Possible MBR rootkit infection

Started by DR M, November 15, 2013, 09:01:46 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 2 3 4
User actions

DR M

#30
November 19, 2013, 08:57:25 PM
Corrine, I have not such a file... As I said, perhaps I deleted it... In the usb I have only the logs. I am sorry...

Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

Corrine

#31
November 19, 2013, 09:50:01 PM
That's ok, Panos.  The suggestion was made merely to ease your mind. 

You mentioned previously that your nephew's computer seemed a bit slow.  How is it now?   


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

DR M

#32
November 20, 2013, 04:02:48 PM
Quote from: Corrine on November 19, 2013, 09:50:01 PM
That's ok, Panos.  The suggestion was made merely to ease your mind. 

You mentioned previously that your nephew's computer seemed a bit slow.  How is it now?

Hi, Corrine.

Computer seems to be ok. Ok, I find it a bit late (e.g. when open some programs, run msconfig, cleanmgr procedure, surfing in IE). But no ESET warning now.

Some other things I would like to mention:

1. I downloaded Sumatra. The exe file was not recognised. I found a Microsoft page that had a fix it for this issue (I think so). I ran it but it said that it the process failed. I deleted the exe file and downloaded again Sumatra. This time all ran properly.

2. I found Freecorder in Add/Remove programs. I uninstalled it (once more...).

3. When I use Oceanis (the program that changes the desktop background), every time I make a restart, the background is the standard onr for Windows 7 Starter.

4. Every time I log in Windows, there is a warning from MBAM that the using period has expired. But I am sure that I installed the free version and not the trial.

That's all!

Waiting for your reply, to 100% confirm that the computer is finally clean.  :dance:
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

DR M

#33
November 20, 2013, 07:17:23 PM
.....

There is a ... 5!!!   :GRAFX:

5. When I ran msconfig, I found in Start up, Freecorder and a Background Container (Conduit). The location is in the registry. Why these things insist to exist???
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

Corrine

#34
November 20, 2013, 08:07:56 PM
Hi, Panos.

Before I address your enumerated items, let's take a quick look with OTL and see if  it shows any more remnants of Freecorder or Conduit..

Please download OTL by Old TimerSave it to your Desktop.
  • Right click on OTL.exe select "Run As Administrator" to run it.  If prompted by UAC, please allow it.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  • Please post the contents of both OTL.txt and Extras.txt files in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

DR M

#35
November 20, 2013, 08:22:44 PM
Nothing happened. I think that OTL is freezed.
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

DR M

#36
November 20, 2013, 08:28:00 PM
No, I made a mistake. I hope that I didn't make a mess by clicking on scan after first 15 minutes...

The two logs are here. Somewhere I noticed Adobe. Another question is why these tools refer to Firefox? There is no Firefox on the computer.


OTL logfile created on: 11/20/2013 10:11:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

987.48 Mb Total Physical Memory | 31.98 Mb Available Physical Memory | 3.24% Memory free
1.96 Gb Paging File | 0.88 Gb Available in Paging File | 44.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.22 Gb Total Space | 238.22 Gb Free Space | 83.23% Space Free | Partition Type: NTFS
Drive D: | 11.58 Gb Total Space | 1.93 Gb Free Space | 16.71% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 92.75 Mb Free Space | 93.37% Space Free | Partition Type: FAT32

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/20 22:10:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2013/11/15 09:52:57 | 000,830,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_152_ActiveX.exe
PRC - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2013/09/12 12:06:06 | 005,110,672 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2013/08/02 02:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/03/12 22:25:06 | 000,583,680 | ---- | M] (MyCity) -- C:\Program Files\MCShield\MCShieldRTM.exe
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/12/10 01:51:18 | 000,115,888 | ---- | M] (Oceanis) -- C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe
PRC - [2009/10/12 08:51:52 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\stacsv.exe
PRC - [2009/09/04 22:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/09 05:55:26 | 000,323,584 | -H-- | M] (DeviceVM, Inc.) -- C:\SPLASH.SYS\config\DVMExportService.exe
PRC - [2009/06/05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/02 07:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\AEstSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/09 19:44:20 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2013/11/15 09:53:00 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2013/05/27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2009/10/12 08:51:52 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\stacsv.exe -- (STacSV)
SRV - [2009/09/04 22:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/09 05:55:26 | 000,323,584 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SPLASH.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/06/06 02:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/03/02 07:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\AEstSrv.exe -- (AESTFilters)
SRV - [2009/02/06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\user\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/09/17 15:17:38 | 000,188,808 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2013/09/17 15:17:38 | 000,174,400 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2013/09/17 15:17:38 | 000,134,248 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2013/09/17 15:17:38 | 000,049,240 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2013/09/17 15:17:38 | 000,037,416 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/10/12 08:51:52 | 000,420,864 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/09/30 04:25:26 | 000,017,624 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\SPLASH.SYS\config\dvmio.sys -- (DVMIO)
DRV - [2009/09/02 03:59:42 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/04/29 08:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{322313C6-8635-4CBF-9EC4-43FD5D87B73A}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{955ECCF7-CA40-4500-A57F-2FEF022F4555}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3370936862-2106112308-1309848589-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3370936862-2106112308-1309848589-1000\..\SearchScopes,DefaultScope = {70EF1578-C1A7-48C3-8D75-9C37A8102CDB}
IE - HKU\S-1-5-21-3370936862-2106112308-1309848589-1000\..\SearchScopes\{70EF1578-C1A7-48C3-8D75-9C37A8102CDB}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3370936862-2106112308-1309848589-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013/11/15 09:55:28 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2013/11/18 16:13:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll (Oceanis)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3370936862-2106112308-1309848589-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKU\S-1-5-21-3370936862-2106112308-1309848589-1000..\Run: [MCShield Monitor] C:\Program Files\MCShield\MCShieldRTM.exe (MyCity)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3370936862-2106112308-1309848589-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3370936862-2106112308-1309848589-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CA92D8C-9201-4E4A-8161-896CD2918CA2}: DhcpNameServer = 192.168.10.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9F65FDF-BEBB-443D-AB33-A065C2955EB8}: DhcpNameServer = 192.168.10.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/20 22:09:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/11/20 17:45:36 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013/11/20 17:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013/11/20 17:43:02 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2013/11/20 17:43:02 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2013/11/20 17:43:01 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2013/11/20 17:43:01 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2013/11/20 17:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SkyDrive
[2013/11/20 17:38:32 | 000,000,000 | R--D | C] -- C:\Users\user\SkyDrive
[2013/11/20 17:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013/11/20 17:28:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SumatraPDF
[2013/11/20 17:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\SumatraPDF
[2013/11/19 09:58:19 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/19 09:50:38 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\user\Desktop\JRT.exe
[2013/11/19 09:49:16 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\user\Desktop\dds.scr
[2013/11/18 22:41:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/18 22:12:34 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\TFC.exe
[2013/11/18 21:44:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs
[2013/11/18 16:18:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/11/18 16:17:22 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/11/18 16:17:22 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/11/18 16:13:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/11/18 14:59:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/11/18 14:59:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/11/18 14:59:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/11/18 14:58:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/11/18 14:57:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/11/18 14:56:07 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/11/18 14:56:05 | 002,877,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/11/18 14:56:03 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/11/18 14:56:02 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/11/18 14:56:01 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/11/18 14:56:00 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/11/18 14:55:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/11/18 14:55:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/18 14:55:59 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/11/18 14:55:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/11/18 14:53:29 | 005,146,587 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013/11/17 20:04:38 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\user\Desktop\aswmbr.exe
[2013/11/17 11:09:17 | 004,121,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe
[2013/11/15 10:12:51 | 000,000,000 | ---D | C] -- C:\18be667fae7b1dce1c
[2013/11/15 09:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2013/11/15 09:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013/11/15 09:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/11/15 09:52:57 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/11/15 09:05:22 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/11/15 09:05:21 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2013/11/15 09:04:45 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/11/15 09:04:43 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2013/11/15 09:03:44 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013/11/15 09:03:43 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/20 22:10:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/11/20 22:08:59 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/20 22:08:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/20 21:23:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/20 21:16:24 | 000,000,012 | -H-- | M] () -- C:\dvmexp.idx
[2013/11/20 21:13:43 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/20 21:13:43 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/20 21:06:12 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/20 21:05:48 | 776,581,120 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/20 17:44:50 | 000,000,020 | ---- | M] () -- C:\Windows\¨φ~
[2013/11/20 17:14:12 | 000,626,500 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/20 17:14:12 | 000,107,848 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/19 09:50:39 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\user\Desktop\JRT.exe
[2013/11/19 09:49:59 | 000,891,200 | ---- | M] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2013/11/19 09:49:19 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\user\Desktop\dds.scr
[2013/11/18 22:40:39 | 001,085,542 | ---- | M] () -- C:\Users\user\Desktop\AdwCleaner.exe
[2013/11/18 22:12:35 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\TFC.exe
[2013/11/18 21:45:21 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/18 16:13:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/11/18 14:54:03 | 005,146,587 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013/11/17 20:00:27 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\user\Desktop\aswmbr.exe
[2013/11/17 11:03:50 | 004,121,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe
[2013/11/16 16:35:48 | 000,011,776 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/15 09:52:57 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/11/15 09:45:15 | 000,000,020 | ---- | M] () -- C:\Windows\Hσ‹
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/20 17:45:21 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013/11/20 17:45:03 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013/11/20 17:44:48 | 000,000,020 | ---- | C] () -- C:\Windows\¨φ~
[2013/11/20 17:44:30 | 000,001,404 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013/11/20 17:38:31 | 000,002,119 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2013/11/20 17:28:19 | 000,001,879 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
[2013/11/19 09:49:59 | 000,891,200 | ---- | C] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2013/11/18 22:40:38 | 001,085,542 | ---- | C] () -- C:\Users\user\Desktop\AdwCleaner.exe
[2013/11/18 14:59:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/11/18 14:59:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/11/18 14:59:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/11/18 14:59:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/11/18 14:59:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/11/15 09:53:03 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/15 09:45:15 | 000,000,020 | ---- | C] () -- C:\Windows\Hσ‹
[2012/02/05 20:42:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/02/05 20:27:13 | 000,000,063 | ---- | C] () -- C:\Windows\Lexicon.ini
[2012/02/05 19:20:35 | 000,011,776 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/05 18:58:09 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/02/05 18:58:08 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012/02/05 18:58:07 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/02/05 18:58:07 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/02/05 18:58:06 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/01/31 23:13:05 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2012/01/31 23:08:10 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012/01/31 23:06:26 | 000,000,276 | ---- | C] () -- C:\Windows\System32\RStoneLog2.ini
[2012/01/31 23:06:26 | 000,000,217 | ---- | C] () -- C:\Windows\System32\RStoneLog.ini

========== ZeroAccess Check ==========

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


OTL Extras logfile created on: 11/20/2013 10:11:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

987.48 Mb Total Physical Memory | 31.98 Mb Available Physical Memory | 3.24% Memory free
1.96 Gb Paging File | 0.88 Gb Available in Paging File | 44.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.22 Gb Total Space | 238.22 Gb Free Space | 83.23% Space Free | Partition Type: NTFS
Drive D: | 11.58 Gb Total Space | 1.93 Gb Free Space | 16.71% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 92.75 Mb Free Space | 93.37% Space Free | Partition Type: FAT32

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0640B823-8885-4CC3-A3C2-85138A3972EC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{46B51A53-939F-4F32-B069-FEA3BFB17348}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5BDB599F-5173-45CF-AB38-97CB32AB1910}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6B1D8481-4E7A-4D7F-A04E-A18C854277AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F720B0D9-22F8-4729-8975-D4C23A4E1144}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3C9B8B7F-A688-4980-9FA5-703DE3179C2A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{48E81401-4A1B-4E34-8C8F-D4685AF596BC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{48F02594-7BA6-486D-B28E-C8EB4F3419D5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6854D8D5-09A9-4705-B936-FF3B687A1E87}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{6947BF17-AC65-4B26-8784-B550FB501572}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{797D06F4-B8C7-4D29-B680-4721885205CA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A98C6835-8F49-43A6-A8BF-2BB1FE6F0368}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AA100926-7AA8-4302-AFEF-06838D471F03}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{BFC7CE02-313B-4A58-8009-90E0C127157E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FDD434D7-82CC-468F-B1BC-9ED8DEF88707}" = dir=in | app=c:\users\user\appdata\local\microsoft\skydrive\skydrive.exe |
"TCP Query User{53CEAC7C-9100-4C60-8586-CF8C1B9A5F2C}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe |
"TCP Query User{A4731C4E-56C9-4CBD-AD09-A9D02158A541}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe |
"UDP Query User{023E42FC-1F81-4FDD-8D56-735E50DBA272}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe |
"UDP Query User{D30CAC22-9594-496E-A51F-EE1FA062F24C}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{06F22256-8A8D-4F3F-B22C-6E07313D0FD1}" = HP Support Assistant
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{1061DF04-CF33-40B0-8360-D07C9BBEB122}" = HP Wireless Assistant
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{21FFAF37-E51A-41AB-8749-ACD1F9CF8E37}" = HP QuickWeb
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{34985F59-8F6F-46F4-9AD5-53E2714294D2}" = ArcSoft WebCam Companion 3
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4414C431-245A-4AF7-8FE0-3ED2333FD8D2}" = HP MediaStream
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{4B7057D5-6D5D-4088-8217-48EA20C44373}" = HP User Guides 0169
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B291A3F9-4F96-4B07-8FA9-72C0D06A42CF}" = ESET Smart Security
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{D8E4163F-7ED2-429A-B8C5-C7CE5B797831}" = Windows Live MIME IFilter
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EEA95E6C-6847-49BE-83C9-ED92D8E18983}" = HP QuickSync
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Finale 2009" = Finale 2009
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.6.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MCShield" = MCShield ::Anti-Malware Tool::
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Oceanis Change Background Windows 7_is1" = Oceanis Change Background Windows 7
"SumatraPDF" = SumatraPDF
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Total Uninstall 5 & Power Dream_is1" = Total Uninstall 5.2.0
"VLC media player" = VLC media player 1.1.11
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.10 (32-bit)
"ZumoDrive" = HP CloudDrive
"ΜΑΤΖΕΝΤΑ - Αγγλικό-Ελληνικό-Αγγλικό λεξικό όρων ~BCE23F32_is1" = ΜΑΤΖΕΝΤΑ - Αγγλικό-Ελληνικό-Αγγλικό λεξικό όρων ιατρικών επιστη

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3370936862-2106112308-1309848589-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/20/2013 11:36:57 AM | Computer Name = user-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Windows Search' could not be shut down.

[ Hewlett-Packard Events ]
Error - 9/4/2012 4:56:28 AM | Computer Name = user-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib    at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath)     at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)     at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize)     at System.IO.StreamReader..ctor(String path, Encoding encoding)

   at System.IO.File.ReadAllText(String path, Encoding encoding)     at n.a(Object
A_0, EventArgs A_1)

Error - 9/4/2012 4:56:28 AM | Computer Name = user-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib    at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath)     at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)     at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize)     at System.IO.StreamReader..ctor(String path, Encoding encoding)

   at System.IO.File.ReadAllText(String path, Encoding encoding)     at n.a(Object
A_0, EventArgs A_1)

Error - 9/13/2012 10:36:47 AM | Computer Name = user-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib    at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath)     at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)     at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize)     at System.IO.StreamReader..ctor(String path, Encoding encoding)

   at System.IO.File.ReadAllText(String path, Encoding encoding)     at n.a(Object
A_0, EventArgs A_1)

Error - 9/13/2012 10:36:48 AM | Computer Name = user-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib    at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath)     at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)     at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize)     at System.IO.StreamReader..ctor(String path, Encoding encoding)

   at System.IO.File.ReadAllText(String path, Encoding encoding)     at n.a(Object
A_0, EventArgs A_1)

Error - 10/18/2012 2:03:21 PM | Computer Name = user-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib    at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath)     at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)     at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize)     at System.IO.StreamReader..ctor(String path, Encoding encoding)

   at System.IO.File.ReadAllText(String path, Encoding encoding)     at n.a(Object
A_0, EventArgs A_1)

Error - 10/18/2012 2:03:22 PM | Computer Name = user-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib    at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath)     at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)     at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize)     at System.IO.StreamReader..ctor(String path, Encoding encoding)

   at System.IO.File.ReadAllText(String path, Encoding encoding)     at n.a(Object
A_0, EventArgs A_1)

Error - 1/20/2013 10:22:02 AM | Computer Name = user-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib    at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath)     at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)     at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize)     at System.IO.StreamReader..ctor(String path, Encoding encoding)

   at System.IO.File.ReadAllText(String path, Encoding encoding)     at n.a(Object
A_0, EventArgs A_1)

Error - 1/20/2013 10:22:02 AM | Computer Name = user-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib    at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath)     at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)     at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize)     at System.IO.StreamReader..ctor(String path, Encoding encoding)

   at System.IO.File.ReadAllText(String path, Encoding encoding)     at n.a(Object
A_0, EventArgs A_1)

Error - 7/25/2013 6:17:48 AM | Computer Name = user-PC | Source = Hewlett-Packard | ID = 0
Description =

Error - 10/3/2013 9:14:57 AM | Computer Name = user-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib    at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath)     at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)     at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize)     at System.IO.StreamReader..ctor(String path, Encoding encoding)

   at System.IO.File.ReadAllText(String path, Encoding encoding)     at n.a(Object
A_0, EventArgs A_1)

[ System Events ]
Error - 11/20/2013 10:08:27 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom

Error - 11/20/2013 10:13:03 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom

Error - 11/20/2013 10:27:33 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7034
Description = The Audio Service service terminated unexpectedly.  It has done this
1 time(s).

Error - 11/20/2013 10:34:29 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom

Error - 11/20/2013 10:36:31 AM | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =

Error - 11/20/2013 10:36:31 AM | Computer Name = user-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = CBS Client initialization failed. Last error: 0x80080005

Error - 11/20/2013 10:50:28 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom

Error - 11/20/2013 11:06:51 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom

Error - 11/20/2013 3:06:34 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom

Error - 11/20/2013 4:08:55 PM | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =


< End of report >

Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

Corrine

#37
November 20, 2013, 11:31:44 PM
Hi, Panos.

1. Sumatra -- you solved that problem yourself.  :)

2. Freecoder -- At least there are no further signs of it in the last log.

3. Oceanis -- That I don't know.  If your nephew isn't using it go ahead and uninstall it.  Otherwise, perhaps reinstalling will solve the problem.  (Personally, the only time I see the desktop is when I start up or shut down the computer.)

4. MBAM trial expired -- Based on what I saw in the log, you must have missed unchecking a box because it showed real-time protection which is only included in MBAM Pro.  When the notification comes up stating that it is expired, click on the tool-tip balloon message. It should open up a window with the option to End trial, click on that option and this shouldn't occur again.

5. msconfig & Freecorder/Conduit. -- There were no further signs of Freecorder or Conduit in the OTL log but there was leftover Ask that you had removed earlier.

6.  Perform a Custom Fix with OTL
Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code Select

:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\SearchScopes\{322313C6-8635-4CBF-9EC4-43FD5D87B73A}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[2013/11/16 16:35:48 | 000,011,776 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/05 19:20:35 | 000,011,776 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

:Commands
[EMPTYTEMP]
[Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
After posting the resulting log, please Rescan as follows:  Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

DR M

#38
November 21, 2013, 05:05:04 PM
Hi, Corrine.

Here is the log after the custom fix (Do you want another quick scan? I didn't understand):

OTL logfile created on: 11/21/2013 6:48:11 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

987.48 Mb Total Physical Memory | 269.80 Mb Available Physical Memory | 27.32% Memory free
1.96 Gb Paging File | 1.24 Gb Available in Paging File | 63.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.22 Gb Total Space | 238.16 Gb Free Space | 83.21% Space Free | Partition Type: NTFS
Drive D: | 11.58 Gb Total Space | 1.93 Gb Free Space | 16.71% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 92.75 Mb Free Space | 93.37% Space Free | Partition Type: FAT32
Drive F: | 3.73 Gb Total Space | 2.65 Gb Free Space | 70.96% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/20 22:10:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2013/09/12 12:06:06 | 005,110,672 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2013/08/02 02:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/03/12 22:25:06 | 000,583,680 | ---- | M] (MyCity) -- C:\Program Files\MCShield\MCShieldRTM.exe
PRC - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/12 08:51:52 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\stacsv.exe
PRC - [2009/09/04 22:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/09 05:55:26 | 000,323,584 | -H-- | M] (DeviceVM, Inc.) -- C:\SPLASH.SYS\config\DVMExportService.exe
PRC - [2009/06/05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/02 07:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\AEstSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/09 19:44:20 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2013/11/15 09:53:00 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2013/05/27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2009/10/12 08:51:52 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\stacsv.exe -- (STacSV)
SRV - [2009/09/04 22:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/09 05:55:26 | 000,323,584 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SPLASH.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/06/06 02:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/03/02 07:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\AEstSrv.exe -- (AESTFilters)
SRV - [2009/02/06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\user\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/09/17 15:17:38 | 000,188,808 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2013/09/17 15:17:38 | 000,174,400 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2013/09/17 15:17:38 | 000,134,248 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2013/09/17 15:17:38 | 000,049,240 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2013/09/17 15:17:38 | 000,037,416 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/10/12 08:51:52 | 000,420,864 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/09/30 04:25:26 | 000,017,624 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\SPLASH.SYS\config\dvmio.sys -- (DVMIO)
DRV - [2009/09/02 03:59:42 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/04/29 08:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{955ECCF7-CA40-4500-A57F-2FEF022F4555}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3370936862-2106112308-1309848589-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3370936862-2106112308-1309848589-1000\..\SearchScopes,DefaultScope = {70EF1578-C1A7-48C3-8D75-9C37A8102CDB}
IE - HKU\S-1-5-21-3370936862-2106112308-1309848589-1000\..\SearchScopes\{70EF1578-C1A7-48C3-8D75-9C37A8102CDB}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3370936862-2106112308-1309848589-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013/11/15 09:55:28 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2013/11/18 16:13:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll (Oceanis)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3370936862-2106112308-1309848589-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKU\S-1-5-21-3370936862-2106112308-1309848589-1000..\Run: [MCShield Monitor] C:\Program Files\MCShield\MCShieldRTM.exe (MyCity)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3370936862-2106112308-1309848589-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3370936862-2106112308-1309848589-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CA92D8C-9201-4E4A-8161-896CD2918CA2}: DhcpNameServer = 192.168.10.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9F65FDF-BEBB-443D-AB33-A065C2955EB8}: DhcpNameServer = 192.168.10.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/21 18:35:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/20 22:09:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/11/20 17:45:36 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013/11/20 17:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013/11/20 17:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SkyDrive
[2013/11/20 17:38:32 | 000,000,000 | R--D | C] -- C:\Users\user\SkyDrive
[2013/11/20 17:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013/11/20 17:28:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SumatraPDF
[2013/11/20 17:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\SumatraPDF
[2013/11/19 09:58:19 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/19 09:50:38 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\user\Desktop\JRT.exe
[2013/11/19 09:49:16 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\user\Desktop\dds.scr
[2013/11/18 22:41:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/18 22:12:34 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\TFC.exe
[2013/11/18 21:44:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs
[2013/11/18 16:18:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/11/18 16:13:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/11/18 14:59:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/11/18 14:59:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/11/18 14:59:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/11/18 14:58:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/11/18 14:57:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/11/18 14:53:29 | 005,146,587 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013/11/17 20:04:38 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\user\Desktop\aswmbr.exe
[2013/11/17 11:09:17 | 004,121,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe
[2013/11/15 10:12:51 | 000,000,000 | ---D | C] -- C:\18be667fae7b1dce1c
[2013/11/15 09:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2013/11/15 09:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013/11/15 09:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

========== Files - Modified Within 30 Days ==========

[2013/11/21 18:54:29 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/21 18:51:47 | 000,000,012 | -H-- | M] () -- C:\dvmexp.idx
[2013/11/21 18:49:15 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/21 18:49:15 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/21 18:45:18 | 000,626,500 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/21 18:45:18 | 000,107,848 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/21 18:41:38 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/21 18:41:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/21 18:41:18 | 776,581,120 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/20 22:23:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/20 22:10:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/11/20 17:44:50 | 000,000,020 | ---- | M] () -- C:\Windows\¨φ~
[2013/11/19 09:50:39 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\user\Desktop\JRT.exe
[2013/11/19 09:49:59 | 000,891,200 | ---- | M] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2013/11/19 09:49:19 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\user\Desktop\dds.scr
[2013/11/18 22:40:39 | 001,085,542 | ---- | M] () -- C:\Users\user\Desktop\AdwCleaner.exe
[2013/11/18 22:12:35 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\TFC.exe
[2013/11/18 21:45:21 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/18 16:13:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/11/18 14:54:03 | 005,146,587 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013/11/17 20:00:27 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\user\Desktop\aswmbr.exe
[2013/11/17 11:03:50 | 004,121,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe
[2013/11/15 09:45:15 | 000,000,020 | ---- | M] () -- C:\Windows\Hσ‹

========== Files Created - No Company Name ==========

[2013/11/20 17:45:21 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013/11/20 17:45:03 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013/11/20 17:44:48 | 000,000,020 | ---- | C] () -- C:\Windows\¨φ~
[2013/11/20 17:44:30 | 000,001,404 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013/11/20 17:38:31 | 000,002,119 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2013/11/20 17:28:19 | 000,001,879 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
[2013/11/19 09:49:59 | 000,891,200 | ---- | C] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2013/11/18 22:40:38 | 001,085,542 | ---- | C] () -- C:\Users\user\Desktop\AdwCleaner.exe
[2013/11/18 14:59:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/11/18 14:59:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/11/18 14:59:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/11/18 14:59:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/11/18 14:59:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/11/15 09:53:03 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/15 09:45:15 | 000,000,020 | ---- | C] () -- C:\Windows\Hσ‹
[2012/02/05 20:42:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/02/05 20:27:13 | 000,000,063 | ---- | C] () -- C:\Windows\Lexicon.ini
[2012/02/05 18:58:09 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/02/05 18:58:08 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012/02/05 18:58:07 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/02/05 18:58:07 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/02/05 18:58:06 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/01/31 23:13:05 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2012/01/31 23:08:10 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012/01/31 23:06:26 | 000,000,276 | ---- | C] () -- C:\Windows\System32\RStoneLog2.ini
[2012/01/31 23:06:26 | 000,000,217 | ---- | C] () -- C:\Windows\System32\RStoneLog.ini

========== ZeroAccess Check ==========

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/02/05 20:33:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2012/03/02 15:56:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ESET
[2012/07/21 08:35:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GOL_byHasbro
[2012/07/18 13:39:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PlayFirst
[2013/11/20 17:28:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SumatraPDF
[2012/07/18 13:38:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WildTangent
[2012/02/05 18:44:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ZumoDrive

========== Purity Check ==========



< End of report >


Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

DR M

#39
November 21, 2013, 05:09:01 PM
Corrine, why there are so many things about Firefox in the logs? There is no Firefox in the computer...
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

Corrine

#40
November 21, 2013, 05:56:17 PM
Hi, Panos.

Mozilla plugins are added by third-party programs.  This way, if/when Firefox is installed, the program will work with Firefox. 

1.  Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.

2.  Finally, OTL CleanUp will handle the remaining programs.

  • Double-click OTL.exe to run it.  (Windows Vista and Windows 7 users: Right-click on OTL.exe select "Run As Administrator" to run it.  If prompted by UAC, please allow it.)
  • Press the CleanUp button.
  • When done, you will be prompted to reboot your system to finish file removal... please select OK to reboot your computer.
If you did not reboot your computer normally, please do so now, before continuing.

3.  If OTL CleanUp missed any programs I had you place on your nephew's desktop, you can go ahead and delete them.

4.  Even though he has his Uncle Panos to help out, please explain to your nephew the importance of watching each screen for pre-checked options when installing software.  In addition, it is best to go to the developer's site for software rather than the popular download sites with "custom installers" that include the unwanted extras such as Conduit toolbars and the like.  You may want to refer him to the Safe Computing Practices and other recommendations in this updated copy of "So how did I get infected in the first place?".


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

DR M

#41
November 21, 2013, 06:40:53 PM
Corrine,

Mission completed! Computer is cleaned! (Inside only, because externally is not! Think that the keyboard and the monitor have pieces of biscuites on and in them... But this is my job now!!!  :lol:  )

Now, lets go and play some football games online!!! (joking!!!!)


AS ALWAYS, I THANK YOU SO MUCH!!!


P.S. I will try give advice to my nephew. The fact is that he wants to play football games and it is not easy to find such games free and safe. Actually he was using my computer till recently, but I don't let him to do so now. That is why he took that old mini my sister had, and makes his own... The good thing is that he only plays, and not downloads anything, just because he doesn't know English yet!  :thumbsup:
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

Corrine

#42
November 21, 2013, 08:51:25 PM
I searched for football (soccer in the U.S.) games for PC and didn't have much luck finding anything for purchase.  I'll ask Winchester73 if he knows about any safe football games online. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

winchester73

#43
November 22, 2013, 12:20:47 AM
I have only played FIFA by EA Sports on my computer, think it is only available via download now for a windows machine, no longer a disc package in the retail store.  I'm checking with some mates to see if they know any good/safe online sites.
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

DR M

#44
November 22, 2013, 04:10:08 PM
Thank you again. I appreciate your willingness to help!  :hug:

Anyway, considering that a lot of malware get inside a computer through online games, it would be a good idea for all of us to post some safe sites for gaming. Anyone who knows that something is really safe.
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."
Print
Go Up Pages 1 2 3 4
User actions