Jump to content

Mwda

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

 Content Type 

Everything posted by Mwda

  1. Mwda
    Thank you very much for your response. I did as you instructed and Dr Web found nothing however this may not be fair. I was impatient and after 5 days waiting I posted at BleepingComputers and they instructed me to run 3 programs, ADWCleaner, which found and removed a program called "Conduit", then "Junkware Removal Tool", which did not find much of anything, and last "Rouge Killer", which found a trojan called "Rans.Gendarm" and removed it. You are right though because whille my sister was waiting for me to find something she called Verizon again and they evedently where able to get the HTC program to communicate with her HTC-DNA mobel phone. It really was a problem with the software that Verizon uses to comunicate with the phone. I still do not know how Verizon could tell us that we where getting a Microsoft tech support person when we where clearly not getting that support. I also don't know how they could charge $200, almost half the price of the laptop. I thank you for the information about prefetch which is not like my XP computer for it seems to have only one item in prefetch however it is clear that win 7 and win 8 do things a lot different when it comes to prefetch. I am very happy with the service that Malwarebytes has offered over the years and will recomend them to anyone. Thank you again for your help Marshall D'Arcy
  2. Mwda
    Merged 3 post. We look for post with 0 replies, so when you reply to your own topic, we assume you're being helped. Please be patient, someone will assist you as soon as possible. We where trying to get a mobel phone to connect with the computer via USB but could not so we called Verizon which finally said it must be a computer infection so he sent us, we thought, to MS tech support which said we are infected with a virus that could not be detected with malwarbytes or any AV program. We had run Malwarebytes and Avast programs that found nothing. Tech support sent us to a higher level person who pointed to some items in the "prefetch folder" as proof and told us that he could remove the backdoor infection for $200 dollars. We asked and he said he was not connected with MS so we stopped any contact. I am not sure that we where ever talking to MS tech support. Up shot is we think we may have a virus that is using a backdoor though we have no clear proof of this other then the questionableTech support assertion. We ran Malwarebytes and root kit Malwarebytes with no results. Asus "SonicMaster" ultrabook laptop computer Win 8 Avast and Windows Firewall with Malwarebytes check The tech support person pointed to the prefetch items listed here as Rundll32 as proof of the infection. "C:\Windows\Prefetch\RUNDLL32.EXE-18B33C45.pf" "C:\Windows\Prefetch\RUNDLL32.EXE-27D6367C.pf" "C:\Windows\Prefetch\RUNDLL32.EXE-96F2406E.pf" "C:\Windows\Prefetch\RUNDLL32.EXE-210D3DBE.pf" "C:\Windows\Prefetch\RUNDLL32.EXE-69686E69.pf" "C:\Windows\Prefetch\RUNDLL32.EXE-A1396DE2.pf" "C:\Windows\Prefetch\RUNDLL32.EXE-B72ECF45.pf" "C:\Windows\Prefetch\RUNDLL32.EXE-B865F023.pf" Prefetch items listed bellow are their after a deletion of all items in the prefetch folder and a reboot. hijackthis log plus list of items in prefetch ================================= Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:07:00 PM, on 3/18/2013 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v10.0 (10.00.9200.16518) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Online Backup\OnlineBackup.exe C:\Users\JeanetteN\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe C:\Users\JeanetteN\AppData\Local\Amazon\Cloud Drive\jre\bin\javaw.exe C:\Users\JeanetteN\AppData\Roaming\SearchProtect\bin\cltmng.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe C:\Windows\syswow64\wwahost.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/? ctid=CT3287822&octid=CT3287822&SearchSource=61&CUI=UN29455329721650021&UM=2&UP=SPB6315E5A-FADF-4976-9A6C- 48E7DCEC7281 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: MixiDJ V8 Toolbar - {e4c3a8b6-7724-45d1-a629-17b69118ebcd} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat \ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: GetSavin 5.0 - {76E7224A-2612-41FD-A504-44AE1EB663F0} - C:\Users\JeanetteN\AppData\Local\getsavin\ie \getsavin_1363531801.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer \skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: MixiDJ V8 - {e4c3a8b6-7724-45d1-a629-17b69118ebcd} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: MixiDJ V8 Toolbar - {e4c3a8b6-7724-45d1-a629-17b69118ebcd} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact \ASHelper.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [searchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe O4 - HKLM\..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [OnlineBackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Amazon Cloud Drive] C:\Users\JeanetteN\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe O4 - HKCU\..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE /EPT "EPLTarget \P0000000000000000" /M "XP-400 Series" O4 - HKCU\..\Run: [searchProtect] C:\Users\JeanetteN\AppData\Roaming\SearchProtect\bin\cltmng.exe O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7- D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2- 491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {4125262D-2E47-11D3-9387-00C04F5B12B1} (WRXCtl Class) - https://www.backup.com/user/webrestore.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery \AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files \Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows \SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey \ASLDRSrv.exe O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Search Protect by Conduit Updater (CltMngSvc) - Conduit - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @oem7.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel® Dynamic Platform & Thermal Framework Processor Participant Service Application (DptfParticipantProcessorService) - Unknown owner - C:\Windows \system32\DptfParticipantProcessorService.exe (file missing) O23 - Service: @oem7.inf,%WIN32_DPTF_POLICY_LPM_SERVICE_DISPLAY_NAME%;Intel® Dynamic Platform & Thermal Framework Low Power Mode Service Application (DptfPolicyLpmService) - Unknown owner - C:\Windows\system32\DptfPolicyLpmService.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ExpressCache - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater \GoogleUpdaterService.exe O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService \IntelMeFWService.exe O23 - Service: Intel® Rapid Start Technology Service (irstrtsv) - Intel Corporation - C:\Windows\SysWOW64\irstrtsv.exe O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service \maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through \PassThruSvr.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype C2C Service - Unknown owner - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Airytec Switch Off - Task Scheduler (SwOffScheduler) - Airytec - C:\Program Files\Airytec\Switch Off\swoff.exe O23 - Service: Airytec Switch Off - Web Interface (SwOffWeb) - Airytec - C:\Program Files\Airytec\Switch Off\swoff.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel \Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @oem8.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C: \Windows\system32\viakaraokesrv.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: WajamUpdater - Wajam - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem \WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15566 bytes ======================================= list of prefetch files "C:\Windows\Prefetch\ReadyBoot\rblayout.xin" "C:\Windows\Prefetch\ReadyBoot\Trace1.fx" "C:\Windows\Prefetch\ReadyBoot\Trace2.fx" "C:\Windows\Prefetch\ReadyBoot\Trace3.fx" "C:\Windows\Prefetch\ReadyBoot\Trace4.fx" "C:\Windows\Prefetch\ACMON.EXE-039F45B0.pf" "C:\Windows\Prefetch\ACOVS.EXE-2C6C215E.pf" "C:\Windows\Prefetch\ACRORD32.EXE-153662D3.pf" "C:\Windows\Prefetch\ADB.EXE-67EDDB48.pf" "C:\Windows\Prefetch\ADOBEARM.EXE-813E932C.pf" "C:\Windows\Prefetch\ADOBECOLLABSYNC.EXE-3F5B152C.pf" "C:\Windows\Prefetch\AgAppLaunch.db" "C:\Windows\Prefetch\AgCx_S2_S-1-5-21-1919060137-1190633048-1460563888-1001.snp.db" "C:\Windows\Prefetch\AgCx_SC1.db" "C:\Windows\Prefetch\AgCx_SC1.db.trx" "C:\Windows\Prefetch\AgCx_SC5.db" "C:\Windows\Prefetch\AgGlFaultHistory.db" "C:\Windows\Prefetch\AgGlFgAppHistory.db" "C:\Windows\Prefetch\AgGlGlobalHistory.db" "C:\Windows\Prefetch\AgRobust.db" "C:\Windows\Prefetch\AMAZONCLOUDDRIVE.EXE-17FB41F5.pf" "C:\Windows\Prefetch\ASUSTPCFG64.EXE-7A0C8A89.pf" "C:\Windows\Prefetch\ASUSVIBE2.0.EXE-0908717F.pf" "C:\Windows\Prefetch\ASUSVIBELAUNCHER.EXE-901B0E99.pf" "C:\Windows\Prefetch\ASUSWSPANEL.EXE-379DF0C0.pf" "C:\Windows\Prefetch\ATBROKER.EXE-8B8F7F7C.pf" "C:\Windows\Prefetch\ATKOSD2.EXE-830E1513.pf" "C:\Windows\Prefetch\AU_.EXE-4EDBB485.pf" "C:\Windows\Prefetch\AU_.EXE-D53D2755.pf" "C:\Windows\Prefetch\AUDIODG.EXE-9848A323.pf" "C:\Windows\Prefetch\AUTHHOST.EXE-2D7C3758.pf" "C:\Windows\Prefetch\AVAST.SETUP-50B30900.pf" "C:\Windows\Prefetch\AVASTEMUPDATE.EXE-0DD1597D.pf" "C:\Windows\Prefetch\AVASTUI.EXE-DC11C262.pf" "C:\Windows\Prefetch\AVBUGREPORT.EXE-E4EA699E.pf" "C:\Windows\Prefetch\BITSADMIN.EXE-51D741B1.pf" "C:\Windows\Prefetch\BU_.EXE-563CB68A.pf" "C:\Windows\Prefetch\BU_.EXE-CFDB43BA.pf" "C:\Windows\Prefetch\CAVWP.EXE-3E14ACA0.pf" "C:\Windows\Prefetch\CCLEANER64.EXE-1137D9AC.pf" "C:\Windows\Prefetch\CERTSENTRY_SETUP.EXE-58FC0582.pf" "C:\Windows\Prefetch\CERTSENTRY_SETUP.EXE-242DE3C4.pf" "C:\Windows\Prefetch\CFPCONFG.EXE-A9FE19C1.pf" "C:\Windows\Prefetch\CFW_INSTALLER.EXE-17F59D26.pf" "C:\Windows\Prefetch\CIS.EXE-7DDE53FE.pf" "C:\Windows\Prefetch\CISBF.EXE-5C7FFF36.pf" "C:\Windows\Prefetch\CISTRAY.EXE-D7F757B6.pf" "C:\Windows\Prefetch\CLTMNG.EXE-B8F0815A.pf" "C:\Windows\Prefetch\CLTMNG.EXE-E14AC8B0.pf" "C:\Windows\Prefetch\CMDAGENT.EXE-78C04C12.pf" "C:\Windows\Prefetch\CMDINSTALL.EXE-0A68BBF9.pf" "C:\Windows\Prefetch\CMDVIRTH.EXE-D7511A98.pf" "C:\Windows\Prefetch\CONHOST.EXE-F98A1078.pf" "C:\Windows\Prefetch\CONSENT.EXE-2D674CE4.pf" "C:\Windows\Prefetch\CONTROL.EXE-5BCB0217.pf" "C:\Windows\Prefetch\CSC.EXE-4D47A477.pf" "C:\Windows\Prefetch\CSC.EXE-064435F2.pf" "C:\Windows\Prefetch\CSRSS.EXE-A7A2B218.pf" "C:\Windows\Prefetch\CTFMON.EXE-5E6E7DF5.pf" "C:\Windows\Prefetch\CVTRES.EXE-84F07AF8.pf" "C:\Windows\Prefetch\CVTRES.EXE-9077A165.pf" "C:\Windows\Prefetch\DEFRAG.EXE-22AD8A37.pf" "C:\Windows\Prefetch\DLLHOST.EXE-5C94BCB3.pf" "C:\Windows\Prefetch\DLLHOST.EXE-6AA5D6C5.pf" "C:\Windows\Prefetch\DLLHOST.EXE-50AF0BCC.pf" "C:\Windows\Prefetch\DLLHOST.EXE-50DEE1CF.pf" "C:\Windows\Prefetch\DLLHOST.EXE-59F5A146.pf" "C:\Windows\Prefetch\DLLHOST.EXE-38926D07.pf" "C:\Windows\Prefetch\DLLHOST.EXE-461712A4.pf" "C:\Windows\Prefetch\DLLHOST.EXE-7242160E.pf" "C:\Windows\Prefetch\DLLHOST.EXE-C1C2EFBE.pf" "C:\Windows\Prefetch\DLLHOST.EXE-C7028A70.pf" "C:\Windows\Prefetch\DMEDIA.EXE-FAA82C3F.pf" "C:\Windows\Prefetch\DPTFPOLICYLPMSERVICE.EXE-5981626A.pf" "C:\Windows\Prefetch\DPTFPOLICYLPMSERVICEHELPER.EX-8EC05A62.pf" "C:\Windows\Prefetch\DRAGON.EXE-F6903912.pf" "C:\Windows\Prefetch\DRAGON.EXE-F6903915.pf" "C:\Windows\Prefetch\DRAGON.EXE-F6903916.pf" "C:\Windows\Prefetch\DRAGON.EXE-F6903919.pf" "C:\Windows\Prefetch\DRAGON_UPDATER.EXE-277E571E.pf" "C:\Windows\Prefetch\DRAGONSETUP.EXE-06668C80.pf" "C:\Windows\Prefetch\DRVINST.EXE-26FFA444.pf" "C:\Windows\Prefetch\DSMUSERTASK.EXE-D4A83970.pf" "C:\Windows\Prefetch\DW20.EXE-DB97FF03.pf" "C:\Windows\Prefetch\DWM.EXE-F29FE9E2.pf" "C:\Windows\Prefetch\EXPLORER.EXE-03C49D11.pf" "C:\Windows\Prefetch\EXPRESSCACHE.EXE-90CF5D74.pf" "C:\Windows\Prefetch\FIREFOX.EXE-528BC649.pf" "C:\Windows\Prefetch\FLASHPLAYERPLUGIN_11_6_602_18-54979347.pf" "C:\Windows\Prefetch\FLASHPLAYERUPDATESERVICE.EXE-E0E5E52F.pf" "C:\Windows\Prefetch\FREEALARMCLOCK.EXE-92BD2D09.pf" "C:\Windows\Prefetch\GEEKBUDDYRSP.EXE-00F934D5.pf" "C:\Windows\Prefetch\GOOGLEUPDATE.EXE-62E5E10F.pf" "C:\Windows\Prefetch\GRPCONV.EXE-926E9525.pf" "C:\Windows\Prefetch\GRPCONV.EXE-D0333FE9.pf" "C:\Windows\Prefetch\HCONTROL.EXE-752ABE5C.pf" "C:\Windows\Prefetch\HECISERVER.EXE-AD396A6A.pf" "C:\Windows\Prefetch\HELPER.EXE-FDD78328.pf" "C:\Windows\Prefetch\HELPPANE.EXE-5A92E3D5.pf" "C:\Windows\Prefetch\HKCMD.EXE-15DC91D5.pf" "C:\Windows\Prefetch\HPQTRA08.EXE-97BDFA1A.pf" "C:\Windows\Prefetch\HSMSERVICEENTRY.EXE-59F1E6CC.pf" "C:\Windows\Prefetch\HTCSYNCMANAGER.EXE-1F03F570.pf" "C:\Windows\Prefetch\IEXPLORE.EXE-7A9337F2.pf" "C:\Windows\Prefetch\IEXPLORE.EXE-F4FB5D2F.pf" "C:\Windows\Prefetch\IGFXEXT.EXE-B04096D5.pf" "C:\Windows\Prefetch\IGFXSRVC.EXE-F41E6E8E.pf" "C:\Windows\Prefetch\IGFXTRAY.EXE-21BDFE68.pf" "C:\Windows\Prefetch\INSONWMI.EXE-D024CEF9.pf" "C:\Windows\Prefetch\INTELMEFWSERVICE.EXE-265333D9.pf" "C:\Windows\Prefetch\JAVA.EXE-4EF2C834.pf" "C:\Windows\Prefetch\JAVAW.EXE-EF2DD849.pf" "C:\Windows\Prefetch\JUSCHED.EXE-4B303C70.pf" "C:\Windows\Prefetch\LAUNCHER.EXE-4240042A.pf" "C:\Windows\Prefetch\LAUNCHER_HELPER.EXE-F206875D.pf" "C:\Windows\Prefetch\LAUNCHER_SERVICE.EXE-4698DC02.pf" "C:\Windows\Prefetch\LAUNCHTM.EXE-B444BC8E.pf" "C:\Windows\Prefetch\Layout.ini" "C:\Windows\Prefetch\LIGHTSCRIBECONTROLPANEL.EXE-DCE20B68.pf" "C:\Windows\Prefetch\LMS.EXE-409EDB07.pf" "C:\Windows\Prefetch\LOGONUI.EXE-E35F76FB.pf" "C:\Windows\Prefetch\MBAMGUI.EXE-9FF23AE2.pf" "C:\Windows\Prefetch\MBAMSCHEDULER.EXE-E0C395DC.pf" "C:\Windows\Prefetch\MBAMSERVICE.EXE-5C46DB66.pf" "C:\Windows\Prefetch\MOVIEMAKER.EXE-A6401490.pf" "C:\Windows\Prefetch\MPCMDRUN.EXE-6520183E.pf" "C:\Windows\Prefetch\MSDT.EXE-A16F1692.pf" "C:\Windows\Prefetch\MSFEEDSSYNC.EXE-C2C33DF2.pf" "C:\Windows\Prefetch\MSIEXEC.EXE-7D20CFB0.pf" "C:\Windows\Prefetch\MSIEXEC.EXE-BAE57A74.pf" "C:\Windows\Prefetch\MSNMSGR.EXE-424B3DE6.pf" "C:\Windows\Prefetch\MY_INTEL_CPP_X64.EXE-1A95AA96.pf" "C:\Windows\Prefetch\NETSH.EXE-59756CAC.pf" "C:\Windows\Prefetch\NETSH.EXE-355423B0.pf" "C:\Windows\Prefetch\NOTEPAD.EXE-1A4CC1C3.pf" "C:\Windows\Prefetch\NOTEPAD.EXE-B28CC291.pf" "C:\Windows\Prefetch\NOTEPAD.EXE-F0516D55.pf" "C:\Windows\Prefetch\OPENWITH.EXE-BA0DC300.pf" "C:\Windows\Prefetch\Op-EXPLORER.EXE-03C49D11-000000F5.pf" "C:\Windows\Prefetch\PASSTHRUSVR.EXE-82F7BBA9.pf" "C:\Windows\Prefetch\PfSvPerfStats.bin" "C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-E510713D.pf" "C:\Windows\Prefetch\POWERCFG.EXE-14BEB11F.pf" "C:\Windows\Prefetch\REG.EXE-CC1AF0A4.pf" "C:\Windows\Prefetch\REGSVR32.EXE-3290E8FC.pf" "C:\Windows\Prefetch\REGSVR32.EXE-E1DBB6D8.pf" "C:\Windows\Prefetch\RUNDLL32.EXE-18B33C45.pf" "C:\Windows\Prefetch\RUNDLL32.EXE-27D6367C.pf" "C:\Windows\Prefetch\RUNDLL32.EXE-96F2406E.pf" "C:\Windows\Prefetch\RUNDLL32.EXE-210D3DBE.pf" "C:\Windows\Prefetch\RUNDLL32.EXE-69686E69.pf" "C:\Windows\Prefetch\RUNDLL32.EXE-A1396DE2.pf" "C:\Windows\Prefetch\RUNDLL32.EXE-B72ECF45.pf" "C:\Windows\Prefetch\RUNDLL32.EXE-B865F023.pf" "C:\Windows\Prefetch\RUNDLL32.EXE-C9FC3476.pf" "C:\Windows\Prefetch\RUNONCE.EXE-AAB0060C.pf" "C:\Windows\Prefetch\RUNONCE.EXE-E874B0D0.pf" "C:\Windows\Prefetch\RUNTIMEBROKER.EXE-17E2786F.pf" "C:\Windows\Prefetch\SC.EXE-443D0E78.pf" "C:\Windows\Prefetch\SCALC.EXE-5046D548.pf" "C:\Windows\Prefetch\SDIAGNHOST.EXE-D8BC1DC6.pf" "C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-10E4267C.pf" "C:\Windows\Prefetch\SEARCHINDEXER.EXE-EF8503D3.pf" "C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf" "C:\Windows\Prefetch\SETTINGSYNCHOST.EXE-DD400067.pf" "C:\Windows\Prefetch\SETUP_CLPS_BOOT_TIME_MONITOR_-3C5060EF.pf" "C:\Windows\Prefetch\SETUP_CLPS_BROWSER_ADDONS_MON-BBC42489.pf" "C:\Windows\Prefetch\SETUP_CLPS_CLIENT_TRANSACTION-992F173E.pf" "C:\Windows\Prefetch\SETUP_CLPS_WINDOWS_EVENT_MONI-492DC639.pf" "C:\Windows\Prefetch\SMSS.EXE-81AD91F0.pf" "C:\Windows\Prefetch\SOFFICE.BIN-72E915F8.pf" "C:\Windows\Prefetch\SOFFICE.EXE-7F5AFD1D.pf" "C:\Windows\Prefetch\SPPSVC.EXE-7B160CA5.pf" "C:\Windows\Prefetch\SSVAGENT.EXE-03CE9021.pf" "C:\Windows\Prefetch\SVCHOST.EXE-5B401A7E.pf" "C:\Windows\Prefetch\SVCHOST.EXE-574A519D.pf" "C:\Windows\Prefetch\SVCHOST.EXE-3395AAB7.pf" "C:\Windows\Prefetch\SVCHOST.EXE-5511E724.pf" "C:\Windows\Prefetch\SVCHOST.EXE-B7E95B0C.pf" "C:\Windows\Prefetch\SVCHOST.EXE-BD1BACA1.pf" "C:\Windows\Prefetch\SVCHOST.EXE-F76F2CFA.pf" "C:\Windows\Prefetch\SWRITER.EXE-FDA9E68A.pf" "C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf" "C:\Windows\Prefetch\TABTIP.EXE-58E52E53.pf" "C:\Windows\Prefetch\TABTIP32.EXE-9819DFFF.pf" "C:\Windows\Prefetch\TASKENG.EXE-23205583.pf" "C:\Windows\Prefetch\TASKHOST.EXE-29D61DAB.pf" "C:\Windows\Prefetch\TASKHOST.EXE-985C34E6.pf" "C:\Windows\Prefetch\TASKHOST.EXE-D687BE54.pf" "C:\Windows\Prefetch\TASKHOST.EXE-F2C7AEBC.pf" "C:\Windows\Prefetch\TASKHOSTEX.EXE-7356AAC0.pf" "C:\Windows\Prefetch\TASKMGR.EXE-39AABA37.pf" "C:\Windows\Prefetch\TIWORKER.EXE-D3BFD41F.pf" "C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-B018CCBF.pf" "C:\Windows\Prefetch\UNINSTALL.EXE-4C83D450.pf" "C:\Windows\Prefetch\UNINSTALL.EXE-8DDEB871.pf" "C:\Windows\Prefetch\UNINSTALL.EXE-641B5087.pf" "C:\Windows\Prefetch\UNINSTALL.EXE-AB0C8B25.pf" "C:\Windows\Prefetch\UNINSTALL.EXE-CF399C92.pf" "C:\Windows\Prefetch\UNIT.EXE-7102C278.pf" "C:\Windows\Prefetch\UNIT_MANAGER.EXE-A10E606A.pf" "C:\Windows\Prefetch\UNS.EXE-9B1279FB.pf" "C:\Windows\Prefetch\UNSECAPP.EXE-454AB5C0.pf" "C:\Windows\Prefetch\USERINIT.EXE-7FD17ED1.pf" "C:\Windows\Prefetch\VDECK.EXE-815C8D0F.pf" "C:\Windows\Prefetch\VIAAUD.EXE-93054CC8.pf" "C:\Windows\Prefetch\VIRTKIOSK.EXE-87F784B1.pf" "C:\Windows\Prefetch\VMMMODESELECTION.EXE-F15CAECD.pf" "C:\Windows\Prefetch\VSSVC.EXE-206E55B3.pf" "C:\Windows\Prefetch\WELCOME_SCREEN.EXE-7E1FAA87.pf" "C:\Windows\Prefetch\WERFAULT.EXE-44194444.pf" "C:\Windows\Prefetch\WERMGR.EXE-D948C216.pf" "C:\Windows\Prefetch\WINLOGON.EXE-0D9AB72B.pf" "C:\Windows\Prefetch\WLCOMM.EXE-D12936DC.pf" "C:\Windows\Prefetch\WLMAIL.EXE-A89F57F3.pf" "C:\Windows\Prefetch\WMIADAP.EXE-7D63BB4C.pf" "C:\Windows\Prefetch\WMIAPSRV.EXE-CF150EEA.pf" "C:\Windows\Prefetch\WMIPRVSE.EXE-0C8A533A.pf" "C:\Windows\Prefetch\WMIPRVSE.EXE-BB49B536.pf" "C:\Windows\Prefetch\WUAUCLT.EXE-4A7CF88B.pf" Are we infected or is this all nothing? Thank you for the help you may offer. Marshall I am sorry that I did not run DDS as requested in the first part of the forum. I had not read that but here are the two txt files, first dds.txt then attach.txt. Thank you for any help you offer Marshall ========================================================= DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16519 BrowserJavaVersion: 10.17.2 Run by JeanetteN at 13:05:58 on 2013-03-19 Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3982.1015 [GMT -5:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\dwm.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe C:\Windows\system32\DptfParticipantProcessorService.exe C:\Windows\system32\dashost.exe C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Windows\SysWOW64\irstrtsv.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\viakaraokesrv.exe C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhostex.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Program Files\ASUS\P4G\BatteryLife.exe C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe C:\Windows\System32\RuntimeBroker.exe C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Windows\system32\igfxpers.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Online Backup\OnlineBackup.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Users\JeanetteN\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe C:\Users\JeanetteN\AppData\Local\Amazon\Cloud Drive\jre\bin\javaw.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe C:\Windows\system32\notepad.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Windows\splwow64.exe C:\Windows\syswow64\wwahost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://asus13.msn.com uSearch Bar = Preserve uDefault_Page_URL = hxxp://asus13.msn.com mURLSearchHooks: MixiDJ V8 Toolbar: {e4c3a8b6-7724-45d1-a629-17b69118ebcd} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: GetSavin 5.0: {76E7224A-2612-41FD-A504-44AE1EB663F0} - C:\Users\JeanetteN\AppData\Local\getsavin\ie\getsavin_1363531801.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: MixiDJ V8 Toolbar: {e4c3a8b6-7724-45d1-a629-17b69118ebcd} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll TB: MixiDJ V8 Toolbar: {E4C3A8B6-7724-45D1-A629-17B69118EBCD} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: MixiDJ V8 Toolbar: {e4c3a8b6-7724-45d1-a629-17b69118ebcd} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [OnlineBackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [Amazon Cloud Drive] C:\Users\JeanetteN\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe uRun: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIIBE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-400 Series" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe StartupFolder: C:\Users\JEANET~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001017-0002-0017-ABCDEFFEDCBC} - <orphaned> IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {4125262D-2E47-11D3-9387-00C04F5B12B1} - hxxps://www.backup.com/user/webrestore.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{F434B957-C29E-4F11-923E-0DEBB2C6D006} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{F434B957-C29E-4F11-923E-0DEBB2C6D006}\24F6F63747D4F62696C656023547F627560275966496 : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{F434B957-C29E-4F11-923E-0DEBB2C6D006}\C6776796C63756D696075726C69636 : DHCPNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [DptfPolicyLpmServiceHelper] C:\Windows\System32\DptfPolicyLpmServiceHelper.exe x64-Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r x64-Run: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe x64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\JeanetteN\AppData\Roaming\Mozilla\Firefox\Profiles\nf8bx0p3.default-1363265529755\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=3&q={searchTerms}&CUI=UN33930829371937960 FF - prefs.js: browser.startup.homepage - hxxps://news.google.com/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=2&CUI=UN33930829371937960&UM=UM_ID&q= FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-02-07 18:05; {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}; C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi FF - ExtSQL: 2013-02-12 14:09; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF FF - ExtSQL: 2013-03-14 07:33; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-3-17 65336] R0 excsd;ExpressCache Storage Filter Driver;C:\Windows\System32\Drivers\excsd.sys [2012-12-6 95024] R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-5 645952] R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-2-12 1025808] R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-2-12 377920] R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536] R1 excfs;ExpressCache File System Filter Driver;C:\Windows\System32\Drivers\excfs.sys [2012-12-6 23344] R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416] R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-2-12 33400] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-2-12 80816] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-17 45248] R2 DptfParticipantProcessorService;Intel® Dynamic Platform & Thermal Framework Processor Participant Service Application;C:\Windows\System32\DptfParticipantProcessorService.exe [2012-9-28 29056] R2 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2012-3-30 79664] R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-1-29 87368] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104] R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-12-6 129856] R2 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2012-12-6 193576] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-12-6 166720] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-17 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-17 682344] R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-7 167424] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-12-6 365376] R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-9-28 27792] R2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2013-2-7 109064] R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-7-24 17152] R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-10-31 61824] R3 DptfDevDram;DptfDevDram;C:\Windows\System32\Drivers\DptfDevDram.sys [2012-9-28 107328] R3 DptfDevFan;DptfDevFan;C:\Windows\System32\Drivers\DptfDevFan.sys [2012-9-28 42816] R3 DptfDevGen;DptfDevGen;C:\Windows\System32\Drivers\DptfDevGen.sys [2012-9-28 64832] R3 DptfDevPch;DptfDevPch;C:\Windows\System32\Drivers\DptfDevPch.sys [2012-9-28 96064] R3 DptfDevProc;DptfDevProc;C:\Windows\System32\Drivers\DptfDevProc.sys [2012-9-28 228672] R3 DptfManager;DptfManager;C:\Windows\System32\Drivers\DptfManager.sys [2012-9-28 361792] R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-9-28 21152] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-9-28 342528] R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\Drivers\irstrtdv.sys [2012-12-6 43800] R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-9-28 110744] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-3-17 24176] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\Drivers\viahduaa.sys [2012-9-28 2203792] S2 DptfPolicyLpmService;Intel® Dynamic Platform & Thermal Framework Low Power Mode Service Application;C:\Windows\System32\DptfPolicyLpmService.exe [2012-9-28 36224] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-7 161384] S2 SwOffScheduler;Airytec Switch Off - Task Scheduler;C:\Program Files\Airytec\Switch Off\swoff.exe -service --> C:\Program Files\Airytec\Switch Off\swoff.exe -service [?] S2 SwOffWeb;Airytec Switch Off - Web Interface;C:\Program Files\Airytec\Switch Off\swoff.exe -service --> C:\Program Files\Airytec\Switch Off\swoff.exe -service [?] S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\Drivers\AmUStor.sys [2012-7-13 101504] S3 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-3-17 178624] S3 HTCAND64;HTC Device Driver;C:\Windows\System32\Drivers\ANDROIDUSB.sys [2013-3-17 33736] S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\Drivers\htcnprot.sys [2012-12-7 36928] S3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824] S3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2013-2-12 23552] S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656] . =============== File Associations =============== . FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice] . =============== Created Last 30 ================ . 2013-03-18 19:05:19 388096 ----a-r- C:\Users\JeanetteN\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-03-18 19:05:19 -------- d-----w- C:\Program Files (x86)\Trend Micro 2013-03-18 02:36:11 -------- d-----w- C:\ProgramData\COMODO 2013-03-18 02:35:56 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Comodo 2013-03-18 02:35:51 50952 ----a-w- C:\Windows\System32\certsentry.dll 2013-03-18 02:35:45 -------- d-----w- C:\Program Files (x86)\Comodo 2013-03-18 02:35:43 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll 2013-03-18 00:50:01 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2013-03-18 00:50:01 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2013-03-17 22:51:01 -------- d-----w- C:\Users\JeanetteN\AppData\Roaming\Malwarebytes 2013-03-17 22:50:53 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-03-17 22:50:53 -------- d-----w- C:\ProgramData\Malwarebytes 2013-03-17 22:50:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-03-17 21:38:54 -------- d-----w- C:\Program Files (x86)\Citrix 2013-03-17 21:38:42 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Citrix 2013-03-17 21:38:41 103832 ----a-w- C:\Users\JeanetteN\GoToAssistDownloadHelper.exe 2013-03-17 21:02:19 -------- d-----w- C:\Users\JeanetteN\AppData\Roaming\HTC Sync 2013-03-17 21:02:01 -------- d-----w- C:\Users\JeanetteN\AppData\Local\HTC MediaHub 2013-03-17 21:00:59 -------- d-----w- C:\Program Files (x86)\Spirent Communications 2013-03-17 19:18:57 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp 2013-03-17 17:08:31 -------- d-----w- C:\Program Files\HTC 2013-03-17 16:29:19 -------- d-----w- C:\Users\JeanetteN\AppData\Roaming\HTC 2013-03-17 16:29:13 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Apple Computer 2013-03-17 16:29:05 -------- d-----w- C:\ProgramData\Motorola 2013-03-17 16:27:05 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Downloaded Installations 2013-03-17 16:26:07 -------- d-----w- C:\Program Files (x86)\HTC 2013-03-17 16:25:25 33736 ----a-w- C:\Windows\System32\drivers\ANDROIDUSB.sys 2013-03-17 16:25:25 1122664 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll 2013-03-17 16:25:24 -------- d-----w- C:\ProgramData\HTC 2013-03-17 16:01:23 -------- d-----w- C:\Users\JeanetteN\AppData\Roaming\Mp3do 2013-03-17 16:01:11 -------- d-----w- C:\Program Files (x86)\mp3do 2013-03-17 15:08:28 -------- d-----w- C:\Program Files (x86)\Free Convert All Music Audio Converter Gold 2013-03-17 15:01:08 -------- d-----w- C:\Program Files (x86)\Conduit 2013-03-17 15:01:06 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Conduit 2013-03-17 15:01:06 -------- d-----w- C:\Program Files (x86)\MixiDJ_V8 2013-03-17 14:51:36 -------- d-----w- C:\Users\JeanetteN\AppData\Local\getsavin 2013-03-15 13:46:55 -------- d-----w- C:\Program Files\Common Files\EPSON 2013-03-15 13:46:48 -------- d-----w- C:\ProgramData\EPSON 2013-03-15 13:46:30 10752 ----a-w- C:\Windows\System32\E_GCINST.DLL 2013-03-15 13:46:29 120320 ----a-w- C:\Windows\System32\E_ILMIBE.DLL 2013-03-15 13:46:29 120320 ----a-w- C:\Windows\System32\E_ILMIBA.DLL 2013-03-15 13:46:28 83968 ----a-w- C:\Windows\System32\E_ID4BIBE.DLL 2013-03-15 13:46:28 83968 ----a-w- C:\Windows\System32\E_ID4BIBA.DLL 2013-03-14 13:04:46 -------- d-----w- C:\Program Files (x86)\NCH Software 2013-03-13 16:44:47 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Apps 2013-03-13 02:29:04 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-03-13 02:29:03 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-03-13 02:29:00 2246656 ----a-w- C:\Windows\System32\wininet.dll 2013-03-11 02:00:08 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin 2013-03-10 18:54:14 -------- d-----w- C:\Windows\SysWow64\Adobe 2013-03-10 18:03:39 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-03 03:55:39 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-03-03 03:55:39 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-02-28 15:29:59 -------- d-----w- C:\Users\JeanetteN\dwhelper 2013-02-27 21:08:12 443392 ----a-w- C:\Windows\System32\ReAgent.dll 2013-02-27 21:08:12 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll 2013-02-27 21:08:12 1010688 ----a-w- C:\Windows\System32\reseteng.dll 2013-02-25 05:36:51 -------- d-----w- C:\Users\JeanetteN\AppData\Roaming\Airytec 2013-02-25 05:35:59 -------- d-----w- C:\Program Files\Airytec 2013-02-24 15:16:01 -------- d-----w- C:\Program Files (x86)\FreeAlarmClock 2013-02-21 01:07:20 -------- d-----r- C:\Program Files (x86)\Skype 2013-02-19 19:20:44 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Aimersoft 2013-02-19 19:20:44 -------- d-----w- C:\Program Files (x86)\Common Files\Aimersoft 2013-02-19 19:20:30 -------- d-----w- C:\Program Files (x86)\Aimersoft . ==================== Find3M ==================== . 2013-03-19 17:51:02 401 ----a-w- C:\Users\JeanetteN\AppData\Roaming\sp_data.sys 2013-03-06 22:33:21 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2013-03-06 22:33:21 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2013-03-06 22:33:20 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2013-03-06 22:32:51 41664 ----a-w- C:\Windows\avastSS.scr 2013-03-05 23:07:25 78168 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-05 23:07:25 692568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-02 08:22:18 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll 2013-03-02 02:44:30 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll 2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll 2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 01:44:27 16384 ----a-w- C:\Windows\SysWow64\lgfwunis.exe 2013-02-12 01:30:04 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll 2013-02-12 00:56:19 53760 ----a-w- C:\Windows\System32\UXInit.dll 2013-02-12 00:25:18 4041728 ----a-w- C:\Windows\System32\win32k.sys 2013-02-12 00:17:50 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys 2013-02-07 04:09:56 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys 2013-02-07 03:34:58 10115072 ----a-w- C:\Windows\System32\twinui.dll 2013-02-07 03:33:47 2302464 ----a-w- C:\Windows\System32\authui.dll 2013-02-07 03:33:42 2146816 ----a-w- C:\Windows\System32\actxprxy.dll 2013-02-07 01:34:00 8856576 ----a-w- C:\Windows\SysWow64\twinui.dll 2013-02-07 01:33:03 2033664 ----a-w- C:\Windows\SysWow64\authui.dll 2013-02-07 01:33:01 754176 ----a-w- C:\Windows\SysWow64\actxprxy.dll 2013-02-05 22:31:11 622080 ----a-w- C:\Windows\System32\drivers\srv2.sys 2013-02-05 22:29:09 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2013-02-05 22:28:48 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2013-02-05 22:28:36 215552 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2013-02-05 04:56:27 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-02-05 04:56:27 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-02-05 03:55:27 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-02-05 01:44:50 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll 2013-02-04 22:39:39 907776 ----a-w- C:\Windows\System32\uxtheme.dll 2013-02-04 22:38:55 3966464 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-04 22:38:53 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-02-02 11:19:44 496872 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2013-02-02 11:19:44 446184 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS 2013-02-02 11:19:41 329960 ----a-w- C:\Windows\System32\drivers\storport.sys 2013-02-02 11:19:33 61672 ----a-w- C:\Windows\System32\drivers\crashdmp.sys 2013-02-02 10:54:54 1933544 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-02-02 10:28:54 993512 ----a-w- C:\Windows\System32\drivers\ndis.sys 2013-02-02 10:28:54 2226408 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-02-02 09:42:07 2207232 ----a-w- C:\Windows\SysWow64\PrintConfig.dll 2013-02-02 08:40:58 375808 ----a-w- C:\Windows\SysWow64\wbem\WmiPrvSE.exe 2013-02-02 08:40:55 80896 ----a-w- C:\Windows\SysWow64\tasklist.exe 2013-02-02 08:40:55 79360 ----a-w- C:\Windows\SysWow64\taskkill.exe 2013-02-02 08:40:36 155136 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll 2013-02-02 08:40:35 370688 ----a-w- C:\Windows\SysWow64\WWanAPI.dll 2013-02-02 08:40:27 131072 ----a-w- C:\Windows\SysWow64\wbem\WmiDcPrv.dll 2013-02-02 08:40:26 410624 ----a-w- C:\Windows\SysWow64\wlroamextension.dll 2013-02-02 08:40:22 197632 ----a-w- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll 2013-02-02 08:40:22 10792448 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll 2013-02-02 08:40:01 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll 2013-02-02 08:39:59 325632 ----a-w- C:\Windows\SysWow64\schannel.dll 2013-02-02 08:39:47 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll 2013-02-02 08:39:34 55296 ----a-w- C:\Windows\SysWow64\nlaapi.dll 2013-02-02 08:39:34 15872 ----a-w- C:\Windows\SysWow64\nlmproxy.dll 2013-02-02 08:39:34 12288 ----a-w- C:\Windows\SysWow64\nlmsprep.dll 2013-02-02 08:39:33 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll 2013-02-02 08:39:28 5090816 ----a-w- C:\Windows\SysWow64\mstscax.dll 2013-02-02 08:39:15 157696 ----a-w- C:\Windows\SysWow64\mbsmsapi.dll 2013-02-02 08:38:54 567808 ----a-w- C:\Windows\SysWow64\duser.dll 2013-02-02 08:24:19 107520 ----a-w- C:\Windows\System32\taskkill.exe 2013-02-02 08:24:19 102400 ----a-w- C:\Windows\System32\tasklist.exe 2013-02-02 08:23:44 228352 ----a-w- C:\Windows\System32\XpsRasterService.dll 2013-02-02 08:23:43 475136 ----a-w- C:\Windows\System32\WWanAPI.dll 2013-02-02 08:23:37 611840 ----a-w- C:\Windows\System32\wpd_ci.dll 2013-02-02 08:23:37 105472 ----a-w- C:\Windows\System32\wpdbusenum.dll 2013-02-02 08:23:30 830464 ----a-w- C:\Windows\System32\wbem\WmiPrvSD.dll 2013-02-02 08:23:28 543232 ----a-w- C:\Windows\System32\wlroamextension.dll 2013-02-02 08:23:21 13643264 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll 2013-02-02 08:23:19 293376 ----a-w- C:\Windows\System32\Windows.Networking.Connectivity.dll 2013-02-02 08:23:18 731648 ----a-w- C:\Windows\System32\win32spl.dll 2013-02-02 08:23:16 87552 ----a-w- C:\Windows\System32\wersvc.dll 2013-02-02 08:22:28 448512 ----a-w- C:\Windows\System32\SettingSync.dll 2013-02-02 08:22:22 416256 ----a-w- C:\Windows\System32\schannel.dll 2013-02-02 08:21:45 467456 ----a-w- C:\Windows\System32\netprofmsvc.dll 2013-02-02 08:21:44 385024 ----a-w- C:\Windows\System32\ncsi.dll 2013-02-02 08:21:38 5977600 ----a-w- C:\Windows\System32\mstscax.dll 2013-02-02 08:21:10 225280 ----a-w- C:\Windows\System32\mbsmsapi.dll 2013-02-02 08:20:47 260096 ----a-w- C:\Windows\System32\hotspotauth.dll 2013-02-02 08:20:31 729600 ----a-w- C:\Windows\System32\duser.dll 2013-02-02 07:30:05 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-02 07:25:52 297984 ----a-w- C:\Windows\System32\drivers\ks.sys 2013-02-02 07:25:26 82944 ----a-w- C:\Windows\System32\drivers\hidclass.sys 2013-02-02 07:25:23 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys 2013-02-02 05:41:57 1437184 ----a-w- C:\Windows\SysWow64\GdiPlus.dll 2013-02-02 05:31:54 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll 2013-01-29 01:57:05 35232 ----a-w- C:\Windows\System32\drivers\WdBoot.sys 2013-01-28 23:08:22 230904 ----a-w- C:\Windows\System32\drivers\WdFilter.sys 2013-01-14 03:56:14 6967016 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-01-12 01:02:34 64624 ----a-w- C:\Windows\System32\drivers\HECIx64.sys 2013-01-10 01:53:32 28904 ----a-w- C:\Windows\System32\drivers\msgpiowin32.sys 2013-01-10 01:40:39 1448168 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-01-10 01:40:38 303848 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-01-10 01:39:29 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys 2013-01-10 01:39:22 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys 2013-01-10 01:29:56 91880 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2013-01-10 01:29:21 785504 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2013-01-09 23:26:53 83968 ----a-w- C:\Windows\SysWow64\wiaacmgr.exe 2013-01-09 23:26:46 1611776 ----a-w- C:\Windows\SysWow64\mmc.exe . ============= FINISH: 13:06:34.82 =============== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ attach.txt ======================= . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume1 Install Date: 2/9/2013 10:44:06 PM System Uptime: 3/19/2013 12:50:20 PM (1 hours ago) . Motherboard: ASUSTeK COMPUTER INC. | | S400CA Processor: Intel® Core i5-3317U CPU @ 1.70GHz | SOCKET 0 | 1701/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 186 GiB total, 120.414 GiB free. D: is FIXED (NTFS) - 258 GiB total, 257.679 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP13: 3/18/2013 1:43:28 PM - Installed HiJackThis . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer 6400_Help Adobe Flash Player 11 Plugin Adobe Reader X (10.1.6) MUI Adobe Shockwave Player 12.0 Advanced MP3 Converter Windows 8 1.1 Aimersoft DVD Creator(Build 2.6.5) Airytec Switch Off Alcor Micro USB Card Reader Amazon Cloud Drive ASUS Instant Connect ASUS InstantOn ASUS LifeFrame3 ASUS Live Update ASUS Power4Gear Hybrid ASUS Smart Gesture ASUS Splendid Video Enhancement Technology ASUS Tutor ASUS USB Charger Plus ASUS VivoBook ASUS WebStorage Sync Agent AsusVibe2.0 Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver ATK Package Auslogics Disk Defrag avast! Free Antivirus bpd_scan BPDSoftware BPDSoftware_Ini BufferChm CCleaner D3DX10 Destinations DeviceDiscovery DocProc EPSON XP-400 Series Printer Uninstall ExpressCache Fax Free Alarm Clock 2.7.1 GetSavin Google Drive Google Update Helper GPBaseService2 HiJackThis HP Customer Participation Program 14.0 HP Imaging Device Functions 14.0 HP OfficeJet J6400 14.0 Rel. 6 HP Solution Center 14.0 HP Update HPProductAssistant HPSSupply HTC Driver Installer HTC Sync Manager Intel® Dynamic Platform and Thermal Framework Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Start Technology Intel® SDK for OpenCL - CPU Only Runtime Package Intel® Trusted Connect Service Client IPTInstaller iSEEK AnswerWorks English Runtime J6400 Java 7 Update 17 Java Auto Updater Junk Mail filter update LG CyberLink LabelPrint LG CyberLink Power2Go LG CyberLink PowerBackup LG CyberLink YouCam LG ODD Auto Firmware Update LG Power Tools LightScribe System Software Magical Jelly Bean KeyFinder Malwarebytes Anti-Malware version 1.70.0.1100 MarketResearch Microsoft Application Error Reporting Microsoft Office Microsoft Silverlight Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MixiDJ V8 Toolbar Movie Maker Mozilla Firefox 19.0.2 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 Network64 OCR Software by I.R.I.S. 14.0 Online Backup OpenOffice.org 3.4.1 Photo Common Photo Gallery PhotoScape Picasa 3 Pixillion Image Converter Platform ProductContext Qualcomm Atheros Client Installation Program Quicken 2012 Scan Shared C Run-time for x64 Shop for HP Supplies Skype Click to Call Skype™ 6.2 SolutionCenter Status swMSM Toolbox TrayApp VIA Platform Device Manager Wajam WebReg Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinFlash WModem Driver Installer . ==== Event Viewer Messages From Past Week ======== . 3/19/2013 12:50:23 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''. 3/18/2013 4:15:11 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control. . ==== End Of File =========================== Another note: I have deleted again the Prefetch folder and this time unlike the first time when the computer was rebooted many items where gone. I rebooted a second and third time and each time I rebooted the prefetch folder had more items in it. This is a list of the items that where in the PF folder after the last reboot. The items that the "tech person" pointed to as proof of a backdoor are gone though they may come back. ============================================= Pf after deletion and 3 reboots "C:\Windows\Prefetch\ReadyBoot" "C:\Windows\Prefetch\ADB.EXE-67EDDB48.pf" "C:\Windows\Prefetch\AgAppLaunch.db" "C:\Windows\Prefetch\AgGlFaultHistory.db" "C:\Windows\Prefetch\AgGlFgAppHistory.db" "C:\Windows\Prefetch\AgGlGlobalHistory.db" "C:\Windows\Prefetch\AgRobust.db" "C:\Windows\Prefetch\AUDIODG.EXE-9848A323.pf" "C:\Windows\Prefetch\AVAST.SETUP-50B30900.pf" "C:\Windows\Prefetch\AVASTEMUPDATE.EXE-0DD1597D.pf" "C:\Windows\Prefetch\AVBUGREPORT.EXE-E4EA699E.pf" "C:\Windows\Prefetch\CONHOST.EXE-F98A1078.pf" "C:\Windows\Prefetch\CONSENT.EXE-2D674CE4.pf" "C:\Windows\Prefetch\CSC.EXE-4D47A477.pf" "C:\Windows\Prefetch\CVTRES.EXE-9077A165.pf" "C:\Windows\Prefetch\DLLHOST.EXE-5C94BCB3.pf" "C:\Windows\Prefetch\DLLHOST.EXE-6AA5D6C5.pf" "C:\Windows\Prefetch\DLLHOST.EXE-50AF0BCC.pf" "C:\Windows\Prefetch\DLLHOST.EXE-38926D07.pf" "C:\Windows\Prefetch\DLLHOST.EXE-C1C2EFBE.pf" "C:\Windows\Prefetch\DMEDIA.EXE-FAA82C3F.pf" "C:\Windows\Prefetch\FIREFOX.EXE-528BC649.pf" "C:\Windows\Prefetch\FLASHPLAYERPLUGIN_11_6_602_18-54979347.pf" "C:\Windows\Prefetch\GOOGLEUPDATE.EXE-62E5E10F.pf" "C:\Windows\Prefetch\HPWUSCHD2.EXE-70D5B7CD.pf" "C:\Windows\Prefetch\INTELMEFWSERVICE.EXE-265333D9.pf" "C:\Windows\Prefetch\JUSCHED.EXE-4B303C70.pf" "C:\Windows\Prefetch\LMS.EXE-409EDB07.pf" "C:\Windows\Prefetch\LPKSETUP.EXE-EE6EE0C2.pf" "C:\Windows\Prefetch\MBAMGUI.EXE-9FF23AE2.pf" "C:\Windows\Prefetch\MPCMDRUN.EXE-6520183E.pf" "C:\Windows\Prefetch\MSIEXEC.EXE-7D20CFB0.pf" "C:\Windows\Prefetch\NOTEPAD.EXE-1A4CC1C3.pf" "C:\Windows\Prefetch\PfSvPerfStats.bin" "C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-E510713D.pf" "C:\Windows\Prefetch\PRINTISOLATIONHOST.EXE-9AE42873.pf" "C:\Windows\Prefetch\RUNTIMEBROKER.EXE-17E2786F.pf" "C:\Windows\Prefetch\SCALC.EXE-5046D548.pf" "C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-10E4267C.pf" "C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf" "C:\Windows\Prefetch\SETTINGSYNCHOST.EXE-DD400067.pf" "C:\Windows\Prefetch\SIMPRESS.EXE-A76BBA08.pf" "C:\Windows\Prefetch\SOFFICE.BIN-72E915F8.pf" "C:\Windows\Prefetch\SOFFICE.EXE-7F5AFD1D.pf" "C:\Windows\Prefetch\SPLWOW64.EXE-853292E2.pf" "C:\Windows\Prefetch\SPPSVC.EXE-7B160CA5.pf" "C:\Windows\Prefetch\TABTIP32.EXE-9819DFFF.pf" "C:\Windows\Prefetch\TASKHOST.EXE-29D61DAB.pf" "C:\Windows\Prefetch\TASKHOST.EXE-985C34E6.pf" "C:\Windows\Prefetch\TIWORKER.EXE-D3BFD41F.pf" "C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-B018CCBF.pf" "C:\Windows\Prefetch\UNS.EXE-9B1279FB.pf" "C:\Windows\Prefetch\VMMMODESELECTION.EXE-F15CAECD.pf" "C:\Windows\Prefetch\WMIADAP.EXE-7D63BB4C.pf" "C:\Windows\Prefetch\WMIAPSRV.EXE-CF150EEA.pf"
  3. Mwda
    I did as you instructed. Their was some issue with Adobe and I could not use the live link but had to download the full program from their site and install it, but Adobe claimed that this is not unusual because some firewalls have issues. Once I did this I checked it out and it seems to be running fine. I was surprised that you had suggested this for I thought I was getting updates all the time from Adobe. I hope that Adobe is not a problem or an opening for malware. I ran the clean.exe program and should have figured that uninstall would not get all of Zone Alarm. Does Uninstall ever work, certainly not with HP printers? I use Malwarebytes all the time and have bought it for my laptop and it is a permanent program their however, as you point out and as others have pointed out to me, I should not have two permanent anti-virus programs running at the same time and I like the "scan at start up" feature of Avast plus it is free as is Malwarebytes basic program. I have told people that none of the permanent programs work all of the time but that one should use Malwarebytes periodically allowing it to do an individual scan. I have done this on computers with other high priced protection programs and have not failed to get some real positive hits with Malwarebytes. I had Norton and McAfee for years and I liked McAfee, especially many years ago when it had it's DOS scan at startup, however none of them got the big problem I had Win98 and was told to use Malwarebytes and Firefox at that time and it helped. I disabled the "Defense+" feature of Comodo and use only the Firewall feature. I hope I do not still have some conflict their however it seems to be working though I may not know if it was not. I am surprised at Comodo not exiting as it should have and may look into another software firewall even though I have told some people to use Comodo. Here is the Quick Scan from Malwarebytes ========================================= Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.21.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 mwda :: HOME-SATA [administrator] 6/21/2012 10:29:54 AM mbam-log-2012-06-21 (10-29-54).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 227159 Time elapsed: 2 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ==================== I thank you very much for your expert help. I have used help like this more then once and am always amazed at the quality of help I get. I don't care what Microsoft says if it was not for free services like this computers would not win. Marshall
  4. Mwda
    I thank you all very much for your help. I do admire you people. I could not possibly master the complexities that you deal with every day though I am sure, having read this in the paper and having tried to fix other computers, that this is also why the bad guys seem to be winning in computers. I ran RSIT with no request from my firewall however I got two error messages which requested of me to allow them to report these errors to a website. I selected yes in both instances and in both instances my browser opened and went to a general "Frontier" type search page. Bellow are the two RSIT info and log file contents. ============================== Logfile of random's system information tool 1.09 (written by random/random) Run by mwda at 2012-06-20 10:03:58 Microsoft Windows XP Professional Service Pack 3 System drive C: has 64 GB (80%) free of 79 GB Total RAM: 2013 MB (80% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:04:58 AM, on 6/20/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Kalender\Kalender.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\mwda\My Documents\Downloads\RSIT.exe C:\Program Files\trend micro\mwda.exe C:\Program Files\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [Kalender] C:\Program Files\Kalender\Kalender.exe O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc. - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- End of file - 5689 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Adobe Flash Player Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\MyDefrag v4.3.1 Daily.job C:\WINDOWS\tasks\MyDefrag v4.3.1 Monthly.job =========Mozilla firefox========= ProfilePath - C:\Documents and Settings\mwda\Application Data\Mozilla\Firefox\Profiles\93dgnwqq.default prefs.js - "browser.startup.homepage" - "http://www.google.com/" prefs.js - "extensions.enabledItems" - "jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, fdm_ffext@freedownloadmanager.org:1.3.4, {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323, {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3, {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17" prefs.js - "keyword.URL" - "http://www.bing.com/search?pc=Z178&form=ZGAADF&install_date=20110901&q=" "wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF "{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.3.300.257 Plugin "Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer] "Description"=Adobe Shockwave Player "Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi] "Description"=ZoneAlarm Toolbar Api "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin] "Description"=Google Earth in your browser "Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5] "Description"=Windows Presentation Foundation plug-in for Mozilla browsers "Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660] "Description"=RealNetworks RealPlayer Chrome Background Extension Plug-In "Path"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660] "Description"=RealPlayer HTML5VideoShim Plug-In "Path"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} C:\Program Files\Mozilla Firefox\components\ binary.manifest browsercomps.dll nsIQTScriptablePlugin.xpt C:\Program Files\Mozilla Firefox\plugins\ npdeployJava1.dll nppdf32.dll npqtplugin.dll npqtplugin2.dll npqtplugin3.dll npqtplugin4.dll npqtplugin5.dll npqtplugin6.dll QuickTimePlugin.class C:\Program Files\Mozilla Firefox\searchplugins\ amazondotcom.xml answers.xml bing.xml bing.xml.old creativecommons.xml eBay.xml google.xml twitter.xml wikipedia.xml yahoo.xml C:\Documents and Settings\mwda\Application Data\Mozilla\Firefox\Profiles\93dgnwqq.default\extensions\ nostmp {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-02-23 814160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}] FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-12 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-02-23 814160] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2012-03-11 6749512] "avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-02-23 3451496] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Kalender"=C:\Program Files\Kalender\Kalender.exe [2010-08-22 933888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-06-06 35736] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe [2009-02-26 173592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] C:\WINDOWS\system32\igfxtray.exe [2009-02-26 141336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-05-14 46632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe [1999-08-04 122940] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-05-14 30248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] C:\WINDOWS\system32\igfxpers.exe [2009-02-26 142360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-02-01 255528] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2010-06-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] C:\WINDOWS\RTHDCPL.EXE [2009-05-21 17881600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk] C:\PROGRA~1\NETGEAR\WG111v2\WG111v2.exe [2010-05-10 1268192] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^mwda^Start Menu^Programs^Startup^Locate32 Autorun.lnk] C:\PROGRA~1\Locate\Locate32.exe [2007-07-01 970752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\WINDOWS\system32\guard32.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2009-02-20 206848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoResolveSearch"=1 "HonorAutoRunSetting"=1 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"=midimap.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.trspch"=tssoft32.acm "vidc.cvid"=iccvid.dll "vidc.I420"=msh263.drv "vidc.iv31"=ir32_32.dll "vidc.iv32"=ir32_32.dll "vidc.iv41"=ir41_32.dll "vidc.iyuv"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvu9"=iyvu9_32.dll "vidc.yvyu"=msyuv.dll "wavemapper"=msacm32.drv "msacm.msg723"=msg723.acm "vidc.M263"=msh263.drv "vidc.M261"=msh261.drv "msacm.msaudio1"=msaud32.acm "msacm.sl_anet"=sl_anet.acm "msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax "vidc.iv50"=ir50_32.dll "msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "VIDC.XVID"=xvidvfw.dll "VIDC.YV12"=yv12vfw.dll "msacm.ac3acm"=ac3acm.acm "msacm.lameacm"=lameACM.acm "VIDC.FFDS"=ff_vfw.dll "VIDC.WMV3"=wmv9vcm.dll ======List of files/folders created in the last 1 month====== 2012-06-20 10:03:58 ----D---- C:\rsit 2012-06-20 10:03:58 ----D---- C:\Program Files\trend micro 2012-06-19 13:18:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2707511$ 2012-06-19 13:10:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2685939$ 2012-06-19 13:07:26 ----A---- C:\WINDOWS\imsins.BAK 2012-06-19 13:07:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2709162$ 2012-06-19 13:02:59 ----D---- C:\WINDOWS\temp 2012-06-19 13:02:57 ----A---- C:\ComboFix.txt 2012-06-19 12:37:16 ----D---- C:\Program Files\ERUNT 2012-06-04 13:41:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2718704$ 2012-05-22 16:53:32 ----D---- C:\Documents and Settings\mwda\Application Data\Auslogics ======List of files/folders modified in the last 1 month====== 2012-06-20 10:04:11 ----D---- C:\WINDOWS\Prefetch 2012-06-20 10:03:58 ----RD---- C:\Program Files 2012-06-20 10:03:09 ----D---- C:\WINDOWS\system32\CatRoot2 2012-06-20 10:02:23 ----D---- C:\WINDOWS\system32\config 2012-06-20 09:53:38 ----D---- C:\WINDOWS\system32\drivers 2012-06-20 09:53:37 ----SHD---- C:\System Volume Information 2012-06-20 09:53:37 ----D---- C:\WINDOWS\system32\Restore 2012-06-20 09:52:45 ----A---- C:\WINDOWS\SchedLgU.Txt 2012-06-20 09:52:36 ----D---- C:\WINDOWS 2012-06-20 09:52:26 ----D---- C:\WINDOWS\ERDNT 2012-06-19 13:38:36 ----RSD---- C:\WINDOWS\assembly 2012-06-19 13:38:36 ----D---- C:\WINDOWS\Microsoft.NET 2012-06-19 13:19:38 ----D---- C:\WINDOWS\system32 2012-06-19 13:18:38 ----HD---- C:\WINDOWS\inf 2012-06-19 13:18:36 ----RSHDC---- C:\WINDOWS\system32\dllcache 2012-06-19 13:18:25 ----SHD---- C:\WINDOWS\Installer 2012-06-19 13:18:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2012-06-19 13:18:05 ----D---- C:\WINDOWS\WinSxS 2012-06-19 13:13:05 ----D---- C:\WINDOWS\Debug 2012-06-19 13:13:01 ----A---- C:\WINDOWS\system32\MRT.exe 2012-06-19 13:10:34 ----D---- C:\Program Files\Internet Explorer 2012-06-19 13:10:22 ----D---- C:\WINDOWS\ie8updates 2012-06-19 13:10:16 ----HD---- C:\WINDOWS\$hf_mig$ 2012-06-19 13:00:21 ----N---- C:\WINDOWS\system.ini 2012-06-19 12:59:55 ----D---- C:\WINDOWS\system32\drivers\etc 2012-06-19 12:56:10 ----D---- C:\WINDOWS\AppPatch 2012-06-19 12:56:07 ----D---- C:\Program Files\Common Files 2012-06-19 08:47:03 ----D---- C:\Program Files\Mozilla Maintenance Service 2012-06-18 20:52:37 ----D---- C:\Program Files\Mozilla Firefox 2012-06-18 20:21:33 ----A---- C:\WINDOWS\ahd3.ini 2012-06-18 20:15:51 ----D---- C:\WINDOWS\system 2012-06-16 20:31:43 ----D---- C:\Documents and Settings\mwda\Application Data\dvdcss 2012-06-15 14:09:51 ----D---- C:\Documents and Settings\mwda\Application Data\UK's Kalender 2012-06-12 20:17:32 ----SD---- C:\WINDOWS\Tasks 2012-06-12 15:06:45 ----D---- C:\Documents and Settings\mwda\Application Data\Software Informer 2012-06-11 20:46:43 ----D---- C:\Program Files\Mozilla Thunderbird 2012-06-11 14:16:54 ----N---- C:\WINDOWS\win.ini 2012-06-11 14:13:19 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe 2012-05-31 08:22:09 ----A---- C:\WINDOWS\system32\crypt32.dll 2012-05-22 16:53:28 ----D---- C:\Program Files\Auslogics 2012-05-22 16:51:57 ----D---- C:\Program Files\AusLogics Disk Defrag ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2012-03-11 97760] R0 SmartDefragDriver;SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [2010-11-26 14776] R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-02-23 30680] R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-02-23 25432] R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-02-23 371544] R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-02-23 301528] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-02-23 49240] R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys [] R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2012-03-11 494968] R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2012-03-11 31704] R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\D:\instal\util\diag\hw32\HWiNFO32.SYS [] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-06-11 21419] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-02-23 19544] R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-02-23 102232] R2 cpuz133;cpuz133; \??\C:\WINDOWS\system32\drivers\cpuz133_x32.sys [] R2 pciinfo;pciinfo; C:\WINDOWS\System32\drivers\PCIINFO.SYS [2000-03-15 2752] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-02-20 6312864] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-06-02 5085184] R3 RT73;ASUS USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2008-01-15 459520] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736] S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS [] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 cpuz130;cpuz130; \??\C:\DOCUME~1\mwda\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [] S3 DirectNT;DirectNT; \??\H:\back\win_e\bat\utilitis\cpu information\DIRECTNT.SYS [] S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys [] S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys [] S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\18.tmp [] S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056] S3 PORTMON;PORTMON; \??\D:\installed\util\sysinternals\SysinternalsSuite\PORTMSYS.SYS [] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2007-12-26 272128] S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys [] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-02-23 42184] R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2012-03-11 1983232] R2 OneTouch 4.0 Monitor;OneTouch 4.0 Monitor; C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe [2008-06-02 131072] R2 UPHClean;User Profile Helper Cleanup; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-08 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 257224] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 Diskeeper;Diskeeper; C:\Program Files\Executive Software\DiskeeperLite\DKService.exe [2002-10-16 176128] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-08 136176] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 IS360service;IS360service; C:\Program Files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120] S3 WinDefend;Windows Defender; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 PuranDefrag;PuranDefrag; C:\WINDOWS\system32\PuranDefragS.exe [2011-02-15 229376] -----------------EOF----------------- info.txt logfile of random's system information tool 1.09 2012-06-20 10:05:01 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf A.F.5 Rename your files 1.1-->MsiExec.exe /I{A725C340-77EE-11D6-BBC2-0000CB591583} ActivePerl 5.8.9 Build 828-->MsiExec.exe /I{908241D6-9CB9-4C7B-ADE2-DE1C20BD0333} Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{FE23D063-934D-4829-A0D8-00634CE79B4A} Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -maintain activex Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe -maintain plugin Adobe Reader X (10.1.0)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001} Adobe Shockwave Player 11.6-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe" Advanced Port Scanner v1.3-->C:\Program Files\Advanced Port Scanner\uninstal.exe Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe" ASUS WLAN Card Utilities/Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F722FA9-B994-4C9B-B292-FD32D6206EDF}\Setup.exe" -l0x9 Auslogics Disk Defrag-->"C:\Program Files\Auslogics\Auslogics Disk Defrag\unins000.exe" Auslogics Duplicate File Finder-->"C:\Program Files\Auslogics\Auslogics Duplicate File Finder\unins000.exe" Auslogics Task Manager-->"C:\Program Files\Auslogics\Auslogics Task Manager\unins000.exe" AutoHotkey 1.0.48.05-->C:\Program Files\AutoHotkey\uninst.exe avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup Calculator Powertoy for Windows XP-->MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A} CCleaner-->"C:\Program Files\CCleaner\uninst.exe" CDBurnerXP Pro 3-->MsiExec.exe /I{12F14497-A7B7-4571-AAAC-154DBC93EAB0} Chessmaster 9000-->C:\WINDOWS\IsUninst.exe -f"f:\Program Files\Ubi Soft\Chessmaster 9000\CM9kUninst.isu" CleanHaven 2.2-->"C:\Program Files\CleanHaven\unins000.exe" ClearType Tuning Control Panel Applet-->MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D} CmdHere Powertoy For Windows XP-->MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C} COMODO Internet Security-->MsiExec.exe /I{FD8E178D-8B4E-42DA-B434-EFF270329B1C} CPUID CPU-Z 1.54-->"C:\Program Files\CPUID\CPU-Z\unins000.exe" CSVed 2.1.4-->"C:\Program Files\CSVed\unins000.exe" Defraggler-->"C:\Program Files\Defraggler\uninst.exe" DelinvFile - 3.03-->"C:\Program Files\PurgeIE\unins000.exe" Disk Investigator 1.51-->C:\Program Files\Disk Investigator\uninst.exe Diskeeper Lite-->MsiExec.exe /X{A3F60446-48FB-48A8-B5FC-BB3430AEF806} Duplicate Cleaner 2.0.5-->C:\Program Files\Duplicate Cleaner\uninst.exe EASEUS Partition Master 8.0.1 Home Edition-->"C:\Program Files\EASEUS\EASEUS Partition Master 8.0.1 Home Edition\unins000.exe" Encyclopaedia Britannica Ultimate Reference Suite DVD 2004-->"C:\Program Files\Britannica 2004\Ultimate Reference Suite DVD\UninstallerData\Uninstall Encyclopaedia Britannica Ultimate Reference Suite 2004.exe" Eraser-->"C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe" REMOVE=TRUE MODIFY=FALSE Eraser-->C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe" ExamDiff 1.8 (Build 1.8.0.7)-->"C:\Program Files\ExamDiff\unins000.exe" FastStone Image Viewer 4.6-->C:\Program Files\FastStone Image Viewer\uninst.exe Final Media Player 2010-->"C:\Program Files\FinalMediaPlayer\unins000.exe" Free Download Manager 3.0-->"C:\Program Files\Free Download Manager\unins000.exe" Freemake Video Converter version 3.0.1-->"C:\Program Files\Freemake\Freemake Video Converter\Uninstall\unins000.exe" Google Chrome-->"C:\Program Files\Google\Chrome\Application\19.0.1084.56\Installer\setup.exe" --uninstall --multi-install --chrome --system-level Google Earth-->MsiExec.exe /X{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} GPL Ghostscript 9.00-->"C:\Program Files\gs\uninstgs.exe" "C:\Program Files\gs\gs9.00\uninstal.txt" HashCalc 2.02-->"C:\Program Files\HashCalc\unins000.exe" Helicon Filter 4.93.2 Free-->"C:\Program Files\Helicon Software\Helicon Filter\unins000.exe" Hexonic PDF Split and Merge 1.0-->"C:\Program Files\Hexonic PDF Split and Merge\unins000.exe" High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe" Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe" Hotfix for Windows XP (KB2570791)-->"C:\WINDOWS\$NtUninstallKB2570791$\spuninst\spuninst.exe" Hotfix for Windows XP (KB2633952)-->"C:\WINDOWS\$NtUninstallKB2633952$\spuninst\spuninst.exe" Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe" HP Business Inkjet 1000 Series-->msiexec /x{8034A623-0A42-4514-9536-BD124A9AEBA5} HP Drive Key Boot Utility-->C:\Program Files\Compaq\hpdkbu\hpuninst.exe HP USB Disk Storage Format Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9 ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe" Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall IObit Security 360-->"C:\Program Files\IObit\IObit Security 360\unins000.exe" IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe IsoBuster 2.8-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe" Java 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF} K-Lite Codec Pack 5.9.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Locate32-->C:\Program Files\Locate\Remove.exe Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Encarta Encyclopedia Standard 2001-->MsiExec.exe /I{01001201-5D65-445A-B3B4-3DCE72BA0C6C} Microsoft Money 2000 Standard Edition-->C:\Program Files\Microsoft Money\setup\setup.exe Microsoft Streets and Trips 2001-->MsiExec.exe /I{3D719053-5593-11D3-8F25-0060085C1758} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Works 4.0-->C:\Program Files\MSWorks\Setup40\setup.exe Mozilla Firefox 13.0.1 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe" Mozilla Thunderbird 12.0.1 (x86 en-US)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MyDefrag v4.3.1-->"C:\Program Files\MyDefrag v4.3.1\unins000.exe" Mz Services Manager-->"C:\Program Files\Mz Ultimate Tools\Mz Services Manager\unins000.exe" Neat Image v6.1 Home-->"C:\Program Files\Neat Image\unins000.exe" NETGEAR WG111v2 wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{4102037D-E8E0-48E0-B203-E521D194FB71}\setup.exe -runfromtemp -l0x0009 -removeonly Norton PartitionMagic 8.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502} NoteTab Light 5 (Remove only)-->"C:\Program Files\NoteTab Light\unins000.exe" OneTouch 4.0-->MsiExec.exe /I{BCDA28CF-BDE3-49BE-AB50-87FD47CA4559} OpenOffice.org 3.2-->MsiExec.exe /I{6ADD0603-16EF-400D-9F9E-486432835002} Photo Pos Pro-->"C:\WINDOWS\Photo Pos Pro Uninstaller.exe" PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe" Pixia-->"C:\Program Files\InstallShield Installation Information\{A0BCF90F-B4E4-435C-A48D-8FAAE10554F9}\setup.exe" -runfromtemp -l0x0409 -removeonly Puran Defrag Free Edition 7.2-->"C:\Program Files\Puran Defrag\unins000.exe" PySol Fan Club edition v.2.0-->"C:\Program Files\PySol Fan Club edition\unins000.exe" QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly Registrar Lite 2.00-->"C:\Program Files\Registrar Lite\unwise.exe" C:\PROGRA~1\REGIST~1\INSTALL.LOG Revo Uninstaller 1.88-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe ScanSoft PaperPort 11-->MsiExec.exe /I{0AB8248A-BCC4-4B46-9A8A-1B5FBBDB8278} SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872} Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT="" Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT="" Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {86BB5A25-8CC3-33CE-A393-CF28901682B2} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {16EEC04A-B924-37E0-97CF-422DCEFC1B63} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C4D978AA-2668-3404-96DE-96E2AFC62FD7} /parameterfolder Client Security Update for Microsoft Windows (KB2564958)-->"C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2544521)-->"C:\WINDOWS\ie8updates\KB2544521-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2618444)-->"C:\WINDOWS\ie8updates\KB2618444-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2647516)-->"C:\WINDOWS\ie8updates\KB2647516-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2675157)-->"C:\WINDOWS\ie8updates\KB2675157-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2699988)-->"C:\WINDOWS\ie8updates\KB2699988-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe" Security Update for Windows Media Encoder (KB2447961)-->"C:\WINDOWS\$NtUninstallKB2447961_WM9L$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe" Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe" Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe" Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe" Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe" Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe" Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe" Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe" Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe" Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe" Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe" Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe" Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe" Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe" Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe" Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe" Security Update for Windows XP (KB2416400)-->"C:\WINDOWS\$NtUninstallKB2416400$\spuninst\spuninst.exe" Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe" Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe" Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe" Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe" Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe" Security Update for Windows XP (KB2476490)-->"C:\WINDOWS\$NtUninstallKB2476490$\spuninst\spuninst.exe" Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe" Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe" Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe" Security Update for Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe" Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe" Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe" Security Update for Windows XP (KB2482017)-->"C:\WINDOWS\$NtUninstallKB2482017$\spuninst\spuninst.exe" Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe" Security Update for Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe" Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe" Security Update for Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe" Security Update for Windows XP (KB2503665)-->"C:\WINDOWS\$NtUninstallKB2503665$\spuninst\spuninst.exe" Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe" Security Update for Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe" Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe" Security Update for Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe" Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe" Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe" Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe" Security Update for Windows XP (KB2510581)-->"C:\WINDOWS\$NtUninstallKB2510581$\spuninst\spuninst.exe" Security Update for Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe" Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe" Security Update for Windows XP (KB2530548)-->"C:\WINDOWS\$NtUninstallKB2530548$\spuninst\spuninst.exe" Security Update for Windows XP (KB2535512)-->"C:\WINDOWS\$NtUninstallKB2535512$\spuninst\spuninst.exe" Security Update for Windows XP (KB2536276)-->"C:\WINDOWS\$NtUninstallKB2536276$\spuninst\spuninst.exe" Security Update for Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB2544521)-->"C:\WINDOWS\$NtUninstallKB2544521$\spuninst\spuninst.exe" Security Update for Windows XP (KB2544893)-->"C:\WINDOWS\$NtUninstallKB2544893$\spuninst\spuninst.exe" Security Update for Windows XP (KB2544893-v2)-->"C:\WINDOWS\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB2555917)-->"C:\WINDOWS\$NtUninstallKB2555917$\spuninst\spuninst.exe" Security Update for Windows XP (KB2559049)-->"C:\WINDOWS\$NtUninstallKB2559049$\spuninst\spuninst.exe" Security Update for Windows XP (KB2562937)-->"C:\WINDOWS\$NtUninstallKB2562937$\spuninst\spuninst.exe" Security Update for Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe" Security Update for Windows XP (KB2567053)-->"C:\WINDOWS\$NtUninstallKB2567053$\spuninst\spuninst.exe" Security Update for Windows XP (KB2567680)-->"C:\WINDOWS\$NtUninstallKB2567680$\spuninst\spuninst.exe" Security Update for Windows XP (KB2570222)-->"C:\WINDOWS\$NtUninstallKB2570222$\spuninst\spuninst.exe" Security Update for Windows XP (KB2570947)-->"C:\WINDOWS\$NtUninstallKB2570947$\spuninst\spuninst.exe" Security Update for Windows XP (KB2584146)-->"C:\WINDOWS\$NtUninstallKB2584146$\spuninst\spuninst.exe" Security Update for Windows XP (KB2585542)-->"C:\WINDOWS\$NtUninstallKB2585542$\spuninst\spuninst.exe" Security Update for Windows XP (KB2586448)-->"C:\WINDOWS\$NtUninstallKB2586448$\spuninst\spuninst.exe" Security Update for Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe" Security Update for Windows XP (KB2598479)-->"C:\WINDOWS\$NtUninstallKB2598479$\spuninst\spuninst.exe" Security Update for Windows XP (KB2603381)-->"C:\WINDOWS\$NtUninstallKB2603381$\spuninst\spuninst.exe" Security Update for Windows XP (KB2618444)-->"C:\WINDOWS\$NtUninstallKB2618444$\spuninst\spuninst.exe" Security Update for Windows XP (KB2618451)-->"C:\WINDOWS\$NtUninstallKB2618451$\spuninst\spuninst.exe" Security Update for Windows XP (KB2619339)-->"C:\WINDOWS\$NtUninstallKB2619339$\spuninst\spuninst.exe" Security Update for Windows XP (KB2620712)-->"C:\WINDOWS\$NtUninstallKB2620712$\spuninst\spuninst.exe" Security Update for Windows XP (KB2621440)-->"C:\WINDOWS\$NtUninstallKB2621440$\spuninst\spuninst.exe" Security Update for Windows XP (KB2624667)-->"C:\WINDOWS\$NtUninstallKB2624667$\spuninst\spuninst.exe" Security Update for Windows XP (KB2631813)-->"C:\WINDOWS\$NtUninstallKB2631813$\spuninst\spuninst.exe" Security Update for Windows XP (KB2633171)-->"C:\WINDOWS\$NtUninstallKB2633171$\spuninst\spuninst.exe" Security Update for Windows XP (KB2639417)-->"C:\WINDOWS\$NtUninstallKB2639417$\spuninst\spuninst.exe" Security Update for Windows XP (KB2641653)-->"C:\WINDOWS\$NtUninstallKB2641653$\spuninst\spuninst.exe" Security Update for Windows XP (KB2646524)-->"C:\WINDOWS\$NtUninstallKB2646524$\spuninst\spuninst.exe" Security Update for Windows XP (KB2647518)-->"C:\WINDOWS\$NtUninstallKB2647518$\spuninst\spuninst.exe" Security Update for Windows XP (KB2653956)-->"C:\WINDOWS\$NtUninstallKB2653956$\spuninst\spuninst.exe" Security Update for Windows XP (KB2659262)-->"C:\WINDOWS\$NtUninstallKB2659262$\spuninst\spuninst.exe" Security Update for Windows XP (KB2660465)-->"C:\WINDOWS\$NtUninstallKB2660465$\spuninst\spuninst.exe" Security Update for Windows XP (KB2661637)-->"C:\WINDOWS\$NtUninstallKB2661637$\spuninst\spuninst.exe" Security Update for Windows XP (KB2676562)-->"C:\WINDOWS\$NtUninstallKB2676562$\spuninst\spuninst.exe" Security Update for Windows XP (KB2685939)-->"C:\WINDOWS\$NtUninstallKB2685939$\spuninst\spuninst.exe" Security Update for Windows XP (KB2686509)-->"C:\WINDOWS\$NtUninstallKB2686509$\spuninst\spuninst.exe" Security Update for Windows XP (KB2695962)-->"C:\WINDOWS\$NtUninstallKB2695962$\spuninst\spuninst.exe" Security Update for Windows XP (KB2707511)-->"C:\WINDOWS\$NtUninstallKB2707511$\spuninst\spuninst.exe" Security Update for Windows XP (KB2709162)-->"C:\WINDOWS\$NtUninstallKB2709162$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe" Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe" Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe" Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe" Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe" Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe" Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe" Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe" Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe" Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe" Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe" Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe" Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe" Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe" Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe" Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe" Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe" Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe" Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe" Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe" Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe" Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe" Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe" Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe" Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe" Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe" Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe" Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe" Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe" Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe" Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe" Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe" Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\INSTALL.LOG Smart Defrag 2-->"C:\Program Files\IObit\Smart Defrag 2\unins000.exe" Software Informer 1.0 BETA-->"C:\Program Files\Software Informer\unins000.exe" Speccy-->"C:\Program Files\Speccy\uninst.exe" swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726} SyncBack-->"C:\Program Files\2BrightSparks\SyncBack\unins000.exe" TestPath v1.3-->"C:\Program Files\TestPath2\unins000.exe" TreeComp-->MsiExec.exe /I{30A01D71-86B1-4C24-8B1B-F9CCBDE094CC} Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta" UK's Kalender 2.3.2-->"C:\Program Files\Kalender\unins000.exe" Undelete Plus 2.98-->"C:\Program Files\TouchStoneSoftware\UndeletePlus\unins000.exe" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe" Update for Windows Internet Explorer 8 (KB2598845)-->"C:\WINDOWS\ie8updates\KB2598845-IE8\spuninst\spuninst.exe" Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe" Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe" Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe" Update for Windows XP (KB2541763)-->"C:\WINDOWS\$NtUninstallKB2541763$\spuninst\spuninst.exe" Update for Windows XP (KB2607712)-->"C:\WINDOWS\$NtUninstallKB2607712$\spuninst\spuninst.exe" Update for Windows XP (KB2616676)-->"C:\WINDOWS\$NtUninstallKB2616676$\spuninst\spuninst.exe" Update for Windows XP (KB2641690)-->"C:\WINDOWS\$NtUninstallKB2641690$\spuninst\spuninst.exe" Update for Windows XP (KB2718704)-->"C:\WINDOWS\$NtUninstallKB2718704$\spuninst\spuninst.exe" Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe" Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" User Profile Helper Cleanup Service-->MsiExec.exe /I{2769265D-6DFF-4ECA-AD5A-5DDD91ECF134} VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE} VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe virtualStudio 1.0.38-->"C:\Program Files\virtualStudio\unins000.exe" What's Running 3.0-->"C:\Program Files\WhatsRunning\unins000.exe" Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray-->"C:\WINDOWS\$NtUninstallKB952011$\spuninst\spuninst.exe" Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52} Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Support Tools-->MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" Xml Viewer-->MsiExec.exe /I{F58E04CD-6E76-43C8-AAF1-482225C2910E} XXClone ver 0.58.0-->C:\WINDOWS\SYSTEM32\xxclone.exe /uninst XXConsole: Super Console Generator ver 0.96-->C:\WINDOWS\system32\XXCONSOLE.EXE /uninstall Yet Another (remote) Process Monitor 2.4.1-->"C:\Program Files\Yet Another (remote) Process Monitor\unins000.exe" ZipGenius 6.3-->"C:\Program Files\ZipGenius 6\unins000.exe" ======Security center information====== AV: avast! Antivirus FW: ZoneAlarm Firewall (disabled) FW: COMODO Firewall ======Environment variables====== "CLASSPATH"="C:\Program Files\Java\jre6\lib\ext\QTJava.zip" "ComSpec"=%SystemRoot%\system32\cmd.exe "DiskeeperIcon"=C:\Program Files\Executive Software\DiskeeperLite\ "FP_NO_HOST_CHECK"=NO "NUMBER_OF_PROCESSORS"=2 "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Perl\site\bin;C:\Perl\bin;C:\Program Files\Executive Software\DiskeeperLite;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\Support Tools;C:\Program Files\ZipGenius 6 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel "PROCESSOR_LEVEL"=6 "PROCESSOR_REVISION"=170a "QTJAVA"="C:\Program Files\Java\jre6\lib\ext\QTJava.zip" "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "tvdumpflags"=14 "windir"=%SystemRoot% "tvdebugcategories"=all -----------------EOF----------------- ================= Bellow the file from FSS ============================== Farbar Service Scanner Version: 19-06-2012 01 Ran by mwda (administrator) on 20-06-2012 at 10:14:18 Running from "D:\util-flash\virus-spyware\combofix\fss" Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 Security Center: ============ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit **** End of log **** ========================== I uninstalled Combofix and reboot and all is well. The problem may be solved unless it is something even more complicated then this.
  5. Mwda
    Thank you so much for your help I will do everything you say and post as you instruct me to do. The information I posted about services was gotten from the XP services program in "administrative tools" which has a copy to text option as you may know. All I did was copy and paste those 3 lines in my post. I tried several times to run combofix to solve this problem. I did not run it as you have now instructed me to and this is most likely why I had this problem however each time I uninstalled combofix the error with "Cryptographic service" would return so my only assumption is that it had something to do with the problem, though clearly not the cause of the problem. I had a long time ago run combofix and checking out my services and noted a service I did not know about and upon googling it found that it was set up by combofix so I ran the uninstall option and this service went away. I learned from this that it is important to uninstall combofix. I have learned recently that, as it is important to disable Anti virus and firewall programs when installing combofix, it is important to make sure that they are disabled in the uninstall process as well. As I am sure you know that when you reboot some of these programs return. In this problem I had not checked to make sure that "unhide system files" was selected though I thought I had done that a long time ago as it turns out it had not been done. This time as I did what you instructed me to do when I stopped my firewall and antivirus program I checked to see if they where still running in process and the Comodo firewall was still listed as a running process, even though the icon had been removed from the lower right had corner of my screen by my selecting exit from it's drop down menue, so I selected "Kill this Process". I don't know if eather of these are a reason for a change but they are a difference from what I had done before. Marshall Marshall
  6. Mwda
    I went to services and I see that the services that I noted before have been removed, namely @%SystemRoot%\system32\iphlpsvc.dll,-200 @%SystemRoot%\system32\iphlpsvc.dll,-201 Automatic Local System @%SystemRoot%\system32\winhttp.dll,-100 @%SystemRoot%\system32\winhttp.dll,-101 Manual Local Service @%SystemRoot%\System32\wscsvc.dll,-200 @%SystemRoot%\System32\wscsvc.dll,-201 Started Automatic Local System. Should I now try again to uninstall combofix? Thank you very much for your help Marshall
  7. Mwda
    Thank you again for your help! here is the log file created by combofix ======================= ComboFix 12-06-19.01 - mwda 06/19/2012 12:53:02.6.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1522 [GMT -5:00] Running from: c:\documents and settings\mwda\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . ((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 ))))))))))))))))))))))))))))))) . . 2012-06-19 17:37 . 2012-06-19 17:37 -------- d-----w- c:\program files\ERUNT 2012-06-11 19:49 . 2012-06-11 19:49 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-11 19:49 . 2012-06-11 19:49 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-05-22 21:53 . 2012-05-22 21:53 -------- d-----w- c:\documents and settings\mwda\Application Data\Auslogics . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-11 19:13 . 2012-03-31 21:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-11 19:13 . 2011-08-26 02:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-31 13:22 . 2004-08-04 06:56 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-04-11 13:14 . 2004-08-04 05:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:12 . 2004-08-04 05:17 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-04 20:56 . 2004-07-08 20:59 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-19 01:52 . 2011-05-07 22:21 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Kalender"="c:\program files\Kalender\Kalender.exe" [2010-08-22 933888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk backup=c:\windows\pss\NETGEAR WG111v2 Smart Wizard.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^mwda^Start Menu^Programs^Startup^Locate32 Autorun.lnk] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-06-06 17:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-02-26 18:37 173592 ----a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-02-26 18:37 141336 ----a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] 2007-05-14 17:35 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] 1999-08-04 05:00 122940 ----a-w- c:\program files\Microsoft Money\System\Money Express.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] 2007-05-14 17:38 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2009-02-26 18:37 142360 ----a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder] 2007-02-01 18:46 255528 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-06-14 02:00 77824 ----a-w- c:\program files\QuickTime\qttask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2009-05-21 19:01 17881600 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [1/18/2011 8:25 PM 14776] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/11/2011 4:34 PM 371544] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/11/2011 4:34 PM 301528] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [6/11/2010 12:49 PM 13696] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 6:37 PM 494968] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 6:37 PM 31704] R1 HWiNFO32;HWiNFO32/64 Kernel Driver;d:\instal\util\diag\hw32\HWiNFO32.sys [12/16/2011 10:02 PM 21624] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/11/2011 4:34 PM 19544] R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [6/19/2010 7:22 PM 20968] R2 pciinfo;pciinfo;c:\windows\system32\drivers\PCIINFO.SYS [6/20/2010 9:30 AM 2752] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/8/2010 9:56 PM 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 4:43 PM 257224] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/11/2010 12:51 PM 1684736] S3 cpuz130;cpuz130;\??\c:\docume~1\mwda\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\mwda\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] S3 DirectNT;DirectNT;\??\h:\back\win_e\bat\utilitis\cpu information\DIRECTNT.SYS --> h:\back\win_e\bat\utilitis\cpu information\DIRECTNT.SYS [?] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [3/31/2011 4:00 PM 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [3/31/2011 4:00 PM 8456] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/8/2010 9:56 PM 136176] S3 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [1/18/2011 5:47 PM 312152] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\18.tmp --> c:\windows\system32\18.tmp [?] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/27/2012 11:27 AM 113120] S3 PORTMON;PORTMON;\??\d:\installed\util\sysinternals\SysinternalsSuite\PORTMSYS.SYS --> d:\installed\util\sysinternals\SysinternalsSuite\PORTMSYS.SYS [?] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [8/24/2011 4:19 PM 272128] S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [8/4/2004 1:56 AM 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [3/28/2011 12:39 PM 229376] . --- Other Services/Drivers In Memory --- . *Deregistered* - uphcleanhlp . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] UPHClean REG_MULTI_SZ UPHClean . Contents of the 'Scheduled Tasks' folder . 2012-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:13] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-09 02:56] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-09 02:56] . 2012-05-25 c:\windows\Tasks\MyDefrag v4.3.1 Daily.job - c:\program files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2011-03-21 17:03] . 2011-03-21 c:\windows\Tasks\MyDefrag v4.3.1 Monthly.job - c:\program files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2011-03-21 17:03] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uInternet Connection Wizard,ShellNext = iexplore IE: &Define - c:\program files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: Look Up in &Encyclopedia - c:\program files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\documents and settings\mwda\Application Data\Mozilla\Firefox\Profiles\93dgnwqq.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z178&form=ZGAADF&install_date=20110901&q= FF - prefs.js: network.proxy.type - 0 FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-19 13:00 Windows 5.1.2600 Service Pack 3 NTFS . detected NTDLL code modification: ZwClose . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\18.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2896) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\COMODO\COMODO Internet Security\cmdagent.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Visioneer\OneTouch 4.0\OtService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2012-06-19 13:02:55 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-19 18:02 ComboFix2.txt 2012-06-19 00:13 ComboFix3.txt 2012-06-19 00:00 . Pre-Run: 66,849,611,776 bytes free Post-Run: 66,814,255,104 bytes free . - - End Of File - - E9C93AEFD430FA7F8DFD0187E0C9F3BE
  8. Mwda
    Thank you for your response I will do all you stipulate. The reason for looking at the service CryptSvc is, as I noted, that "Event viewer" indicates that this service stops unexpectedly when I start my computer with out Combofix. When I first was trying to fix the problem I went to "event viewer" and saw this error message and believed it part of the problem. I will post the combofix log when I am done. Marshall
  9. Mwda
    Thank you very much for your help It is hard to not run combofix when it works so well and of course all of your advice may well be appropriate for many people as I am sure you know however I accept your criticizem, though I have run combofix on computers with no access to the internet and that would have required a full reinstall if it had failed and it did not fail. I uninstalled Zone Alarm a long time ago and their is only one entry in the ComboFix-quarantined-files.txt file listed bellow =========================== 2012-06-19 00:09:01 . 2012-06-19 00:09:01 51 ----a-w- C:\Qoobox\Quarantine\catchme.log ================================== a small note: it is my understanding that the CryptSvc service is used by virus detection and firewall programs also I see only one of these services that I believe Combofix uses in the list above @%SystemRoot%\system32\iphlpsvc.dll,-200 @%SystemRoot%\system32\iphlpsvc.dll,-201 Automatic Local System @%SystemRoot%\system32\winhttp.dll,-100 @%SystemRoot%\system32\winhttp.dll,-101 Manual Local Service @%SystemRoot%\System32\wscsvc.dll,-200 @%SystemRoot%\System32\wscsvc.dll,-201 Started Automatic Local System and their is no tdx.exe or tdx.sys file that I can find. I hope this is helpfull and not pointless. Thank you again for your help Marshall
  10. Mwda
    I have WinXP SP3 professional. I use Avast and Comodo and malwarebytes when I have a problem. I hope this is the right forum if not please let me know. I use malwarebytes and then combofix if I find a problem. This has worked many times and I have found iinnumerable problems with malwearbytes and combofix both programs deleting many files and solving many problems like browser hyjacking. I am no expert and I know that you will tell me to never use combofix but I think it a great program and have had no problems untill now. I understand that it must be run from the desktop and one must disable firewalls and virus protection giving it plenty of time to finish. This is the first problem I have ever had with combofix and it occured recently with the "12.6.12.3" version. My computer works fine now untill I try to uninstall combofix with the "combofix /uninstall" command at the run box. When I do that and I reboot I get, in event viewer Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7000 Date: 6/18/2012 Time: 4:16:39 PM User: N/A Computer: HOME-SATA Description: The CryptSvc service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service. and my icons are all on one side and if I move them they return to one side on a reboot. I can not connect to the internet but when I try to disable the Windows connection I get an error telling me that the device can not be found. All these problems go away when I reinstall combofix. This is my Combofix log from my reinstall of combofix. ============================ ComboFix 12-06-12.03 - mwda 06/18/2012 19:10:30.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1507 [GMT -5:00] Running from: c:\documents and settings\mwda\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . - REDUCED FUNCTIONALITY MODE - . . ((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 ))))))))))))))))))))))))))))))) . . 2012-06-11 19:49 . 2012-06-11 19:49 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-11 19:49 . 2012-06-11 19:49 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-05-22 21:53 . 2012-05-22 21:53 -------- d-----w- c:\documents and settings\mwda\Application Data\Auslogics . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-11 19:13 . 2012-03-31 21:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-11 19:13 . 2011-08-26 02:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-31 13:22 . 2004-08-04 06:56 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-04-11 13:14 . 2004-08-04 05:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:12 . 2004-08-04 05:17 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-04 20:56 . 2004-07-08 20:59 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-11 19:49 . 2011-05-07 22:21 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Kalender"="c:\program files\Kalender\Kalender.exe" [2010-08-22 933888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk backup=c:\windows\pss\NETGEAR WG111v2 Smart Wizard.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^mwda^Start Menu^Programs^Startup^Locate32 Autorun.lnk] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-06-06 17:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-02-26 18:37 173592 ----a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-02-26 18:37 141336 ----a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] 2007-05-14 17:35 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] 1999-08-04 05:00 122940 ----a-w- c:\program files\Microsoft Money\System\Money Express.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] 2007-05-14 17:38 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2009-02-26 18:37 142360 ----a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder] 2007-02-01 18:46 255528 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-06-14 02:00 77824 ----a-w- c:\program files\QuickTime\qttask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2009-05-21 19:01 17881600 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [1/18/2011 8:25 PM 14776] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/11/2011 4:34 PM 371544] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/11/2011 4:34 PM 301528] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [6/11/2010 12:49 PM 13696] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 6:37 PM 494968] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 6:37 PM 31704] R1 HWiNFO32;HWiNFO32/64 Kernel Driver;d:\instal\util\diag\hw32\HWiNFO32.sys [12/16/2011 10:02 PM 21624] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/11/2011 4:34 PM 19544] R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [6/19/2010 7:22 PM 20968] R2 pciinfo;pciinfo;c:\windows\system32\drivers\PCIINFO.SYS [6/20/2010 9:30 AM 2752] S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/8/2010 9:56 PM 136176] S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [8/4/2004 1:56 AM 14336] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 4:43 PM 257224] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/11/2010 12:51 PM 1684736] S3 cpuz130;cpuz130;\??\c:\docume~1\mwda\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\mwda\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] S3 DirectNT;DirectNT;\??\h:\back\win_e\bat\utilitis\cpu information\DIRECTNT.SYS --> h:\back\win_e\bat\utilitis\cpu information\DIRECTNT.SYS [?] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [3/31/2011 4:00 PM 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [3/31/2011 4:00 PM 8456] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/8/2010 9:56 PM 136176] S3 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [1/18/2011 5:47 PM 312152] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\18.tmp --> c:\windows\system32\18.tmp [?] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/27/2012 11:27 AM 113120] S3 PORTMON;PORTMON;\??\d:\installed\util\sysinternals\SysinternalsSuite\PORTMSYS.SYS --> d:\installed\util\sysinternals\SysinternalsSuite\PORTMSYS.SYS [?] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [8/24/2011 4:19 PM 272128] S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [8/4/2004 1:56 AM 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [3/28/2011 12:39 PM 229376] . --- Other Services/Drivers In Memory --- . *Deregistered* - uphcleanhlp . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] UPHClean REG_MULTI_SZ UPHClean . Contents of the 'Scheduled Tasks' folder . 2012-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:13] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-09 02:56] . 2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-09 02:56] . 2012-05-25 c:\windows\Tasks\MyDefrag v4.3.1 Daily.job - c:\program files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2011-03-21 17:03] . 2011-03-21 c:\windows\Tasks\MyDefrag v4.3.1 Monthly.job - c:\program files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2011-03-21 17:03] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uInternet Connection Wizard,ShellNext = iexplore IE: &Define - c:\program files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: Look Up in &Encyclopedia - c:\program files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\documents and settings\mwda\Application Data\Mozilla\Firefox\Profiles\93dgnwqq.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z178&form=ZGAADF&install_date=20110901&q= FF - prefs.js: network.proxy.type - 0 FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-18 19:11 Windows 5.1.2600 Service Pack 3 NTFS . detected NTDLL code modification: ZwClose . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\18.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(784) c:\windows\system32\guard32.dll . - - - - - - - > 'lsass.exe'(840) c:\windows\system32\guard32.dll . - - - - - - - > 'explorer.exe'(2524) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2012-06-18 19:13:28 ComboFix-quarantined-files.txt 2012-06-19 00:13 ComboFix2.txt 2012-06-19 00:00 . Pre-Run: 67,047,350,272 bytes free Post-Run: 67,029,594,112 bytes free . - - End Of File - - 4B0530F5AF933F1F4A2437CB5B73CBA3 ======================== I may be still infected with some sort of malware though I just updated and ran a full scan of Malwarebytes and it found nothing. any help would be appreciated Marshall
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.