpyware\\SASDIFSV.SYS [2011-07-22 12880]

S1 SASKUTIL;SASKUTIL;c:\\program files\\SUPERAntiSpyware\\SASKUTIL.SYS [2011-07-12 67664]

S2 !SASCORE;SAS Core Service;c:\\program files\\SUPERAntiSpyware\\SASCORE.EXE [2013-10-10 120088]

S2 AMD External Events Utility;AMD External Events Utility;c:\\windows\\system32\\atiesrxx.exe [2009-08-17 176128]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\\windows\\system32\\DRIVERS\\yk62x86.sys [2009-07-13 311296]

.

.

Contents of the \'Scheduled Tasks\' folder

.

2014-03-01 c:\\windows\\Tasks\\Adobe Flash Player Updater.job

- c:\\windows\\system32\\Macromed\\Flash\\FlashPlayerUpdateService.exe [2014-01-08 19:25]

.

2014-03-01 c:\\windows\\Tasks\\GoogleUpdateTaskUserS-1-5-21-1194522279-2361252024-777755393-1000Core.job

- c:\\users\\compag\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe [2014-01-01 15:47]

.

2014-03-01 c:\\windows\\Tasks\\GoogleUpdateTaskUserS-1-5-21-1194522279-2361252024-777755393-1000UA.job

- c:\\users\\compag\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe [2014-01-01 15:47]

.

2014-03-01 c:\\windows\\Tasks\\SUPERAntiSpyware Scheduled Task 399b3e82-3ea0-4076-9ec6-540468bd563c.job

- c:\\program files\\SUPERAntiSpyware\\SASTask.exe [2013-11-07 20:08]

.

2014-03-01 c:\\windows\\Tasks\\SUPERAntiSpyware Scheduled Task 64347694-cc76-4149-b9e6-f717b7f47d8b.job

- c:\\program files\\SUPERAntiSpyware\\SASTask.exe [2013-11-07 20:08]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\\windows\\system32\\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\\progra~1\\MICROS~1\\Office12\\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.5.1

FF - ProfilePath - c:\\users\\compag\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\03l3bb40.default\\

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class\\{4D36E96D-E325-11CE-BFC1-08002BE10318}\\0000\\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

\"BlindDial\"=dword:00000000

\"MSCurrentCountry\"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\PCW\\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-03-01 23:37:37

ComboFix-quarantined-files.txt 2014-03-01 18:07

.

Pre-Run: 71,545,450,496 bytes free

Post-Run: 71,281,000,448 bytes free

.

- - End Of File - - 4645659EA234C5C9C31AB41395204861

A36C5E4F47E84449FF07ED3517B43A31

Thank you again!

guestolo · « **Reply #6 on:** March 01, 2014, 01:23:09 PM »

Your thumbdrives shouldn\'t autostart anymore since running combofix, as you know probably a lot safer

You can access drives thru Computer icon

Can you do the following:

Double click on OTL.exe and Run it

Under the Custom Scans/Fixes box at the bottom, copy/paste in the following in the quote box below. don\'t include the word Quote please

:OTL
O4 - HKCU..\\Run: [MICROS~1] wscript.exe //B \"C:\\Users\\compag\\AppData\\Local\\Temp\\MICROS~1.VBS\" File not found

O4 - Startup: C:\\Users\\compag\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MICROS~1.VBS ()

:Reg

[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce]

\"SPReview\"=-

:Files

ipconfig /flushdns /c

:Commands

[EmptyJava]

[EmptyFlash]

[EmptyTemp]

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted

A log should open, can you post it please

A copy of this log can also be found in

C:\\_OTL\\Moved Files folder

tanya · « **Reply #7 on:** March 01, 2014, 01:57:29 PM »

Done! Here is the log -

All processes killed

========== OTL ==========

Registry value HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\\\MICROS~1 not found.

C:\\Users\\compag\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MICROS~1.VBS moved successfully.

========== REGISTRY ==========

Registry value HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\\\SPReview deleted successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\\Users\\compag\\Desktop\\cmd.bat deleted successfully.

C:\\Users\\compag\\Desktop\\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: compag

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: compag

->Flash cache emptied: 19080 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: compag

->Temp folder emptied: 91177 bytes

->Temporary Internet Files folder emptied: 19494703 bytes

->FireFox cache emptied: 136574638 bytes

->Google Chrome cache emptied: 42053408 bytes

->Flash cache emptied: 0 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\\System32 .tmp files removed: 0 bytes

%systemroot%\\System32\\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1850 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 189.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 03022014_002251

Files\\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

guestolo · « **Reply #8 on:** March 01, 2014, 02:10:23 PM »

Can you do the following

Since you already formatted your thumbdrives once:

Can you format them again... Just a quick format option

Afterwards run OTL.exe again......

Choose to Run Scan

When done, only one log will be produced >> OTL.txt

Can you post it\'s contents

tanya · « **Reply #9 on:** March 01, 2014, 02:28:26 PM »

Thank you so much for your help, all thumbdrives seem clean Have formatted them again now. Below is the OTL log -

OTL logfile created on: 3/2/2014 12:49:08 AM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\\Users\\compag\\Desktop

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16518)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.59 Gb Available Physical Memory | 33.92% Memory free

3.49 Gb Paging File | 1.91 Gb Available in Paging File | 54.67% Paging File free

Paging file location(s): ?:\\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files

Drive C: | 97.56 Gb Total Space | 66.65 Gb Free Space | 68.32% Space Free | Partition Type: NTFS

Drive D: | 146.48 Gb Total Space | 145.17 Gb Free Space | 99.10% Space Free | Partition Type: NTFS

Drive E: | 221.62 Gb Total Space | 166.43 Gb Free Space | 75.10% Space Free | Partition Type: NTFS

Computer Name: COMPAG-PC | User Name: compag | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/01 20:41:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\compag\\Desktop\\OTL.exe

PRC - [2014/02/22 23:10:58 | 000,064,384 | ---- | M] (Google) -- C:\\Users\\compag\\AppData\\Local\\Google\\Google Talk Plugin\\googletalkplugin.exe

PRC - [2014/02/21 00:55:39 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\\Windows\\System32\\Macromed\\Flash\\FlashPlayerPlugin_12_0_0_70.exe

PRC - [2014/02/14 12:37:35 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\\Program Files\\Mozilla Firefox\\firefox.exe

PRC - [2014/01/11 03:07:53 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\taskhost.exe

PRC - [2014/01/07 03:07:38 | 005,625,624 | ---- | M] (SUPERAntiSpyware) -- C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe

PRC - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- C:\\Program Files\\Microsoft Security Client\\NisSrv.exe

PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\\Program Files\\Microsoft Security Client\\MsMpEng.exe

PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\\Program Files\\Microsoft Security Client\\msseces.exe

PRC - [2013/10/11 04:24:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\\Program Files\\SUPERAntiSpyware\\SASCore.exe

PRC - [2013/09/03 19:23:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamscheduler.exe

PRC - [2010/11/20 17:47:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\explorer.exe

PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\\Windows\\System32\\atieclxx.exe

PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\\Windows\\System32\\atiesrxx.exe

========== Modules (No Company Name) ==========

MOD - [2014/02/21 00:55:36 | 016,265,096 | ---- | M] () -- C:\\Windows\\System32\\Macromed\\Flash\\NPSWF32_12_0_0_70.dll

MOD - [2014/02/14 12:36:57 | 003,578,992 | ---- | M] () -- C:\\Program Files\\Mozilla Firefox\\mozjs.dll

MOD - [2014/02/06 00:52:52 | 000,073,544 | ---- | M] () -- C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\zlib1.dll

MOD - [2014/02/06 00:52:32 | 001,044,808 | ---- | M] () -- C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\libxml2.dll

========== Services (SafeList) ==========

SRV - [2014/02/21 00:55:40 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\\Windows\\System32\\Macromed\\Flash\\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/02/14 12:37:34 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\\Program Files\\Mozilla Maintenance Service\\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2014/02/06 15:17:18 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\System32\\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV - [2014/01/09 03:03:40 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\System32\\Wat\\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\\Program Files\\Microsoft Security Client\\NisSrv.exe -- (NisSrv)

SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\\Program Files\\Microsoft Security Client\\MsMpEng.exe -- (MsMpSvc)

SRV - [2013/10/11 04:24:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\\Program Files\\SUPERAntiSpyware\\SASCore.exe -- (!SASCORE)

SRV - [2013/09/03 19:23:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe -- (AdobeARMservice)

SRV - [2013/05/27 10:27:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/09/10 18:57:18 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\\Program Files\\Skype\\Updater\\Updater.exe -- (SkypeUpdate)

SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\\Windows\\System32\\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2009/07/14 06:46:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\System32\\StorSvc.dll -- (StorSvc)

SRV - [2009/07/14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\System32\\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\System32\\PeerDistSvc.dll -- (PeerDistSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\\Users\\compag\\AppData\\Local\\Temp\\catchme.sys -- (catchme)

DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\NisDrvWFP.sys -- (NisDrv)

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\mbam.sys -- (MBAMProtector)

DRV - [2011/07/22 21:57:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\\Program Files\\SUPERAntiSpyware\\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/13 03:25:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\\Program Files\\SUPERAntiSpyware\\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/11/20 18:00:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\\Windows\\System32\\drivers\\vmbus.sys -- (vmbus)

DRV - [2010/11/20 18:00:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\\Windows\\System32\\drivers\\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 18:00:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\storvsc.sys -- (storvsc)

DRV - [2010/11/20 15:54:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 15:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\winusb.sys -- (WinUsb)

DRV - [2010/11/20 14:44:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 14:44:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\vms3cap.sys -- (s3cap)

DRV - [2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\atikmdag.sys -- (atikmdag)

DRV - [2009/07/14 05:15:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\serial.sys -- (Serial)

DRV - [2009/07/14 03:43:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\AGRSM.sys -- (AgereSoftModem)

DRV - [2009/07/14 03:32:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\yk62x86.sys -- (yukonw7)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache_TIMESTAMP = 16 D5 19 57 49 0E CF 01 [binary data]

IE - HKCU\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyOverride\" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1

FF - user.js - File not found

FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\system32\\Macromed\\Flash\\NPSWF32_12_0_0_70.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=: File not found

FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=1.0: C:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@EDVR/WebClient: C:\\windows\\system32\\WebClient\\npwebclient.dll (Google)

FF - HKLM\\Software\\MozillaPlugins\\@google.com/npPicasa3,version=3.0.0: C:\\Program Files\\Google\\Picasa3\\npPicasa3.dll (Google, Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\\Software\\MozillaPlugins\\@videolan.org/vlc,version=2.1.2: C:\\Program Files\\VideoLAN\\VLC\\npvlc.dll (VideoLAN)

FF - HKLM\\Software\\MozillaPlugins\\Adobe Reader: C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\\Software\\MozillaPlugins\\@talk.google.com/GoogleTalkPlugin: C:\\Users\\compag\\AppData\\Roaming\\Mozilla\\plugins\\npgoogletalk.dll (Google)

FF - HKCU\\Software\\MozillaPlugins\\@talk.google.com/O1DPlugin: C:\\Users\\compag\\AppData\\Roaming\\Mozilla\\plugins\\npo1d.dll (Google)

FF - HKCU\\Software\\MozillaPlugins\\@talk.google.com/O3DPlugin: C:\\Users\\compag\\AppData\\Roaming\\Mozilla\\plugins\\npgtpo3dautoplugin.dll ()

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Users\\compag\\AppData\\Local\\Google\\Update\\1.3.22.5\\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Users\\compag\\AppData\\Local\\Google\\Update\\1.3.22.5\\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 27.0.1\\extensions\\\\Components: C:\\Program Files\\Mozilla Firefox\\components

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 27.0.1\\extensions\\\\Plugins: C:\\Program Files\\Mozilla Firefox\\plugins

FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 27.0.1\\extensions\\\\Components: C:\\Program Files\\Mozilla Firefox\\components

FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 27.0.1\\extensions\\\\Plugins: C:\\Program Files\\Mozilla Firefox\\plugins

[2014/01/07 23:36:22 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\compag\\AppData\\Roaming\\mozilla\\Extensions

[2014/02/14 12:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files\\Mozilla Firefox\\browser\\extensions

[2014/02/14 12:37:36 | 000,000,000 | ---D | M] (Default) -- C:\\Program Files\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.google.com/\'>http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\Application\\33.0.1750.117\\PepperFlash\\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\Application\\33.0.1750.117\\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\Application\\33.0.1750.117\\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.dll

CHR - plugin: Picasa (Enabled) = C:\\Program Files\\Google\\Picasa3\\npPicasa3.dll

CHR - Extension: Entanglement Web App = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aciahcmjmecflokailenpkdchphgkefd\\3.4.9_0\\

CHR - Extension: Google Docs = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.5_0\\

CHR - Extension: Google Drive = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\6.3_0\\

CHR - Extension: YouTube = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.6_0\\

CHR - Extension: Google Search = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.20_0\\

CHR - Extension: Poppit = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\mcbkbpnkkkipelfledbfocopglifcfmi\\2.2_0\\

CHR - Extension: Google Wallet = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\0.0.6.1_0\\

CHR - Extension: Gmail = C:\\Users\\compag\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\7_0\\

O1 HOSTS File: ([2009/06/11 03:09:37 | 000,000,824 | ---- | M]) - C:\\Windows\\System32\\drivers\\etc\\hosts

O4 - HKLM..\\Run: [APSDaemon] C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\\Run: [MSC] C:\\Program Files\\Microsoft Security Client\\msseces.exe (Microsoft Corporation)

O4 - HKCU..\\Run: [SUPERAntiSpyware] C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe (SUPERAntiSpyware)

O4 - HKCU..\\Run: [uTorrent] C:\\Users\\compag\\AppData\\Roaming\\uTorrent\\uTorrent.exe (BitTorrent Inc.)

O6 - HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions present

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDrives = 0

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel present

O7 - HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\\Windows\\System32\\GPhotos.scr (Google Inc.)

O10 - NameSpace_Catalog5\\Catalog_Entries\\000000000006 [] - C:\\Program Files\\Bonjour\\mdnsNSP.dll (Apple Inc.)

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 192.168.5.1

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{B2885AC2-8378-4262-AEDD-2365DCA7CC4E}: DhcpNameServer = 192.168.5.1

O18 - Protocol\\Handler\\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\Program Files\\Common Files\\Skype\\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\System32\\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\\Windows\\System32\\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/11 03:12:20 | 000,000,024 | ---- | M] () - C:\\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\\..comfile [open] -- \"%1\" %*

O35 - HKLM\\..exefile [open] -- \"%1\" %*

O37 - HKLM\\...com [@ = ComFile] -- \"%1\" %*

O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/02 00:22:51 | 000,000,000 | ---D | C] -- C:\\_OTL

[2014/03/01 23:37:39 | 000,000,000 | ---D | C] -- C:\\Windows\\temp

[2014/03/01 23:37:12 | 000,000,000 | -HSD | C] -- C:\\$RECYCLE.BIN

[2014/03/01 23:27:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\\Windows\\SWREG.exe

[2014/03/01 23:27:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\\Windows\\SWSC.exe

[2014/03/01 23:27:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\\Windows\\NIRCMD.exe

[2014/03/01 23:26:41 | 000,000,000 | ---D | C] -- C:\\Qoobox

[2014/03/01 23:26:11 | 000,000,000 | ---D | C] -- C:\\Windows\\erdnt

[2014/03/01 23:23:31 | 005,185,084 | R--- | C] (Swearware) -- C:\\Users\\compag\\Desktop\\ComboFix.exe

[2014/03/01 20:41:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Users\\compag\\Desktop\\OTL.exe

[2014/03/01 14:27:35 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\HiJackThis

[2014/03/01 14:27:31 | 000,000,000 | ---D | C] -- C:\\Program Files\\Trend Micro

[2014/03/01 14:03:57 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\AppData\\Roaming\\SUPERAntiSpyware.com

[2014/03/01 14:03:23 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SUPERAntiSpyware

[2014/03/01 14:03:18 | 000,000,000 | ---D | C] -- C:\\ProgramData\\SUPERAntiSpyware.com

[2014/03/01 14:03:18 | 000,000,000 | ---D | C] -- C:\\Program Files\\SUPERAntiSpyware

[2014/02/27 14:03:36 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\AppData\\Roaming\\VanToM Folder

[2014/02/24 15:11:38 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\AppData\\Roaming\\Malwarebytes

[2014/02/24 15:11:24 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Malwarebytes\' Anti-Malware

[2014/02/24 15:11:19 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Malwarebytes

[2014/02/24 15:11:15 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\\Windows\\System32\\drivers\\mbam.sys

[2014/02/24 15:11:15 | 000,000,000 | ---D | C] -- C:\\Program Files\\Malwarebytes\' Anti-Malware

[2014/02/24 15:10:54 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\AppData\\Local\\Programs

[2014/02/22 13:29:33 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\iTunes

[2014/02/22 13:27:35 | 000,000,000 | ---D | C] -- C:\\Program Files\\iPod

[2014/02/22 13:27:33 | 000,000,000 | ---D | C] -- C:\\Program Files\\iTunes

[2014/02/22 13:27:33 | 000,000,000 | ---D | C] -- C:\\ProgramData\\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2014/02/20 12:26:34 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\Desktop\\Coins

[2014/02/14 12:36:45 | 000,000,000 | ---D | C] -- C:\\Program Files\\Mozilla Firefox

[2014/02/13 11:09:07 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\Desktop\\Pics

[2014/02/13 03:02:57 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieui.dll

[2014/02/13 03:02:56 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\mshtml.tlb

[2014/02/13 03:02:56 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ie4uinit.exe

[2014/02/13 03:02:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieetwcollectorres.dll

[2014/02/13 03:02:55 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\jsproxy.dll

[2014/02/13 03:02:54 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\msrating.dll

[2014/02/13 03:02:54 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\iesetup.dll

[2014/02/13 03:02:54 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\iernonce.dll

[2014/02/13 03:02:53 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\jscript9diag.dll

[2014/02/13 03:02:53 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieUnatt.exe

[2014/02/13 03:02:53 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieetwcollector.exe

[2014/02/13 03:02:53 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieetwproxystub.dll

[2014/02/13 03:02:52 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieapfltr.dll

[2014/02/13 03:02:52 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\msfeeds.dll

[2014/02/13 03:02:48 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\inetcpl.cpl

[2014/02/13 03:02:43 | 004,244,480 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\jscript9.dll

[2014/02/12 14:16:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\msxml3r.dll

[2014/02/12 14:16:23 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\d2d1.dll

[2014/02/12 14:16:23 | 001,987,584 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\d3d10warp.dll

[2014/02/03 15:34:23 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\Desktop\\Transcription

[2014/02/03 15:32:29 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\Desktop\\PS Invoices

[2014/02/03 15:21:36 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\Desktop\\SD Card

[2014/01/31 12:44:51 | 000,000,000 | ---D | C] -- C:\\Users\\compag\\Desktop\\Iphone Music

[2 C:\\Users\\compag\\Desktop\\*.tmp files -> C:\\Users\\compag\\Desktop\\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/02 00:47:38 | 000,615,360 | ---- | M] () -- C:\\Windows\\System32\\perfh009.dat

[2014/03/02 00:47:38 | 000,103,702 | ---- | M] () -- C:\\Windows\\System32\\perfc009.dat

[2014/03/02 00:29:01 | 000,000,912 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskUserS-1-5-21-1194522279-2361252024-777755393-1000UA.job

[2014/03/02 00:24:34 | 000,067,584 | --S- | M] () -- C:\\Windows\\bootstat.dat

[2014/03/02 00:24:31 | 1406,820,352 | -HS- | M] () -- C:\\hiberfil.sys

[2014/03/02 00:23:59 | 000,010,336 | -H-- | M] () -- C:\\Windows\\System32\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/03/02 00:23:59 | 000,010,336 | -H-- | M] () -- C:\\Windows\\System32\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/03/01 23:55:01 | 000,000,830 | ---- | M] () -- C:\\Windows\\tasks\\Adobe Flash Player Updater.job

[2014/03/01 23:24:20 | 005,185,084 | R--- | M] (Swearware) -- C:\\Users\\compag\\Desktop\\ComboFix.exe

[2014/03/01 23:22:36 | 000,000,512 | ---- | M] () -- C:\\Windows\\tasks\\SUPERAntiSpyware Scheduled Task 399b3e82-3ea0-4076-9ec6-540468bd563c.job

[2014/03/01 20:41:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\compag\\Desktop\\OTL.exe

[2014/03/01 16:56:48 | 000,000,512 | ---- | M] () -- C:\\Windows\\tasks\\SUPERAntiSpyware Scheduled Task 64347694-cc76-4149-b9e6-f717b7f47d8b.job

[2014/03/01 16:54:33 | 000,137,262 | ---- | M] () -- C:\\Users\\compag\\Desktop\\products-2014-03-01.csv

[2014/03/01 15:29:04 | 000,000,860 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskUserS-1-5-21-1194522279-2361252024-777755393-1000Core.job

[2014/03/01 14:27:35 | 000,002,969 | ---- | M] () -- C:\\Users\\compag\\Desktop\\HiJackThis.lnk

[2014/03/01 14:03:23 | 000,001,961 | ---- | M] () -- C:\\Users\\Public\\Desktop\\SUPERAntiSpyware Professional.lnk

[2014/02/27 12:51:54 | 018,072,752 | ---- | M] () -- C:\\Users\\compag\\Desktop\\Dr. T. Colin Campbell 2014.mp3

[2014/02/25 17:01:56 | 019,933,232 | ---- | M] () -- C:\\Users\\compag\\Desktop\\Marc David 2014.mp3

[2014/02/25 09:48:14 | 021,135,616 | ---- | M] () -- C:\\Users\\compag\\Desktop\\WSO2-Prakash Iyer-022414.WMA

[2014/02/24 15:11:24 | 000,001,067 | ---- | M] () -- C:\\Users\\Public\\Desktop\\Malwarebytes Anti-Malware.lnk

[2014/02/22 13:29:33 | 000,001,753 | ---- | M] () -- C:\\Users\\Public\\Desktop\\iTunes.lnk

[2014/02/21 01:58:22 | 000,002,372 | ---- | M] () -- C:\\Users\\compag\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk

[2014/02/21 01:58:22 | 000,002,370 | ---- | M] () -- C:\\Users\\compag\\Desktop\\Google Chrome.lnk

[2014/02/21 00:55:39 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\\Windows\\System32\\FlashPlayerApp.exe

[2014/02/21 00:55:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\\Windows\\System32\\FlashPlayerCPLApp.cpl

[2014/02/19 23:23:37 | 027,971,170 | ---- | M] () -- C:\\Users\\compag\\Desktop\\WSO2-Rajesh Kaveti-021814.WMA

[2014/02/19 19:35:23 | 012,540,910 | ---- | M] () -- C:\\Users\\compag\\Desktop\\Rep Race 2013 - Leg 2 Audio part 1.mp3

[2014/02/19 19:32:29 | 024,668,592 | ---- | M] () -- C:\\Users\\compag\\Desktop\\Paul Hawken 2014.mp3

[2014/02/12 01:35:24 | 000,012,180 | ---- | M] () -- C:\\Users\\compag\\Desktop\\test.csv

[2014/02/12 01:07:07 | 000,071,337 | ---- | M] () -- C:\\Users\\compag\\Desktop\\BS.jpg

[2014/02/12 01:06:23 | 000,061,225 | ---- | M] () -- C:\\Users\\compag\\Desktop\\PS.jpg

[2014/02/10 07:10:42 | 003,175,836 | ---- | M] () -- C:\\Users\\compag\\Desktop\\products-2014-02-09.csv

[2014/02/06 15:50:26 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\mshtml.tlb

[2014/02/06 15:49:55 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ieetwcollectorres.dll

[2014/02/06 15:31:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\iesetup.dll

[2014/02/06 15:30:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ieetwproxystub.dll

[2014/02/06 15:22:56 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\jsproxy.dll

[2014/02/06 15:22:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\iernonce.dll

[2014/02/06 15:19:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ieui.dll

[2014/02/06 15:17:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ieUnatt.exe

[2014/02/06 15:17:18 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ieetwcollector.exe

[2014/02/06 15:16:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\jscript9diag.dll

[2014/02/06 15:04:32 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ie4uinit.exe

[2014/02/06 14:55:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\msrating.dll

[2014/02/06 14:55:36 | 004,244,480 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\jscript9.dll

[2014/02/06 14:43:13 | 000,524,288 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\msfeeds.dll

[2014/02/06 14:39:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\inetcpl.cpl

[2014/02/06 14:04:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\ieapfltr.dll

[2 C:\\Users\\compag\\Desktop\\*.tmp files -> C:\\Users\\compag\\Desktop\\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/01 23:27:10 | 000,256,000 | ---- | C] () -- C:\\Windows\\PEV.exe

[2014/03/01 23:27:10 | 000,208,896 | ---- | C] () -- C:\\Windows\\MBR.exe

[2014/03/01 23:27:10 | 000,098,816 | ---- | C] () -- C:\\Windows\\sed.exe

[2014/03/01 23:27:10 | 000,080,412 | ---- | C] () -- C:\\Windows\\grep.exe

[2014/03/01 23:27:10 | 000,068,096 | ---- | C] () -- C:\\Windows\\zip.exe

[2014/03/01 15:03:06 | 000,137,262 | ---- | C] () -- C:\\Users\\compag\\Desktop\\products-2014-03-01.csv

[2014/03/01 14:27:35 | 000,002,969 | ---- | C] () -- C:\\Users\\compag\\Desktop\\HiJackThis.lnk

[2014/03/01 14:04:30 | 000,000,512 | ---- | C] () -- C:\\Windows\\tasks\\SUPERAntiSpyware Scheduled Task 399b3e82-3ea0-4076-9ec6-540468bd563c.job

[2014/03/01 14:04:29 | 000,000,512 | ---- | C] () -- C:\\Windows\\tasks\\SUPERAntiSpyware Scheduled Task 64347694-cc76-4149-b9e6-f717b7f47d8b.job

[2014/03/01 14:03:23 | 000,001,961 | ---- | C] () -- C:\\Users\\Public\\Desktop\\SUPERAntiSpyware Professional.lnk

[2014/02/27 12:44:43 | 018,072,752 | ---- | C] () -- C:\\Users\\compag\\Desktop\\Dr. T. Colin Campbell 2014.mp3

[2014/02/25 17:01:15 | 019,933,232 | ---- | C] () -- C:\\Users\\compag\\Desktop\\Marc David 2014.mp3

[2014/02/25 09:47:45 | 021,135,616 | ---- | C] () -- C:\\Users\\compag\\Desktop\\WSO2-Prakash Iyer-022414.WMA

[2014/02/24 15:11:24 | 000,001,067 | ---- | C] () -- C:\\Users\\Public\\Desktop\\Malwarebytes Anti-Malware.lnk

[2014/02/22 13:29:33 | 000,001,753 | ---- | C] () -- C:\\Users\\Public\\Desktop\\iTunes.lnk

[2014/02/19 23:19:14 | 027,971,170 | ---- | C] () -- C:\\Users\\compag\\Desktop\\WSO2-Rajesh Kaveti-021814.WMA

[2014/02/19 19:35:02 | 012,540,910 | ---- | C] () -- C:\\Users\\compag\\Desktop\\Rep Race 2013 - Leg 2 Audio part 1.mp3

[2014/02/19 19:31:37 | 024,668,592 | ---- | C] () -- C:\\Users\\compag\\Desktop\\Paul Hawken 2014.mp3

[2014/02/12 01:07:07 | 000,071,337 | ---- | C] () -- C:\\Users\\compag\\Desktop\\BS.jpg

[2014/02/12 01:06:23 | 000,061,225 | ---- | C] () -- C:\\Users\\compag\\Desktop\\PS.jpg

[2014/02/10 04:26:57 | 000,012,180 | ---- | C] () -- C:\\Users\\compag\\Desktop\\test.csv

[2014/02/10 03:33:54 | 003,175,836 | ---- | C] () -- C:\\Users\\compag\\Desktop\\products-2014-02-09.csv

[2014/01/09 14:16:33 | 000,066,048 | ---- | C] () -- C:\\Windows\\System32\\PrintBrmUi.exe

[2014/01/07 23:39:19 | 000,000,083 | ---- | C] () -- C:\\Windows\\K7TSUsrInfo.dat

[2013/12/31 06:34:05 | 000,000,000 | ---- | C] () -- C:\\Windows\\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\\Windows\\assembly\\Desktop.ini

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32]

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

\"\" = %SystemRoot%\\system32\\shell32.dll -- [2013/07/26 07:25:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32]

\"\" = %systemroot%\\system32\\wbem\\fastprox.dll -- [2010/11/20 17:49:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32]

\"\" = %systemroot%\\system32\\wbem\\wbemess.dll -- [2009/07/14 06:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Both

< End of report >

guestolo · « **Reply #10 on:** March 01, 2014, 02:43:14 PM »

If everything is running better

Let\'s remove the tools properly

Press the Windows Key and R on your keyboard. This will bring up the Run... command.

Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the \"x\" and \"/\"), or copy/paste

Please follow the prompts to uninstall Combofix.

You will then receive a message saying Combofix was uninstalled successfully once it\'s done uninstalling itself.

Right click on OTL.exe and choose to \"Run as Administrator\"

When it opens click on the Cleanup button

Follow prompts...

Let it finish and reboot when prompted

Back in Windows, ensure that Microsoft Security Essentials protections are enabled and updated

I suggest that you run a full system scan

That should do it, I\'ll lock this topic if there are no other problems

tanya · « **Reply #11 on:** March 01, 2014, 02:51:03 PM »

Great, I\'ll do that now.

Another small query, we recently had our hard drive changed and for some reason the person who worked on it changed our PC name to Compag! It\'s a small thing but the misspelling bothers me, how do I change the name?

tanya · « **Reply #12 on:** March 01, 2014, 03:01:22 PM »

I\'ve removed Combofix and OTL, all running smooth now Thank you very much for all your help! Truly appreciate it!

guestolo · « **Reply #13 on:** March 01, 2014, 03:02:11 PM »

Try right click \"Computer\" icon and select Properties

Select \"Change Settings\" beside Computer name

Select \"Change\" beside Computer name

Select your name and OK it, reboot computer

tanya · « **Reply #14 on:** March 01, 2014, 03:16:15 PM »

Thanks so much! You\'re a star! All done

guestolo · « **Reply #15 on:** March 02, 2014, 12:48:48 PM »

Good work, I\'ll lock this topic....

Take care Tanya

TheTechGuide Forum

News:

Author Topic: USB Port Infected (Read 2184 times)

tanya

USB Port Infected

guestolo

USB Port Infected

tanya

USB Port Infected

tanya

USB Port Infected

guestolo

USB Port Infected

tanya

USB Port Infected

guestolo

USB Port Infected

tanya

USB Port Infected

guestolo

USB Port Infected

tanya

USB Port Infected

guestolo

USB Port Infected

tanya

USB Port Infected

tanya

USB Port Infected

guestolo

USB Port Infected

tanya

USB Port Infected

guestolo

USB Port Infected