Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I BELIEVE I HAVE AN RAI

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I BELIEVE I HAVE AN RAI

Unread postby p_huero » December 7th, 2013, 5:10 am

I'm running a Dell Vostro, with Vista home Pro. It came with McAfee SaaS which has been quite good, but I believe it may have been compromised.
Last month, I logged in as usual, only to realize that my computer had deleted all the files under my login. Everything stored in other locations on the HD was still intact, but it was as if I had reinstalled the software for that user only. It had also reverted to an out-of-the-box state, requiring me to customize all the settings as I had when I first got the machine.
I then crated a second Admin-level account, began using only this one, but now a month on, it has happened again. I logged on only to find my computer had reverted again to an out-of-the-box state, and all the data under the second user's folder was gone.
Additionally, it seems AVG has installed itself somehow onto IE, but I haven't used IE since I got a Trojan dropper from the "Bin Laden is Dead" news story. I didn't know it was there until recently, as I don't see it when I use Firefox. It seems also that Site Advisor was installed somehow, and it was never a part of my original McAfee SW. I ran Malwarebytes and it said there were no infections found, but since it has always said that, I don't know if I should trust it. It seems someone may be remotely causing my machine to "reinstall" vista, but can only do so for the account in use at the time.
I should also mention that at various times, e.g. when logging into facebook, the computer will freeze for about two minutes. The hard drive spins continuously, and the mouse pointer will not move. Then it reverts back to my control. I noticed this only in the last six months. This also appears to be random, but it seems to happen most often with fb. Clicking on new sites I've never visited before also causes it.
Thank you for your time, any help is much appreciated.
The DDS logs are as follows:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16520 BrowserJavaVersion: 10.45.2
Run by SYSTEM at 0:41:18 on 2013-12-07
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.864 [GMT -8:00]
.
AV: McAfee® Security-as-a-Service *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee® Security-as-a-Service *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee® Security-as-a-Service *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Windows\system32\oodag.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
C:\Program Files\McAfee\SiteAdvisor Enterprise\saHookMain.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\iashost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfeann.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myINX.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://login.live.com/login.srf?wa=wsi ... 3&id=38936
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20130920182333.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [OODefragTray] c:\windows\system32\oodtray.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [EKStatusMonitor] c:\program files\kodak\aio\statusmonitor\EKStatusMonitor.exe
mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\desktopui\XTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.1.121\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files\finalvideodownloader\fvdRunner.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {B30C9F17-BF16-481e-BAEA-44A86128E1B4} - c:\program files\freeyoutubetomp3turboconverter\ytmRunner.html
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1FA14526-FC9B-408E-9DD5-5EDAA35277B2} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{CBD7A2A8-7A7C-4642-8A3E-0A3693E40FAD} : DHCPNameServer = 192.168.1.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.1.2\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-10-29 566656]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-9-26 37664]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-1-19 64912]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-10-29 212272]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-12-13 77824]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2013-3-15 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2013-1-15 780152]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2012-8-13 177768]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2013-9-20 203840]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-9-20 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-9-20 172416]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2013-7-31 137528]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2013-9-20 291800]
R2 PST Service;PST Service;c:\program files\motorola\motforwarddaemon\ForwardDaemon.exe [2013-11-8 65657]
R2 RumorServer;McAfee Peer Distribution Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2013-9-20 291800]
R2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files\common files\avg secure search\vtoolbarupdater\17.1.2\ToolbarUpdater.exe [2013-11-12 1734680]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-10-29 235520]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-10-29 65928]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-10-29 363688]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-12-13 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-12-13 43608]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2008-12-13 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2008-12-13 235840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2013-3-20 6272]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-2 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-10-29 92632]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2008-12-13 34248]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2013-3-26 26240]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2013-3-19 21376]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2013-3-19 23936]
S3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\drivers\mr97310c.sys [2010-2-20 110592]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2008-11-17 1128944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2013-12-07 00:43:04 -------- d-----w- C:\New Folder
2013-12-07 00:43:04 -------- d-----w- \New Folder
2013-11-15 03:49:52 768512 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-11-14 04:27:08 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-11-14 04:26:58 993792 ----a-w- c:\windows\system32\crypt32.dll
2013-11-14 04:26:46 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-14 04:26:45 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-08 23:32:07 -------- d-----w- c:\programdata\Motorola
2013-11-08 23:31:54 -------- d-----w- C:\Temp
2013-11-08 23:31:54 -------- d-----w- \Temp
2013-11-08 23:31:28 -------- d-----w- c:\program files\Motorola
2013-11-08 23:31:28 -------- d-----w- c:\program files\common files\MSSoap
2013-11-08 23:31:27 -------- d-----w- c:\program files\Motorola Mobility
2013-11-08 23:30:49 -------- d-----w- c:\program files\MSXML 4.0
2013-11-08 23:28:07 -------- d-----w- c:\program files\common files\Motorola Shared
.
==================== Find3M ====================
.
2013-11-21 02:51:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-21 02:51:26 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-12 15:26:48 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-10-13 09:48:06 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-10-13 09:35:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-13 09:35:38 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 09:30:14 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-10-13 09:29:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-10-13 09:25:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-11 02:35:09 715038 ----a-w- c:\windows\unins000.exe
2013-10-08 14:50:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 0:42:12.39 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 12/13/2008 6:46:26 AM
System Uptime: 12/6/2013 2:19:08 PM (10 hours ago)
.
Motherboard: Dell Inc. | | 0M277C
Processor: Intel(R) Core(TM)2 Duo CPU T5670 @ 1.80GHz | U2E1 | 1200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 4.545 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.149 GiB free.
E: is CDROM (UDF)
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0002
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0002
Service: tunmp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0003
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0003
Service: tunmp
.
==== System Restore Points ===================
.
RP848: 12/3/2013 11:11:00 AM - Scheduled Checkpoint
RP849: 12/4/2013 3:33:34 PM - Scheduled Checkpoint
RP850: 12/5/2013 5:15:32 PM - Scheduled Checkpoint
RP851: 12/6/2013 3:57:44 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5
Advanced Audio FX Engine
Advanced Video FX Engine
aioprnt
aioscnnr
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 5
AVG SafeGuard toolbar
Bonjour
Business Tools Launcher
C4USelfUpdater
CCleaner
center
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
DC-Bass Source 1.3.0
Dell Getting Started Guide
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card Utility
DirectVobSub 2.40.4209
DirectX 9 Runtime
DVR4800 1.0
EDocs
essentials
ffdshow v1.1.4399 [2012-03-22]
File Type Assistant
File Uploader
Final Media Player 2012
Final Video Downloader 2013
Free Audio Converter version 2.0
Free Video Dub version 1.8
Free YouTube to MP3 TURBO Converter 2012
Google Talk Plugin
Haali Media Splitter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
InfraRecorder
Intel(R) Graphics Media Accelerator Driver
iTunes
Java 7 Update 45
Java Auto Updater
Kodak AIO Printer
KODAK AiO Software
ksDIP
Lagarith Lossless Codec (1.3.27)
LAME v3.99.3 (for Windows)
Laptop Integrated Webcam Driver (1.01.01.0529)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
LP Recorder
LP Ripper
Malwarebytes' Anti-Malware
McAfee Browser Protection Service
McAfee Firewall Protection Service
McAfee Security Scan Plus
McAfee SiteAdvisor Enterprise
McAfee Virtual Technician
McAfee Virus and Spyware Protection Service
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Basic 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
MioMore Desktop
Motorola Device Manager
Motorola Device Software Update
Motorola Mobile Drivers Installation 6.2.0
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
MY CAMERA
Nikon Message Center
Nikon Transfer
O&O Defrag Professional Edition
ocr
OpenSource Flash Video Splitter 1.0.0.5
OTC Scanning Suite
Personal Entertainment Launcher
Photo Viewer
Picture Control Utility
Pinnacle Instant DVD Recorder
PreReq
PrintProjects
Product Support Launcher
QuickSet
QuickTime
RCA Detective™ 2.0.0.99
RCA Digital Voice Manager 5.1.1.2
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio CinePlayer Decoder Pack
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Easy VHS to DVD
Roxio Easy VHS to DVD Content
Roxio Express Labeler 3
Roxio Update Manager
Roxio Video Capture USB Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Smartparts Desktop
Sonic CinePlayer Decoder Pack
Synaptics Pointing Device Driver
Ulead Photo Express 4.0 SE
Uninstall 1.0.0.1
Uninstall Dual Mode Camera
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Video Capture USB
ViewNX
Visual C++ 8.0 x86 Runtime Setup Package
Wave Corrector DeClick version 1.1
Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
Windows Driver Package - SPX Service Solutions, Inc (spxusb) Ports (13/04/2009 1.03)
Windows Driver Package - SPX Service Solutions, Inc (usbser) Ports (10/02/06 )
WinX Video Converter 4.5.18
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
12/6/2013 2:21:10 PM, Error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.
12/6/2013 2:21:10 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/30/2013 7:16:34 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f020b: SAMSUNG Electronics Co., Ltd. - Other hardware - SAMSUNG Mobile USB Composite Device.
.
==== End Of File ===========================
p_huero
Regular Member
 
Posts: 30
Joined: December 7th, 2013, 4:08 am
Advertisement
Register to Remove

Re: I BELIEVE I HAVE AN RAI

Unread postby nunped » December 10th, 2013, 4:14 am

Hello p_huero, and welcome to the forum.

My name is nunped and I'll be helping you with any malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Here are some guidelines for the cleaning process to run as easy as possible.

  1. Please read this topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. You must have Administrator rights permissions for this computer.
  4. DO NOT run any other fix or removal tools unless instructed to do so!
  5. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  6. Only post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  7. Only reply to this thread. Do not start another thread.
  8. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  9. No Reply Within 3 Days will result in your topic being closed!


Read through these instructions with your full attention.
Please ask first if you have any doubts.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: I BELIEVE I HAVE AN RAI

Unread postby nunped » December 10th, 2013, 4:57 am

Hello p_huero,

Follow these next steps, please:

Step 1 - OTL
Please download OTL by Old Timer. Save it to your Desktop.
If you can't download the exe file, try these links:
http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
  • Right-click OTL.exe (or OTL.com or OTL.scr) and select "Run as Administrator" to launch the program.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  • Please post the contents of both OTL.txt and Extras.txt files in your next reply.


Step 2 - TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select "run as administrator" to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  • Click the Start Scan button. Do not use the computer during the scan!
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C: ).
  • Copy and paste the contents of that file in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: I BELIEVE I HAVE AN RAI

Unread postby p_huero » December 11th, 2013, 3:37 pm

Right! Thank you, and I will respond later with the results of same. Data has been already backed up, although I must say I am loathe to repave. I also installed the service pack from the link on your site, and that helped tremendously...more on that later though.
p_huero
Regular Member
 
Posts: 30
Joined: December 7th, 2013, 4:08 am

Re: I BELIEVE I HAVE AN RAI

Unread postby p_huero » December 11th, 2013, 4:03 pm

OTL logfile created on: 12/11/2013 11:41:05 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\D-QUAD\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 42.44% Memory free
4.92 Gb Paging File | 3.55 Gb Available in Paging File | 72.21% Paging File free
Paging file location(s): c:\pagefile.sys 3055 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.24 Gb Total Space | 4.38 Gb Free Space | 3.14% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 1.15 Gb Free Space | 11.77% Space Free | Partition Type: NTFS
Drive I: | 241.50 Mb Total Space | 241.50 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: SYSAD-00 | User Name: D-QUAD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/11 11:39:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\D-QUAD\Downloads\OTL.exe
PRC - [2013/11/20 18:51:26 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
PRC - [2013/11/15 21:09:24 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/11/15 06:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2013/11/14 16:18:02 | 000,698,680 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2013/11/12 07:26:47 | 002,420,248 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/11/12 07:26:47 | 001,734,680 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
PRC - [2013/11/12 07:26:46 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
PRC - [2013/07/25 13:24:22 | 000,291,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2013/04/26 09:10:34 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2013/04/26 09:07:26 | 000,169,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2013/04/26 09:05:54 | 000,037,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfeann.exe
PRC - [2013/04/26 09:05:26 | 000,203,840 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/11/13 03:28:30 | 000,480,872 | ---- | M] () -- C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
PRC - [2012/08/13 08:40:04 | 000,104,040 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor Enterprise\saHookMain.exe
PRC - [2012/08/13 08:39:58 | 000,177,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
PRC - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2010/10/27 16:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/09/02 22:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
PRC - [2010/08/25 08:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 08:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/15 16:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/20 05:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2008/08/27 00:39:42 | 000,071,512 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe
PRC - [2008/02/22 15:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/02/21 21:14:22 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/21 21:14:18 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2008/01/20 18:24:05 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
PRC - [2007/07/27 14:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/05/10 23:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) -- C:\Windows\System32\oodag.exe
PRC - [2007/05/10 23:08:54 | 002,512,392 | ---- | M] (O&O Software GmbH) -- C:\Windows\System32\oodtray.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/20 18:51:25 | 016,237,448 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_9_900_152.dll
MOD - [2013/11/15 21:09:23 | 003,363,952 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/11/12 07:26:48 | 000,142,360 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\SiteSafety.dll
MOD - [2013/11/12 07:26:47 | 002,420,248 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/11/12 07:26:47 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\log4cplusU.dll
MOD - [2013/08/16 09:23:19 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll
MOD - [2013/08/16 09:23:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
MOD - [2013/08/16 09:12:29 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/26 19:10:50 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2013/07/25 13:10:10 | 000,198,688 | ---- | M] () -- C:\Program Files\McAfee\Managed VirusScan\VScan\MVSShExt6.0.0.449.dll
MOD - [2013/05/08 05:51:49 | 000,019,056 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2012/11/13 03:28:32 | 000,403,048 | ---- | M] () -- C:\Program Files\McAfee\Managed VirusScan\DesktopUI\Win32RenderingEngine.dll
MOD - [2012/11/13 03:28:30 | 000,480,872 | ---- | M] () -- C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
MOD - [2011/06/24 19:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 19:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/07/03 04:28:14 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter)
SRV - [2013/11/15 21:09:23 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/15 06:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2013/11/12 07:26:47 | 001,734,680 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe -- (vToolbarUpdater17.1.2)
SRV - [2013/07/25 13:24:22 | 000,291,800 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (RumorServer)
SRV - [2013/07/25 13:24:22 | 000,291,800 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (myAgtSvc)
SRV - [2013/04/26 09:10:34 | 000,172,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2013/04/26 09:07:26 | 000,169,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2013/04/26 09:05:26 | 000,203,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/08/13 08:39:58 | 000,177,768 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)
SRV - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/09/02 22:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/18 08:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/17 08:51:58 | 001,128,944 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11)
SRV - [2008/08/27 00:39:42 | 000,071,512 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2008/02/21 21:14:18 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/10 23:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Windows\System32\oodag.exe -- (O&O Defrag)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- c:\program files\dell support center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Motousbnet.sys -- (Motousbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motswch.sys -- (MotoSwitchService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\motoandroid.sys -- (motandroidusb)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motfilt.sys -- (BTCFilterService)
DRV - [2013/11/12 07:26:48 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/04/26 09:10:46 | 000,212,272 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2013/04/26 09:09:24 | 000,092,632 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2013/04/26 09:08:26 | 000,566,656 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2013/04/26 09:07:36 | 000,363,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2013/04/26 09:07:16 | 000,065,928 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2013/04/26 09:06:56 | 000,235,520 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2013/04/26 09:06:24 | 000,133,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 07:25:30 | 000,064,912 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010/06/23 06:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/12/15 12:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/12/15 12:29:42 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2008/09/12 12:22:54 | 000,540,288 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2008/09/12 12:22:24 | 000,443,520 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2008/08/27 00:39:52 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008/08/27 00:39:46 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/07/16 21:32:12 | 000,235,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM13Vid.sys -- (OEM13Vid)
DRV - [2008/07/16 21:32:10 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM13Vfx.sys -- (OEM13Vfx)
DRV - [2008/07/03 04:28:02 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/05/18 17:29:08 | 000,110,592 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mr97310c.sys -- (mr97310c)
DRV - [2008/02/21 21:24:52 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/20 18:23:26 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2008/01/20 18:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/12/12 08:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/11/01 23:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/12/21 06:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 06:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 06:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2001/08/17 18:06:02 | 000,154,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Icam4USB.sys -- (Icam4USB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1001\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/internetexplorer/welcome
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1001\..\SearchScopes,DefaultScope = {BAC2C1BD-05EB-4C91-B151-FC90D265A7F7}
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1001\..\SearchScopes\{073642E1-F270-4A90-A29D-CCD8F5BC8568}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1001\..\SearchScopes\{AC0E3D8A-2D1C-4B7C-BB94-B5821B8CF86E}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1001\..\SearchScopes\{BAC2C1BD-05EB-4C91-B151-FC90D265A7F7}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1002\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/internetexplorer/welcome
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1002\..\SearchScopes,DefaultScope = {F4106E3F-D5B3-48FE-89E0-ED45CC60B1BE}
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1002\..\SearchScopes\{8D50D4B4-0D93-439A-933D-E5992AE263D8}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1002\..\SearchScopes\{F4106E3F-D5B3-48FE-89E0-ED45CC60B1BE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1002\..\SearchScopes\{FFC32F8A-8FAA-451C-8682-559AE79B24CB}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.live.com/login.srf?wa=wsi ... 3&id=38936
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\..\SearchScopes,DefaultScope = {ABC3CA36-E780-4B73-B329-B8F5212EDE8F}
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\..\SearchScopes\{ABC3CA36-E780-4B73-B329-B8F5212EDE8F}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\..\SearchScopes\{CE73BBF2-084F-47A8-AEE6-66CA65CB54B2}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\..\SearchScopes\{EDD48747-1D54-4137-B1AB-B3CD51762538}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "WWW.OUTLOOK.COM"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.MarineAquarium3Free_57.com/Plugin: C:\Program Files\MarineAquarium3Free_57EI\Installr\1.bin\NP57EISB.dll (Marine Aquarium Lite)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor Enterprise\NPMcFFPlg.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\downloader@freeyoutubetomp3converter.org: C:\Program Files\FreeYouTubeToMP3TURBOConverter\Firefox [2012/09/26 13:16:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013/12/11 09:33:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.1.2.1 [2013/11/12 07:27:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\downloader@finalvideotools.com: C:\Program Files\FinalVideoDownloader\Firefox [2013/09/26 18:34:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/15 21:09:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/10/21 11:46:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\D-QUAD\AppData\Roaming\Mozilla\Extensions
[2013/10/21 11:52:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\D-QUAD\AppData\Roaming\Mozilla\Firefox\Profiles\nt2oyp2q.default\extensions
[2013/11/15 21:09:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/15 21:09:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/15 21:09:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130920182333.dll (McAfee, Inc.)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe ()
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [OODefragTray] C:\Windows\System32\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.dll (Pinnacle Systems)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - Startup: C:\Users\SYSAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3637950117-3411936004-4287588756-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3637950117-3411936004-4287588756-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: Download Video - {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files\FinalVideoDownloader\fvdRunner.html ()
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe File not found
O9 - Extra Button: Download Video - {B30C9F17-BF16-481e-BAEA-44A86128E1B4} - C:\Program Files\FreeYouTubeToMP3TURBOConverter\ytmRunner.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3637950117-3411936004-4287588756-1002\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3637950117-3411936004-4287588756-1002\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3637950117-3411936004-4287588756-1002\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FA14526-FC9B-408E-9DD5-5EDAA35277B2}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBD7A2A8-7A7C-4642-8A3E-0A3693E40FAD}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\$PIX\111218\DSCN0880.JPG
O24 - Desktop BackupWallPaper: C:\$PIX\111218\DSCN0880.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/11 11:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/12/11 11:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/12/11 11:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/12/11 11:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/12/09 15:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Device Manager
[2013/12/09 15:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2013/12/07 17:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2013/12/07 01:21:13 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/12/06 16:43:04 | 000,000,000 | ---D | C] -- C:\New Folder
[2013/11/15 21:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/14 19:49:52 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/11/14 19:49:51 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/11/14 19:49:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/11/14 19:49:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/11/14 19:49:51 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/11/14 19:49:50 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/11/14 19:49:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/11/14 19:49:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/11/13 20:26:45 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013/10/20 21:27:19 | 000,800,824 | ---- | C] (Microsoft Corporation) -- C:\Users\D-QUAD\AppData\Roaming\DPInst.exe
[2013/10/20 21:27:19 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Users\D-QUAD\AppData\Roaming\gacutil.exe
[2013/10/20 21:27:17 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Users\D-QUAD\AppData\Roaming\PnPutil.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/11 11:48:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3637950117-3411936004-4287588756-1001UA.job
[2013/12/11 11:36:00 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\DigitalSite.job
[2013/12/11 11:16:34 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/11 11:16:34 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/11 11:10:13 | 000,001,670 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/12/11 09:23:44 | 009,832,404 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/11 09:23:44 | 003,435,472 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/11 09:16:49 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2013/12/11 09:16:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/11 09:16:27 | 001,027,985 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2013/12/09 21:48:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3637950117-3411936004-4287588756-1001Core.job
[2013/12/07 16:58:18 | 000,001,619 | ---- | M] () -- C:\Users\D-QUAD\Desktop\Backup.lnk
[2013/11/30 19:07:13 | 144,276,732 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/11/20 18:51:26 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/11/20 18:51:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/11/15 21:00:07 | 000,000,949 | ---- | M] () -- C:\Users\D-QUAD\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/15 21:00:01 | 000,000,955 | ---- | M] () -- C:\Users\D-QUAD\Desktop\Internet Explorer.lnk
[2013/11/12 07:28:00 | 000,003,745 | ---- | M] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/11/12 07:26:48 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/11 11:10:13 | 000,001,670 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/12/07 16:58:18 | 000,001,619 | ---- | C] () -- C:\Users\D-QUAD\Desktop\Backup.lnk
[2013/11/15 21:00:07 | 000,000,949 | ---- | C] () -- C:\Users\D-QUAD\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/15 21:00:01 | 000,000,955 | ---- | C] () -- C:\Users\D-QUAD\Desktop\Internet Explorer.lnk
[2013/11/13 20:26:46 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2013/11/12 07:25:56 | 144,276,732 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/10/20 21:39:30 | 000,003,584 | ---- | C] () -- C:\Users\D-QUAD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/20 21:27:19 | 000,000,181 | ---- | C] () -- C:\Users\D-QUAD\AppData\Roaming\gacutil.exe.config
[2013/10/10 18:35:47 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013/10/10 18:35:46 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013/10/10 18:35:29 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013/10/10 18:35:29 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2013/10/10 18:35:12 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2013/10/10 18:35:10 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2013/10/10 18:35:10 | 000,001,784 | ---- | C] () -- C:\Windows\unins000.dat
[2013/09/26 18:32:37 | 000,003,745 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2011/05/01 19:54:00 | 000,009,250 | -HS- | C] () -- C:\ProgramData\e6cj5tlvi1v865yfa8f352520352u236
[2010/12/25 18:26:48 | 000,000,268 | RH-- | C] () -- C:\ProgramData\SupportPrinters
[2010/12/25 18:26:48 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/12/25 18:26:48 | 000,000,012 | RH-- | C] () -- C:\ProgramData\SystemConfiguration
[2010/12/25 18:12:07 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Strings
[2010/12/25 18:12:07 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/12/25 18:12:07 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Synth Leads
[2009/01/30 09:09:44 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2006/11/02 04:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 22:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
EXTRAS.TXT:
OTL Extras logfile created on: 12/11/2013 11:41:05 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\D-QUAD\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 42.44% Memory free
4.92 Gb Paging File | 3.55 Gb Available in Paging File | 72.21% Paging File free
Paging file location(s): c:\pagefile.sys 3055 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.24 Gb Total Space | 4.38 Gb Free Space | 3.14% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 1.15 Gb Free Space | 11.77% Space Free | Partition Type: NTFS
Drive I: | 241.50 Mb Total Space | 241.50 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: SYSAD-00 | User Name: D-QUAD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3637950117-3411936004-4287588756-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3637950117-3411936004-4287588756-1001]
"EnableNotifications" = 1
"EnableNotificationsRef" = 5

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3637950117-3411936004-4287588756-1004]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{124F1EC7-26AC-4070-A2AA-05C2D4778D21}" = rport=445 | protocol=6 | dir=out | app=system |
"{21F8C97E-93FA-4658-8739-95964D033F75}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{234468E8-6011-4FC7-82EA-0101E65AA740}" = lport=139 | protocol=6 | dir=in | app=system |
"{3501DA97-0354-45B4-A224-53052D6231DA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4030D4EF-0A3B-4DA7-98EC-749D63D56487}" = lport=137 | protocol=17 | dir=in | app=system |
"{51F570AF-8514-471C-9337-681BCB4A046B}" = lport=445 | protocol=6 | dir=in | app=system |
"{5741F41D-3B99-42B2-B06D-9ACF600AC62B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{5EB34972-3AF6-44EC-A733-28C0918DDE6E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5F8EA0BF-7F57-4961-AA66-B5B3EBD33B80}" = rport=138 | protocol=17 | dir=out | app=system |
"{6C00EE62-586A-4147-B7C7-EE42868E7175}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{71B10372-0C82-42D4-9199-CC15C7432A90}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{845B932D-F8ED-4187-B4E2-7BF4FA84DC4D}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{8FC1FAFA-7029-45F6-AB81-7DF6543EE409}" = lport=138 | protocol=17 | dir=in | app=system |
"{905010D6-1E0B-4DB0-9923-1F9D2F63C81B}" = rport=139 | protocol=6 | dir=out | app=system |
"{A09EA41F-6057-4474-B66A-6B403073C0C8}" = rport=137 | protocol=17 | dir=out | app=system |
"{BC78D5CB-3B26-4F5F-97F9-34C4C37AB0A3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BE5B7E6B-CC0A-40BA-8A76-048D9A910481}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C456F139-FB35-4E91-BA89-203AD744CD67}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{D199DD43-5495-4A75-9989-AE6DC608C6D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EB06B164-84E8-4F1C-822A-63E5E002D872}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F8D8790E-B691-4A09-B3F9-5270BE3FBA5D}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{F98EE123-0460-49E5-B5E0-1AA9B70E8AB1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FFD5DFE3-18CE-4B7B-AA70-EA2DF1CEC284}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{018BF563-5D13-42D7-82E7-6FD54F2B0BCC}" = dir=in | app=c:\program files\finalmediaplayer\fmpcheckforupdates.exe |
"{03ADD289-3E58-467B-B892-F8A69405AF90}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{09A75F2D-2880-45E4-97D3-4B9D41C230B0}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{0D71E59E-E1BF-4CD2-B750-343FE8EEE44A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{154F3DE7-7D43-441E-A427-BEC3E1AEB7B7}" = protocol=17 | dir=in | app=c:\users\sysad\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{1685A055-F916-433D-B309-96DB2246E460}" = dir=in | app=c:\program files\finalmediaplayer\fmpcheckforupdates.exe |
"{190B08B0-7A45-4CC5-8484-5E337559D6CA}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{19ED4739-509E-49EA-B936-94366200C851}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{2111BEE1-B5ED-4935-BED2-702569F0BBA4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{24D5D2C2-F8EA-4448-AE3E-3D49BF6611D0}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{299519BB-84F8-467E-849E-61D36CDE8B87}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{29CAB5A0-FE52-4583-844A-1EF54391A477}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{2AE14E10-26E5-47BC-A191-21B9894CC8A9}" = dir=in | app=c:\program files\file type assistant\tsassist.exe |
"{30C86BAB-9560-4057-A858-DDCA69FE8B97}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{40B6C0A0-83DB-47C3-9CF1-1358542608B7}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{45F3BC2B-98DE-4981-9335-D7CA4BA4D134}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{47ABF2A0-F59F-404F-9C5A-AABB50B178EF}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{4A81D993-6EF3-4F2A-A631-9A4C4DCF7744}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{4FB1605A-71CB-4C2B-BD11-89006925C4D8}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{61FDC301-D2CF-4109-BDE0-3DF9F47FA7A7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7159CB5B-0009-4E77-981E-13383B1ED161}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{76354501-E2B5-4BB7-8252-177D647F16C1}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{7DE8F09E-1479-4BF6-A35C-A904284DF6A8}" = dir=in | app=c:\users\sysad\appdata\local\microsoft\skydrive\skydrive.exe |
"{858EA03F-FF41-403C-BF06-1A2CF5AE1F0F}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8AF42DDC-2BA2-4D87-B93C-D3FE2F0E0BB1}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{90336C74-50F8-4A40-B9A5-B72DB86A24FF}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{93309922-8D75-4799-B439-D210C44DEE76}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{96D4A8C9-9233-458E-90D8-3A9C1DA3D70B}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{97916CFA-1A2B-4DD2-A18F-96A9528384AA}" = dir=in | app=c:\program files\finalmediaplayer\fmpcheckforupdates.exe |
"{97D2C7F5-4289-4C37-BFC5-A161C7FC67F9}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{99DDABCD-807F-4C90-BBFF-36630EDF5991}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{9FCEC294-CF56-4AC3-8698-BE78DA5A0A02}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{A15954B4-A347-424B-B4CF-9BFD9B1BCF8B}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{A900BF5A-1385-4087-BF97-1328CB675819}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{AE6DC4E9-883F-4D67-9710-97F3CA42FC97}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B095F833-3C98-464A-AC4A-25AD98D75161}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B0CB8BEB-52D1-49C6-B1C1-B6ED39CCACE2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B11A4F05-0C28-4C40-8C61-0A61493659D4}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{BB06FBF5-6960-47D3-9F63-472D81E5756C}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{D4DDE050-3A5D-4D2D-92CA-BE654AD45B6C}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{E179EE94-3A04-48CF-9144-DF2EAD129540}" = protocol=6 | dir=in | app=c:\users\sysad\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{E76EA91B-B28C-47C8-948B-1190EF7AB79A}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{F06FFA2F-75C3-4822-9EDE-7B370309EBF2}" = protocol=6 | dir=in | app=c:\users\sysad\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{F99FA185-6613-45D7-B7D0-603215228BAB}" = protocol=17 | dir=in | app=c:\users\sysad\appdata\local\google\google talk plugin\googletalkplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{00CB213D-CA43-4CB7-A9ED-808E1D0E4739}" = Video Capture USB
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{067c667a-4268-4d5f-b857-5be71754b520}" = OTC Scanning Suite
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1D53B6F9-E66E-42D8-A221-4FF8AC134FD7}" = Roxio Activation Module
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{21ABEA96-CCAB-4C40-8699-6BDFEC5FD63C}" = Roxio Easy VHS to DVD Content
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{306AC1F8-42D9-4639-B412-ABCB7F01F85A}" = Smartparts Desktop
"{3383136B-4F86-4F05-8612-DD4BB16A1EAE}" = Roxio Easy VHS to DVD
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{37F964E4-9C3F-4066-B933-1747D3AC6737}" = Personal Entertainment Launcher
"{388887F6-0661-4C80-B272-A6A23EFC7A31}" = MY CAMERA
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4850B023-A9C0-4D15-8DE6-326028CAB499}" = Visual C++ 8.0 x86 Runtime Setup Package
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{53480330-E1D1-41CA-B8F8-7F78644F7F50}" = O&O Defrag Professional Edition
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75685CA8-0B74-45BB-9C64-744A0FB79EDC}" = Business Tools Launcher
"{7617FC2E-EA1B-4F07-A0F5-5D5F437CB32D}" = MioMore Desktop
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7919D8D9-69FB-4E94-B330-04C4AF251867}" = Roxio Easy VHS to DVD
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8215AC14-BFC2-4ECC-96D6-1030202F8BDF}" = Visual C++ 8.0 x86 Runtime Setup Package
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}" = Motorola Device Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}" = McAfee Virtual Technician
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_BASICR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A55747C1-4651-433D-B082-478874FF7516}" = Motorola Mobile Drivers Installation 6.3.0
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}" = Product Support Launcher
"{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C0FE37FA-0886-4B66-B01B-76CF70FB77AB}" = Roxio CinePlayer Decoder Pack
"{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DDB824DA-C431-3A3E-B997-F4B5539838FC}" = Google Talk Plugin
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E40D6E16-6D7D-4AF3-9E13-B3A308571E81}" = Roxio Easy VHS to DVD
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F44F0A3A-2110-4705-B5EC-D5B6371F53C1}" = Visual C++ 8.0 x86 Runtime Setup Package
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"{F6B2ED65-7378-4065-802D-F2E5689F3A4E}" = Photo Viewer
"{FD59A4BA-8486-43C8-97C7-2536725FD09C}" = McAfee SiteAdvisor Enterprise
"2FE89524DCB9993BBE35C3B1F50969BE84CDC26C" = Windows Driver Package - SPX Service Solutions, Inc (spxusb) Ports (13/04/2009 1.03)
"45C76934E7F547DB6EAFC059D897430F43112A87" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
"726385ED6E9BD02F0F3E4611AEEAD174ADDDC0F2" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"BASICR" = Microsoft Office Basic 2007
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529)
"DC-Bass Source" = DC-Bass Source 1.3.0
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"DVR4800_is1" = DVR4800 1.0
"EF0DC109140519CEDBEF47D748890F9061EDC199" = Windows Driver Package - SPX Service Solutions, Inc (usbser) Ports (10/02/06 )
"ffdshow_is1" = ffdshow v1.1.4399 [2012-03-22]
"FinalMediaPlayer_is1" = Final Media Player 2012
"FinalVideoDownloader_is1" = Final Video Downloader 2013
"Free Audio Converter_is1" = Free Audio Converter version 2.0
"Free Video Dub_is1" = Free Video Dub version 1.8
"FreeYoutubeToMP3TURBOConverter_is1" = Free YouTube to MP3 TURBO Converter 2012
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InfraRecorder" = InfraRecorder
"LAME_is1" = LAME v3.99.3 (for Windows)
"LP Recorder" = LP Recorder
"LP Ripper" = LP Ripper
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Managed Firewall" = McAfee Firewall Protection Service
"McAfee Security Scan" = McAfee Security Scan Plus
"McAfeeBrowserProtection" = McAfee Browser Protection Service
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MVS" = McAfee Virus and Spyware Protection Service
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter 1.0.0.5
"PrintProjects" = PrintProjects
"RCA Detective™_is1" = RCA Detective™ 2.0.0.99
"RCA Digital Voice Manager_is1" = RCA Digital Voice Manager 5.1.1.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trusted Software Assistant_is1" = File Type Assistant
"TVEpaDrv" = Roxio Video Capture USB Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"vsfilter_is1" = DirectVobSub 2.40.4209
"Wave Corrector DeClick_is1" = Wave Corrector DeClick version 1.1
"WinX Video Converter_is1" = WinX Video Converter 4.5.18
"Xvid Video Codec 1.3.2" = Xvid Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3637950117-3411936004-4287588756-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/11/2012 11:13:34 AM | Computer Name = SYSAD-00 | Source = WinMgmt | ID = 10
Description =

Error - 9/11/2012 10:12:45 PM | Computer Name = SYSAD-00 | Source = Windows Search Service | ID = 3013
Description =

Error - 9/12/2012 9:18:49 PM | Computer Name = SYSAD-00 | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.67:5353 15 67.1.168.192.in-addr.arpa.
PTR SYSAD-2.local.

Error - 9/12/2012 9:18:49 PM | Computer Name = SYSAD-00 | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 16 67.1.168.192.in-addr.arpa.
PTR SYSAD-00.local.

Error - 9/12/2012 9:20:09 PM | Computer Name = SYSAD-00 | Source = WinMgmt | ID = 10
Description =

Error - 9/12/2012 9:23:15 PM | Computer Name = SYSAD-00 | Source = LoadPerf | ID = 3012
Description =

Error - 9/12/2012 9:23:15 PM | Computer Name = SYSAD-00 | Source = LoadPerf | ID = 3011
Description =

Error - 9/14/2012 3:59:07 AM | Computer Name = SYSAD-00 | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.67:5353 15 67.1.168.192.in-addr.arpa.
PTR SYSAD-2.local.

Error - 9/14/2012 3:59:07 AM | Computer Name = SYSAD-00 | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 16 67.1.168.192.in-addr.arpa.
PTR SYSAD-00.local.

Error - 9/14/2012 3:59:23 AM | Computer Name = SYSAD-00 | Source = WinMgmt | ID = 10
Description =

Error - 9/15/2012 1:59:31 AM | Computer Name = SYSAD-00 | Source = WinMgmt | ID = 10
Description =

[ Broadcom Wireless LAN Events ]
Error - 12/4/2013 12:24:49 AM | Computer Name = SYSAD-00 | Source = WLAN-Tray | ID = 0
Description = 20:24:49, Tue, Dec 03, 13 Error - User "" does not have administrative
privileges on this system

Error - 12/4/2013 12:24:49 AM | Computer Name = SYSAD-00 | Source = WLAN-Tray | ID = 0
Description = 20:24:49, Tue, Dec 03, 13 Error - User "" does not have administrative
privileges on this system

Error - 12/5/2013 12:32:33 AM | Computer Name = SYSAD-00 | Source = WLAN-Tray | ID = 0
Description = 20:32:33, Wed, Dec 04, 13 Error - User "" does not have administrative
privileges on this system

Error - 12/5/2013 12:32:33 AM | Computer Name = SYSAD-00 | Source = WLAN-Tray | ID = 0
Description = 20:32:33, Wed, Dec 04, 13 Error - User "" does not have administrative
privileges on this system

Error - 12/6/2013 3:41:17 AM | Computer Name = SYSAD-00 | Source = WLAN-Tray | ID = 0
Description = 23:41:17, Thu, Dec 05, 13 Error - User "" does not have administrative
privileges on this system

Error - 12/6/2013 3:41:17 AM | Computer Name = SYSAD-00 | Source = WLAN-Tray | ID = 0
Description = 23:41:17, Thu, Dec 05, 13 Error - User "" does not have administrative
privileges on this system

Error - 12/7/2013 12:54:06 PM | Computer Name = SYSAD-00 | Source = WLAN-Tray | ID = 0
Description = 08:54:06, Sat, Dec 07, 13 Error - User "" does not have administrative
privileges on this system

Error - 12/7/2013 12:54:06 PM | Computer Name = SYSAD-00 | Source = WLAN-Tray | ID = 0
Description = 08:54:06, Sat, Dec 07, 13 Error - User "" does not have administrative
privileges on this system

Error - 12/10/2013 2:13:50 AM | Computer Name = SYSAD-00 | Source = WLAN-Tray | ID = 0
Description = 22:13:50, Mon, Dec 09, 13 Error - User "" does not have administrative
privileges on this system

Error - 12/10/2013 2:13:50 AM | Computer Name = SYSAD-00 | Source = WLAN-Tray | ID = 0
Description = 22:13:50, Mon, Dec 09, 13 Error - User "" does not have administrative
privileges on this system

[ Media Center Events ]
Error - 6/10/2009 9:35:50 PM | Computer Name = SYSAD-00 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 12/8/2013 3:59:28 PM | Computer Name = SYSAD-00 | Source = Service Control Manager | ID = 7011
Description =

Error - 12/8/2013 7:27:36 PM | Computer Name = SYSAD-00 | Source = Service Control Manager | ID = 7011
Description =

Error - 12/9/2013 2:03:44 AM | Computer Name = SYSAD-00 | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 12/9/2013 7:12:53 PM | Computer Name = SYSAD-00 | Source = Service Control Manager | ID = 7030
Description =

Error - 12/9/2013 7:14:52 PM | Computer Name = SYSAD-00 | Source = Service Control Manager | ID = 7011
Description =

Error - 12/9/2013 7:55:06 PM | Computer Name = SYSAD-00 | Source = Service Control Manager | ID = 7011
Description =

Error - 12/10/2013 2:14:14 AM | Computer Name = SYSAD-00 | Source = DCOM | ID = 10010
Description =

Error - 12/10/2013 2:14:24 AM | Computer Name = SYSAD-00 | Source = Service Control Manager | ID = 7011
Description =

Error - 12/11/2013 1:18:04 PM | Computer Name = SYSAD-00 | Source = Service Control Manager | ID = 7000
Description =

Error - 12/11/2013 1:18:04 PM | Computer Name = SYSAD-00 | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Having installed the service pack, from the link on your site--the files reappeared and I was able to back them all up. It took almost three days to do so, but thanks to you folks and your site I'm on my way back! Now, I'd just like to be sure this cannot happen again. I wonder if it had to do with making me think I'd lost my files, so I'd repave them myself? It just doesn't seem right...
p_huero
Regular Member
 
Posts: 30
Joined: December 7th, 2013, 4:08 am

Re: I BELIEVE I HAVE AN RAI

Unread postby p_huero » December 11th, 2013, 5:23 pm

I forgot to run TDSS...Just completed; nothing found.
p_huero
Regular Member
 
Posts: 30
Joined: December 7th, 2013, 4:08 am

Re: I BELIEVE I HAVE AN RAI

Unread postby nunped » December 12th, 2013, 8:03 am

Hi p_huero,

Run this one more scan, please:
Step 1 - RogueKiller
  • Please download RogueKiller.
  • Allow the download if prompted by your security software and please close all your programs.
  • Right click on RogueKiller.exe and select "run as administrator" to run it. If it does not run, please try a few times.
  • Wait for PreScan to finish, then click on Scan.
  • Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
  • Please copy and paste the contents of that log in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: I BELIEVE I HAVE AN RAI

Unread postby p_huero » December 12th, 2013, 7:07 pm

OK, here goes:
RogueKiller V8.7.11 [Dec 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : SYSAD [Admin rights]
Mode : Scan -- Date : 12/12/2013 15:02:42
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][SUSP PATH] DigitalSite.job : C:\Users\SYSAD\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND
[V2][SUSP PATH] DigitalSite : C:\Users\SYSAD\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35FBB366)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35FBB366)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35FBB366)

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1600BEVT-75ZCT2 +++++
--- User ---
[MBR] 91a8b614f2b88d8053305d7255fa84e8
[BSP] 32913c31cce9e5ae3fbce4a9cd321f11 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20561920 | Size: 142586 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) O2Micro SD +++++
--- User ---
[MBR] 818205dd9bc342344d5c2118dc0b3f1e
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 101 | Size: 241 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

Finished : << RKreport[0]_S_12122013_150242.txt >>


I've logged on as "sysad" this time, the account from which I had the first problem. I crated D-QUAD after this appeared, and backed up my files from there. It seems that RK found quite a bit...I can access all my files from the D-QUAD account, but the sysad account is still as I left it, i.e. no wall paper, folders empty and settings all reverted etc...
p_huero
Regular Member
 
Posts: 30
Joined: December 7th, 2013, 4:08 am

Re: I BELIEVE I HAVE AN RAI

Unread postby p_huero » December 14th, 2013, 1:06 am

Update: I tried to log on as Sysad, and received this message: "The username has failed the logon. This username cannot be loaded." Good thing D-quad still works.
p_huero
Regular Member
 
Posts: 30
Joined: December 7th, 2013, 4:08 am

Re: I BELIEVE I HAVE AN RAI

Unread postby nunped » December 14th, 2013, 8:42 am

Hi p_huero,

Sorry for the delay. It's not clear why you are experiencing those issues in that specific account. I would like to run another scan, please:

FRST in Recovery Environment Image
(Farbar Recovery Scanner Tool for Vista-W7)

Please download FRST.exe ... by Farbar. Save it to a FLASH drive.
Please download FRST64.exe ... by Farbar. Save it to a FLASH drive.

  1. Plug the flashdrive into the infected PC.
  2. Enter System Recovery Options.
    1. To enter System Recovery Options from the Boot Menu ....
      • Restart the computer.
      • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
      • Use the arrow keys to select Repair your computer.
      • Select the operating system you want to repair, and then click Next.
      • Select your user account and click Next.
    2. To enter System Recovery Options by using Windows installation disk ....
      • Insert the installation disk.
      • Restart your computer.
      • If prompted, press any key to start Windows from the installation disc.
      • If your computer is not configured to start from a CD or DVD, check your BIOS settings.
      • Choose your language settings, and then click Next.
      • Click Repair your computer.
      • Select the operating system you want to repair, and then click Next.
      • Select your user account and click Next.
  3. In the System Recovery Options Menu you will see the following options:
      Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Scan your computer's memory for errors.
      Command Prompt
    1. Select Command Prompt
      • In the command window type in notepad and press Enter.
      • Notepad will open.
        Under File menu select Open.
      • Select "Computer" and find your flash drive letter.
      • Close Notepad.
    2. In the command window type E:\frst.exe and press Enter. (Note: Replace letter E with the drive letter of your flash drive.)
  4. The tool will start to run.
  5. When the tool opens click Yes to disclaimer.
  6. Press Scan button.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: I BELIEVE I HAVE AN RAI

Unread postby p_huero » December 14th, 2013, 3:32 pm

Sorry, I forgot to mention that I did not delete any of the problems the RogueKiller scan found, as I didn't want to destabilize the system. Should I run it again and delete those files first? If I do need to run the FRST64 scan, I'll need to locate a flash drive somewhere, as I seem to have lost mine.
p_huero
Regular Member
 
Posts: 30
Joined: December 7th, 2013, 4:08 am

Re: I BELIEVE I HAVE AN RAI

Unread postby nunped » December 14th, 2013, 4:01 pm

Hi p_huero,

Please, do not delete anything with RogueKiller for now.

See if you can find a pen drive. If not, we'll try a different approach.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: I BELIEVE I HAVE AN RAI

Unread postby p_huero » December 14th, 2013, 4:52 pm

OK, I'll go buy one if I have to. I will post again in about 6 hours' time. Thank you for your help, as always!
p_huero
Regular Member
 
Posts: 30
Joined: December 7th, 2013, 4:08 am

Re: I BELIEVE I HAVE AN RAI

Unread postby p_huero » December 14th, 2013, 9:17 pm

OK ran it. I didn't click fix...

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-12-2013 01
Ran by SYSTEM on MINWINPC on 14-12-2013 17:06:26
Running from E:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [159744 2008-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4907008 2008-02-21] (Realtek Semiconductor)
HKLM\...\Run: [DELL Webcam Manager] - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [118784 2007-07-27] (Creative Technology Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\System32\WLTRAY.EXE [3563520 2008-07-03] (Dell Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1451304 2009-03-20] (Synaptics Incorporated)
HKLM\...\Run: [OODefragTray] - C:\Windows\System32\oodtray.exe [2512392 2007-05-10] (O&O Software GmbH)
HKLM\...\Run: [USB2Check] - RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Nikon Transfer Monitor] - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-09-15] (Nikon Corporation)
HKLM\...\Run: [Conime] - C:\Windows\System32\conime.exe [69120 2009-04-10] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [EKStatusMonitor] - C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM\...\Run: [MVS Splash] - C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe [480872 2012-11-13] ()
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [vProt] - C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2420248 2013-11-12] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\NAB\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-20] (Microsoft Corporation)
HKU\NAB\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [ 2008-01-20] (Microsoft Corporation)
HKU\NAB\...\Run: [ISUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [ 2006-09-11] (Macrovision Corporation)
HKU\NAB\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2013-05-01] (Apple Inc.)
HKU\SYSAD\...\Run: [ISUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [ 2006-09-11] (Macrovision Corporation)
HKU\SYSAD\...\Run: [Google Update] - C:\Users\SYSAD\AppData\Local\Google\Update\GoogleUpdate.exe [ 2011-07-06] (Google Inc.)
HKU\SYSAD\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-20] (Microsoft Corporation)
Startup: C:\Users\SYSAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk
ShortcutTarget: RCA Detective.lnk -> (No File)
BootExecute: autocheck autochk * OODBS

========================== Services (Whitelisted) =================

S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2008-02-21] (Andrea Electronics Corporation)
S2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
S2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
S2 McAfee SiteAdvisor Enterprise Service; C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe [160800 2013-09-10] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-02] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-08-07] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-08-07] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [172416 2013-08-07] (McAfee, Inc.)
S2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S2 myAgtSvc; C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [295920 2013-10-03] (McAfee, Inc.)
S2 O&O Defrag; C:\Windows\system32\oodag.exe [1050120 2007-05-10] (O&O Software GmbH)
S2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [71512 2008-08-27] (O2Micro International)
S2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola)
S3 RoxMediaDB11; C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [1128944 2008-11-17] (Sonic Solutions)
S2 vToolbarUpdater17.1.2; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [1734680 2013-11-12] (AVG Secure Search)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-07-03] (Dell Inc.)
S2 RumorServer; "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" /RunDLL=RumorServer.dll;ServiceHost [x]
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [x]

==================== Drivers (Whitelisted) ====================

S1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-12] (AVG Technologies)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-07-03] (Broadcom Corporation)
S3 DCamUSBEMPIA; C:\Windows\System32\DRIVERS\emDevice.sys [100957 2005-12-21] (eMPIA Technology, Inc.)
S3 emAudio; C:\Windows\System32\drivers\emAudio.sys [22528 2006-12-12] (Pinnacle Systems GmbH)
S3 FiltUSBEMPIA; C:\Windows\System32\DRIVERS\emFilter.sys [5245 2005-12-21] (eMPIA Technology, Inc.)
S3 Icam4USB; C:\Windows\System32\Drivers\Icam4USB.sys [154496 2001-08-17] (Microsoft Corporation)
S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2008-01-20] (Microsoft Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133992 2013-08-07] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235520 2013-08-07] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-08-07] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [365224 2013-08-07] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [568632 2013-08-07] (McAfee, Inc.)
S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [64912 2012-02-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92632 2013-08-07] (McAfee, Inc.)
S3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDK.sys [34248 2009-12-15] (McAfee, Inc.)
S0 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [55304 2009-12-15] (McAfee, Inc.)
S1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [213232 2013-08-07] (McAfee, Inc.)
S3 mr97310c; C:\Windows\System32\DRIVERS\mr97310c.sys [110592 2008-05-18] (Mars Semiconductor Corp.)
S3 OEM13Vfx; C:\Windows\System32\DRIVERS\OEM13Vfx.sys [7424 2008-07-16] (EyePower Games Pte. Ltd.)
S3 OEM13Vid; C:\Windows\System32\DRIVERS\OEM13Vid.sys [235840 2008-07-16] (Creative Technology Ltd.)
S3 ScanUSBEMPIA; C:\Windows\System32\DRIVERS\emScan.sys [4493 2005-12-21] (eMPIA Technology, Inc.)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [540288 2008-09-12] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [443520 2008-09-12] (eMPIA Technology, Inc.)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 mfeavfk01; No ImagePath
S3 motandroidusb; System32\Drivers\motoandroid.sys [x]
S3 motccgp; system32\DRIVERS\motccgp.sys [x]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-14 17:06 - 2013-12-14 17:06 - 00000000 ____D C:\FRST
2013-12-14 16:46 - 2013-12-14 16:46 - 01927796 _____ (Farbar) C:\Users\D-QUAD\Downloads\FRST64.exe
2013-12-14 16:45 - 2013-12-14 16:46 - 01060897 _____ (Farbar) C:\Users\D-QUAD\Downloads\FRST.exe
2013-12-14 16:43 - 2013-12-14 16:43 - 00001849 _____ C:\Users\D-QUAD\Documents\MALWRMVL-3.txt
2013-12-14 11:48 - 2013-12-14 11:48 - 00000869 _____ C:\Users\D-QUAD\Desktop\RogueKiller - Shortcut.lnk
2013-12-14 11:47 - 2013-12-14 11:47 - 03580416 _____ C:\Users\D-QUAD\Downloads\RogueKiller.exe
2013-12-13 22:05 - 2013-12-14 11:41 - 00002620 _____ C:\Users\D-QUAD\Documents\kw9.txt
2013-12-12 23:03 - 2013-12-12 23:12 - 00021391 _____ C:\Users\D-QUAD\Documents\ICHTAG.txt
2013-12-12 16:49 - 2013-12-12 23:29 - 00021479 _____ C:\Users\D-QUAD\Documents\ASLEXICON.txt
2013-12-12 14:11 - 2013-12-12 14:11 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Motorola Mobility
2013-12-12 13:51 - 2013-11-14 15:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-12-12 13:51 - 2013-11-14 14:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-12-12 13:51 - 2013-11-14 14:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-12-12 13:51 - 2013-11-14 14:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-12-12 13:51 - 2013-11-14 14:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-12-12 13:51 - 2013-11-14 14:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-12-12 13:51 - 2013-11-14 14:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-12-12 13:51 - 2013-11-14 14:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-12-12 13:51 - 2013-11-14 14:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-12-12 13:51 - 2013-11-14 14:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-12-12 13:51 - 2013-11-14 14:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-12-12 13:51 - 2013-11-14 14:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-12-12 13:51 - 2013-11-14 14:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-12-12 13:51 - 2013-11-14 14:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-12-12 13:51 - 2013-11-14 14:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-12-12 13:51 - 2013-11-14 14:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-12-11 13:26 - 2013-12-11 13:26 - 00079266 _____ C:\Users\D-QUAD\Documents\MALWRMVL-2.txt
2013-12-11 13:17 - 2013-12-11 13:17 - 00000864 _____ C:\Users\D-QUAD\Desktop\tdsskiller - Shortcut.lnk
2013-12-11 13:16 - 2013-12-11 13:17 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\D-QUAD\Downloads\tdsskiller.exe
2013-12-11 11:57 - 2013-12-11 11:57 - 00059856 _____ C:\Users\D-QUAD\Downloads\Extras.Txt
2013-12-11 11:54 - 2013-12-11 11:54 - 00086876 _____ C:\Users\D-QUAD\Downloads\OTL.Txt
2013-12-11 11:39 - 2013-12-11 11:39 - 00602112 _____ (OldTimer Tools) C:\Users\D-QUAD\Downloads\OTL.exe
2013-12-11 11:38 - 2013-12-11 11:38 - 00002000 _____ C:\Users\D-QUAD\Documents\MALWRMVL-1.txt
2013-12-11 11:10 - 2013-12-11 11:10 - 00001670 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-11 11:09 - 2013-12-11 11:10 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-11 11:09 - 2013-12-11 11:10 - 00000000 ____D C:\Program Files\iTunes
2013-12-11 11:09 - 2013-12-11 11:09 - 00000000 ____D C:\Program Files\iPod
2013-12-11 09:31 - 2013-10-29 18:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\System32\SysFxUI.dll
2013-12-11 09:31 - 2013-10-29 17:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2013-12-11 09:31 - 2013-10-29 16:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2013-12-11 09:31 - 2013-10-29 16:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-12-11 09:31 - 2013-10-21 23:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2013-12-11 09:31 - 2013-10-10 18:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll
2013-12-11 09:31 - 2013-10-10 18:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx
2013-12-11 09:31 - 2013-10-10 18:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wshcon.dll
2013-12-11 09:31 - 2013-10-10 16:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe
2013-12-11 09:31 - 2013-10-10 16:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe
2013-12-09 15:12 - 2013-12-09 15:12 - 00000000 ____D C:\Program Files\Common Files\MSSoap
2013-12-07 17:05 - 2013-12-07 17:05 - 00000000 ____D C:\ProgramData\WindowsSearch
2013-12-07 16:58 - 2013-12-07 16:58 - 00001619 _____ C:\Users\D-QUAD\Desktop\Backup.lnk
2013-12-07 10:29 - 2013-12-07 10:29 - 00000695 _____ C:\Users\D-QUAD\Documents\KW8.txt
2013-12-07 00:00 - 2013-12-07 00:00 - 00000000 ____D C:\Users\Default\AppData\Local\Eastman Kodak Company
2013-12-07 00:00 - 2013-12-07 00:00 - 00000000 ____D C:\Users\Default User\AppData\Local\Eastman Kodak Company
2013-12-06 16:43 - 2013-12-06 16:43 - 00000000 ____D C:\New Folder
2013-12-06 14:21 - 2013-12-06 14:21 - 00000000 ____D C:\Users\Default\AppData\Roaming\Dell
2013-12-06 14:21 - 2013-12-06 14:21 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Dell
2013-12-06 14:19 - 2013-12-06 14:19 - 00000000 ____D C:\Users\Default\AppData\Roaming\Motorola Mobility
2013-12-06 14:19 - 2013-12-06 14:19 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Motorola Mobility
2013-12-05 20:52 - 2013-12-05 20:52 - 00001233 _____ C:\Users\D-QUAD\Documents\fgeezer.txt
2013-12-03 13:28 - 2013-12-03 13:28 - 00003914 _____ C:\Users\D-QUAD\Documents\DMOIV8G.txt
2013-11-30 19:53 - 2013-11-30 19:53 - 00000600 _____ C:\Users\D-QUAD\Documents\KW7.txt
2013-11-30 19:07 - 2013-11-30 19:07 - 00138496 _____ C:\Windows\Minidump\Mini113013-01.dmp
2013-11-29 19:37 - 2013-11-29 19:37 - 00001672 _____ C:\Users\D-QUAD\Documents\KW6.txt
2013-11-27 18:34 - 2013-11-27 18:37 - 00001957 _____ C:\Users\D-QUAD\Documents\kw5.txt
2013-11-26 17:18 - 2013-11-26 17:18 - 00000616 _____ C:\Users\D-QUAD\Documents\HDCLONE.txt
2013-11-25 18:13 - 2013-11-25 18:13 - 00010969 _____ C:\Users\D-QUAD\Documents\FBCHATWJG.txt
2013-11-25 14:07 - 2013-11-25 14:07 - 00002751 _____ C:\Users\D-QUAD\Documents\kw4.txt
2013-11-24 18:59 - 2013-11-24 18:59 - 00000629 _____ C:\Users\D-QUAD\Documents\KW3.txt
2013-11-23 22:36 - 2013-11-23 22:36 - 00000837 _____ C:\Users\D-QUAD\Documents\kw2.txt
2013-11-21 18:00 - 2013-11-21 18:00 - 00000657 _____ C:\Users\D-QUAD\Documents\kw1.txt
2013-11-17 14:37 - 2013-11-17 14:37 - 00009476 _____ C:\Users\D-QUAD\Documents\CLC ss226.txt
2013-11-17 12:07 - 2013-11-17 12:07 - 00000842 _____ C:\Users\D-QUAD\Documents\kw.txt
2013-11-15 21:09 - 2013-12-11 21:38 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-15 21:00 - 2013-11-15 21:00 - 00000955 _____ C:\Users\D-QUAD\Desktop\Internet Explorer.lnk
2013-11-15 20:12 - 2013-11-15 20:12 - 00001633 _____ C:\Users\D-QUAD\Documents\FAILDXNCTN.txt

==================== One Month Modified Files and Folders =======

2013-12-14 17:06 - 2013-12-14 17:06 - 00000000 ____D C:\FRST
2013-12-14 17:03 - 2010-07-26 16:59 - 01246842 _____ C:\Windows\WindowsUpdate.log
2013-12-14 17:03 - 2006-11-02 04:47 - 00003616 _____ C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-14 17:03 - 2006-11-02 04:47 - 00003616 _____ C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-14 16:46 - 2013-12-14 16:46 - 01927796 _____ (Farbar) C:\Users\D-QUAD\Downloads\FRST64.exe
2013-12-14 16:46 - 2013-12-14 16:45 - 01060897 _____ (Farbar) C:\Users\D-QUAD\Downloads\FRST.exe
2013-12-14 16:44 - 2006-11-02 02:33 - 00006788 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-14 16:43 - 2013-12-14 16:43 - 00001849 _____ C:\Users\D-QUAD\Documents\MALWRMVL-3.txt
2013-12-14 16:43 - 2013-02-27 17:54 - 00009024 _____ C:\Windows\setupact.log
2013-12-14 11:48 - 2013-12-14 11:48 - 00000869 _____ C:\Users\D-QUAD\Desktop\RogueKiller - Shortcut.lnk
2013-12-14 11:47 - 2013-12-14 11:47 - 03580416 _____ C:\Users\D-QUAD\Downloads\RogueKiller.exe
2013-12-14 11:41 - 2013-12-13 22:05 - 00002620 _____ C:\Users\D-QUAD\Documents\kw9.txt
2013-12-14 09:53 - 2011-04-13 13:59 - 00000000 ____D C:\ProgramData\Kodak
2013-12-14 09:52 - 2010-07-26 16:56 - 01033093 _____ C:\Windows\System32\oodbs.lor
2013-12-13 20:20 - 2012-05-06 17:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-12-13 20:20 - 2011-06-09 12:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-12-12 23:29 - 2013-12-12 16:49 - 00021479 _____ C:\Users\D-QUAD\Documents\ASLEXICON.txt
2013-12-12 23:12 - 2013-12-12 23:03 - 00021391 _____ C:\Users\D-QUAD\Documents\ICHTAG.txt
2013-12-12 17:52 - 2011-04-04 07:02 - 00000000 ____D C:\$10
2013-12-12 14:14 - 2013-10-20 19:11 - 00000000 ____D C:\Users\TEMP\AppData\Local\FileTypeAssistant
2013-12-12 14:11 - 2013-12-12 14:11 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Motorola Mobility
2013-12-12 14:09 - 2006-11-02 04:47 - 00343256 _____ C:\Windows\System32\FNTCACHE.DAT
2013-12-12 14:05 - 2008-12-13 06:44 - 00000000 ____D C:\Windows\System32\RTCOM
2013-12-12 13:57 - 2008-12-13 13:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 13:56 - 2013-07-28 17:46 - 00000000 ____D C:\Windows\System32\MRT
2013-12-12 13:53 - 2006-11-02 02:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-12-12 13:40 - 2008-12-13 13:07 - 00000000 ____D C:\Program Files\McAfee
2013-12-12 13:39 - 2012-01-30 07:07 - 00063772 _____ C:\Windows\PFRO.log
2013-12-11 21:38 - 2013-11-15 21:09 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-11 21:38 - 2008-12-13 13:08 - 00000000 ____D C:\ProgramData\McAfee
2013-12-11 21:36 - 2013-09-20 17:13 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-12-11 13:26 - 2013-12-11 13:26 - 00079266 _____ C:\Users\D-QUAD\Documents\MALWRMVL-2.txt
2013-12-11 13:17 - 2013-12-11 13:17 - 00000864 _____ C:\Users\D-QUAD\Desktop\tdsskiller - Shortcut.lnk
2013-12-11 13:17 - 2013-12-11 13:16 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\D-QUAD\Downloads\tdsskiller.exe
2013-12-11 11:57 - 2013-12-11 11:57 - 00059856 _____ C:\Users\D-QUAD\Downloads\Extras.Txt
2013-12-11 11:54 - 2013-12-11 11:54 - 00086876 _____ C:\Users\D-QUAD\Downloads\OTL.Txt
2013-12-11 11:39 - 2013-12-11 11:39 - 00602112 _____ (OldTimer Tools) C:\Users\D-QUAD\Downloads\OTL.exe
2013-12-11 11:38 - 2013-12-11 11:38 - 00002000 _____ C:\Users\D-QUAD\Documents\MALWRMVL-1.txt
2013-12-11 11:10 - 2013-12-11 11:10 - 00001670 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-11 11:10 - 2013-12-11 11:09 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-11 11:10 - 2013-12-11 11:09 - 00000000 ____D C:\Program Files\iTunes
2013-12-11 11:09 - 2013-12-11 11:09 - 00000000 ____D C:\Program Files\iPod
2013-12-11 11:09 - 2011-05-22 16:37 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-11 11:08 - 2013-11-08 15:53 - 00000000 ____D C:\Users\D-QUAD\AppData\Local\Apple Computer
2013-12-11 11:08 - 2013-10-20 21:30 - 00000000 ____D C:\Users\D-QUAD\AppData\Roaming\Apple Computer
2013-12-09 15:13 - 2013-11-08 15:31 - 00000000 ____D C:\Program Files\Motorola Mobility
2013-12-09 15:12 - 2013-12-09 15:12 - 00000000 ____D C:\Program Files\Common Files\MSSoap
2013-12-09 15:12 - 2013-10-20 21:27 - 00000000 ____D C:\users\D-QUAD
2013-12-07 17:05 - 2013-12-07 17:05 - 00000000 ____D C:\ProgramData\WindowsSearch
2013-12-07 16:58 - 2013-12-07 16:58 - 00001619 _____ C:\Users\D-QUAD\Desktop\Backup.lnk
2013-12-07 10:29 - 2013-12-07 10:29 - 00000695 _____ C:\Users\D-QUAD\Documents\KW8.txt
2013-12-07 01:35 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-07 00:00 - 2013-12-07 00:00 - 00000000 ____D C:\Users\Default\AppData\Local\Eastman Kodak Company
2013-12-07 00:00 - 2013-12-07 00:00 - 00000000 ____D C:\Users\Default User\AppData\Local\Eastman Kodak Company
2013-12-06 16:43 - 2013-12-06 16:43 - 00000000 ____D C:\New Folder
2013-12-06 14:21 - 2013-12-06 14:21 - 00000000 ____D C:\Users\Default\AppData\Roaming\Dell
2013-12-06 14:21 - 2013-12-06 14:21 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Dell
2013-12-06 14:21 - 2013-10-20 19:20 - 00000000 ____D C:\Windows\System32\cache
2013-12-06 14:19 - 2013-12-06 14:19 - 00000000 ____D C:\Users\Default\AppData\Roaming\Motorola Mobility
2013-12-06 14:19 - 2013-12-06 14:19 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Motorola Mobility
2013-12-05 20:52 - 2013-12-05 20:52 - 00001233 _____ C:\Users\D-QUAD\Documents\fgeezer.txt
2013-12-03 13:28 - 2013-12-03 13:28 - 00003914 _____ C:\Users\D-QUAD\Documents\DMOIV8G.txt
2013-12-01 14:37 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\LogFiles
2013-11-30 19:53 - 2013-11-30 19:53 - 00000600 _____ C:\Users\D-QUAD\Documents\KW7.txt
2013-11-30 19:07 - 2013-11-30 19:07 - 00138496 _____ C:\Windows\Minidump\Mini113013-01.dmp
2013-11-30 19:07 - 2013-11-12 07:25 - 144276732 _____ C:\Windows\MEMORY.DMP
2013-11-30 19:07 - 2009-06-24 05:17 - 00000000 ____D C:\Windows\Minidump
2013-11-30 19:06 - 2013-09-26 18:32 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-11-30 19:06 - 2013-08-16 09:52 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-11-30 19:06 - 2009-02-17 22:12 - 00000000 ____D C:\users\NAB
2013-11-30 19:06 - 2008-12-25 06:24 - 00000000 ____D C:\users\SYSAD
2013-11-30 19:06 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool
2013-11-30 19:06 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-11-30 19:06 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration
2013-11-30 19:06 - 2006-11-02 02:22 - 52428800 _____ C:\Windows\System32\config\software_previous
2013-11-30 19:06 - 2006-11-02 02:22 - 31719424 _____ C:\Windows\System32\config\system_previous
2013-11-30 19:03 - 2006-11-02 02:22 - 38010880 _____ C:\Windows\System32\config\components_previous
2013-11-30 19:03 - 2006-11-02 02:22 - 00262144 _____ C:\Windows\System32\config\sam_previous
2013-11-29 21:19 - 2006-11-02 02:22 - 00786432 _____ C:\Windows\System32\config\default_previous
2013-11-29 21:19 - 2006-11-02 02:22 - 00028672 _____ C:\Windows\System32\config\security_previous
2013-11-29 19:37 - 2013-11-29 19:37 - 00001672 _____ C:\Users\D-QUAD\Documents\KW6.txt
2013-11-29 19:19 - 2013-10-24 19:06 - 00000000 ____D C:\Users\D-QUAD\Documents\DAILIES
2013-11-27 18:37 - 2013-11-27 18:34 - 00001957 _____ C:\Users\D-QUAD\Documents\kw5.txt
2013-11-26 17:18 - 2013-11-26 17:18 - 00000616 _____ C:\Users\D-QUAD\Documents\HDCLONE.txt
2013-11-25 18:13 - 2013-11-25 18:13 - 00010969 _____ C:\Users\D-QUAD\Documents\FBCHATWJG.txt
2013-11-25 14:07 - 2013-11-25 14:07 - 00002751 _____ C:\Users\D-QUAD\Documents\kw4.txt
2013-11-24 18:59 - 2013-11-24 18:59 - 00000629 _____ C:\Users\D-QUAD\Documents\KW3.txt
2013-11-23 22:36 - 2013-11-23 22:36 - 00000837 _____ C:\Users\D-QUAD\Documents\kw2.txt
2013-11-21 18:00 - 2013-11-21 18:00 - 00000657 _____ C:\Users\D-QUAD\Documents\kw1.txt
2013-11-20 18:53 - 2013-11-06 19:58 - 00000000 ____D C:\Users\D-QUAD\AppData\Local\Adobe
2013-11-19 15:40 - 2011-02-05 11:04 - 00000000 ____D C:\Windows\System32\oodag
2013-11-17 14:37 - 2013-11-17 14:37 - 00009476 _____ C:\Users\D-QUAD\Documents\CLC ss226.txt
2013-11-17 12:07 - 2013-11-17 12:07 - 00000842 _____ C:\Users\D-QUAD\Documents\kw.txt
2013-11-17 09:51 - 2012-05-08 21:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-15 21:00 - 2013-11-15 21:00 - 00000955 _____ C:\Users\D-QUAD\Desktop\Internet Explorer.lnk
2013-11-15 21:00 - 2013-09-26 18:32 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-11-15 20:12 - 2013-11-15 20:12 - 00001633 _____ C:\Users\D-QUAD\Documents\FAILDXNCTN.txt
2013-11-14 20:32 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2013-11-14 15:13 - 2013-12-12 13:51 - 12344320 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-14 14:50 - 2013-12-12 13:51 - 09739264 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-14 14:50 - 2013-12-12 13:51 - 01806848 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-14 14:43 - 2013-12-12 13:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-14 14:42 - 2013-12-12 13:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-11-14 14:42 - 2013-12-12 13:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-14 14:41 - 2013-12-12 13:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-11-14 14:40 - 2013-12-12 13:51 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-14 14:38 - 2013-12-12 13:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-14 14:38 - 2013-12-12 13:51 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-11-14 14:38 - 2013-12-12 13:51 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-11-14 14:37 - 2013-12-12 13:51 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-14 14:36 - 2013-12-12 13:51 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-14 14:36 - 2013-12-12 13:51 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-11-14 14:35 - 2013-12-12 13:51 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-14 14:32 - 2013-12-12 13:51 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

Files to move or delete:
====================
C:\Users\SYSAD\AppData\Roaming\desktop.ini
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT


Some content of TEMP:
====================
C:\Users\D-QUAD\AppData\Local\Temp\contentDATs.exe
C:\Users\D-QUAD\AppData\Local\Temp\MotorolaDeviceManager_2.0405.exe
C:\Users\NAB\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\SYSAD\AppData\Local\Temp\contentDATs.exe
C:\Users\SYSAD\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\SYSAD\AppData\Local\Temp\mssinstaller.exe
C:\Users\SYSAD\AppData\Local\Temp\oi_{99D8FEF9-1CD1-4988-A9B7-081BB841B788}.exe
C:\Users\SYSAD\AppData\Local\Temp\SecurityScan_Release.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-12-12 13:47:08
Restore point made on: 2013-12-14 13:24:40

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 2037.69 MB
Available physical RAM: 1740.13 MB
Total Pagefile: 1971.32 MB
Available Pagefile: 1829.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.82 MB

==================== Drives ================================

Drive c: (081225) (Fixed) (Total:139.24 GB) (Free:4.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Lexar) (Removable) (Total:7.45 GB) (Free:3.95 GB) FAT32
Drive x: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:1.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 00000080)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=139 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=0C)


LastRegBack: 2013-12-14 10:00

==================== End Of Log ============================
I should also mention that it'd be great to delete AVG, as I never asked for it, as well as SiteAdvisor, since both are apparently causing me conflicts...but I will await further instructions...
p_huero
Regular Member
 
Posts: 30
Joined: December 7th, 2013, 4:08 am

Re: I BELIEVE I HAVE AN RAI

Unread postby nunped » December 15th, 2013, 8:21 am

Hi p_huero,

From your logs, I'm not seeing clear signs of a Remote Access Infection, however these line:
C:\Users\SYSAD\AppData\Roaming\desktop.ini

Can indicate you are or were infected with Zero Access

Please take time to carefully read THIS topic, then let me know how you want to proceed.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 60 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware