Mwda
-
Posts
10 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Mwda
-
-
Merged 3 post.
We look for post with 0 replies, so when you reply to your own topic, we assume you're being helped.
Please be patient, someone will assist you as soon as possible.
We where trying to get a mobel phone to connect with the computer via USB but could not so we called Verizon which finally said it must be a computer infection so he sent us, we thought, to MS tech support which said we are infected with a virus that could not be detected with malwarbytes or any AV program. We had run Malwarebytes and Avast programs that found nothing. Tech support sent us to a higher level person who pointed to some items in the "prefetch folder" as proof and told us that he could remove the backdoor infection for $200 dollars. We asked and he said he was not connected with MS so we stopped any contact. I am not sure that we where ever talking to MS tech support. Up shot is we think we may have a virus that is using a backdoor though we have no clear proof of this other then the questionableTech support assertion.
We ran Malwarebytes and root kit Malwarebytes with no results.
Asus "SonicMaster" ultrabook laptop computer
Win 8
Avast and Windows Firewall with Malwarebytes check
The tech support person pointed to the prefetch items listed here as Rundll32 as proof of the infection.
"C:\Windows\Prefetch\RUNDLL32.EXE-18B33C45.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-27D6367C.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-96F2406E.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-210D3DBE.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-69686E69.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-A1396DE2.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-B72ECF45.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-B865F023.pf"
Prefetch items listed bellow are their after a deletion of all items in the prefetch folder and a reboot.
hijackthis log plus list of items in prefetch
=================================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:07:00 PM, on 3/18/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16518)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Online Backup\OnlineBackup.exe
C:\Users\JeanetteN\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
C:\Users\JeanetteN\AppData\Local\Amazon\Cloud Drive\jre\bin\javaw.exe
C:\Users\JeanetteN\AppData\Roaming\SearchProtect\bin\cltmng.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Windows\syswow64\wwahost.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?
ctid=CT3287822&octid=CT3287822&SearchSource=61&CUI=UN29455329721650021&UM=2&UP=SPB6315E5A-FADF-4976-9A6C-
48E7DCEC7281
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: MixiDJ V8 Toolbar - {e4c3a8b6-7724-45d1-a629-17b69118ebcd} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat
\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: GetSavin 5.0 - {76E7224A-2612-41FD-A504-44AE1EB663F0} - C:\Users\JeanetteN\AppData\Local\getsavin\ie
\getsavin_1363531801.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer
\skypeieplugin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: MixiDJ V8 - {e4c3a8b6-7724-45d1-a629-17b69118ebcd} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: MixiDJ V8 Toolbar - {e4c3a8b6-7724-45d1-a629-17b69118ebcd} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files
(x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files
(x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files
(x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files
(x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact
\ASHelper.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [searchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
O4 - HKLM\..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [OnlineBackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Amazon Cloud Drive] C:\Users\JeanetteN\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
O4 - HKCU\..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE /EPT "EPLTarget
\P0000000000000000" /M "XP-400 Series"
O4 - HKCU\..\Run: [searchProtect] C:\Users\JeanetteN\AppData\Roaming\SearchProtect\bin\cltmng.exe
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-
D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-
491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4125262D-2E47-11D3-9387-00C04F5B12B1} (WRXCtl Class) - https://www.backup.com/user/webrestore.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery
\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files
\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows
\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey
\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Search Protect by Conduit Updater (CltMngSvc) - Conduit - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @oem7.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel® Dynamic Platform & Thermal
Framework Processor Participant Service Application (DptfParticipantProcessorService) - Unknown owner - C:\Windows
\system32\DptfParticipantProcessorService.exe (file missing)
O23 - Service: @oem7.inf,%WIN32_DPTF_POLICY_LPM_SERVICE_DISPLAY_NAME%;Intel® Dynamic Platform & Thermal Framework
Low Power Mode Service Application (DptfPolicyLpmService) - Unknown owner - C:\Windows\system32\DptfPolicyLpmService.exe (file
missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ExpressCache - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater
\GoogleUpdaterService.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService
\IntelMeFWService.exe
O23 - Service: Intel® Rapid Start Technology Service (irstrtsv) - Intel Corporation - C:\Windows\SysWOW64\irstrtsv.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel®
Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files
(x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files
(x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service
\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through
\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Unknown owner - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file
missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Airytec Switch Off - Task Scheduler (SwOffScheduler) - Airytec - C:\Program Files\Airytec\Switch Off\swoff.exe
O23 - Service: Airytec Switch Off - Web Interface (SwOffWeb) - Airytec - C:\Program Files\Airytec\Switch Off\swoff.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file
missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel
\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @oem8.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:
\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: WajamUpdater - Wajam - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file
missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows
Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem
\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files
(x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 15566 bytes
=======================================
list of prefetch files
"C:\Windows\Prefetch\ReadyBoot\rblayout.xin"
"C:\Windows\Prefetch\ReadyBoot\Trace1.fx"
"C:\Windows\Prefetch\ReadyBoot\Trace2.fx"
"C:\Windows\Prefetch\ReadyBoot\Trace3.fx"
"C:\Windows\Prefetch\ReadyBoot\Trace4.fx"
"C:\Windows\Prefetch\ACMON.EXE-039F45B0.pf"
"C:\Windows\Prefetch\ACOVS.EXE-2C6C215E.pf"
"C:\Windows\Prefetch\ACRORD32.EXE-153662D3.pf"
"C:\Windows\Prefetch\ADB.EXE-67EDDB48.pf"
"C:\Windows\Prefetch\ADOBEARM.EXE-813E932C.pf"
"C:\Windows\Prefetch\ADOBECOLLABSYNC.EXE-3F5B152C.pf"
"C:\Windows\Prefetch\AgAppLaunch.db"
"C:\Windows\Prefetch\AgCx_S2_S-1-5-21-1919060137-1190633048-1460563888-1001.snp.db"
"C:\Windows\Prefetch\AgCx_SC1.db"
"C:\Windows\Prefetch\AgCx_SC1.db.trx"
"C:\Windows\Prefetch\AgCx_SC5.db"
"C:\Windows\Prefetch\AgGlFaultHistory.db"
"C:\Windows\Prefetch\AgGlFgAppHistory.db"
"C:\Windows\Prefetch\AgGlGlobalHistory.db"
"C:\Windows\Prefetch\AgRobust.db"
"C:\Windows\Prefetch\AMAZONCLOUDDRIVE.EXE-17FB41F5.pf"
"C:\Windows\Prefetch\ASUSTPCFG64.EXE-7A0C8A89.pf"
"C:\Windows\Prefetch\ASUSVIBE2.0.EXE-0908717F.pf"
"C:\Windows\Prefetch\ASUSVIBELAUNCHER.EXE-901B0E99.pf"
"C:\Windows\Prefetch\ASUSWSPANEL.EXE-379DF0C0.pf"
"C:\Windows\Prefetch\ATBROKER.EXE-8B8F7F7C.pf"
"C:\Windows\Prefetch\ATKOSD2.EXE-830E1513.pf"
"C:\Windows\Prefetch\AU_.EXE-4EDBB485.pf"
"C:\Windows\Prefetch\AU_.EXE-D53D2755.pf"
"C:\Windows\Prefetch\AUDIODG.EXE-9848A323.pf"
"C:\Windows\Prefetch\AUTHHOST.EXE-2D7C3758.pf"
"C:\Windows\Prefetch\AVAST.SETUP-50B30900.pf"
"C:\Windows\Prefetch\AVASTEMUPDATE.EXE-0DD1597D.pf"
"C:\Windows\Prefetch\AVASTUI.EXE-DC11C262.pf"
"C:\Windows\Prefetch\AVBUGREPORT.EXE-E4EA699E.pf"
"C:\Windows\Prefetch\BITSADMIN.EXE-51D741B1.pf"
"C:\Windows\Prefetch\BU_.EXE-563CB68A.pf"
"C:\Windows\Prefetch\BU_.EXE-CFDB43BA.pf"
"C:\Windows\Prefetch\CAVWP.EXE-3E14ACA0.pf"
"C:\Windows\Prefetch\CCLEANER64.EXE-1137D9AC.pf"
"C:\Windows\Prefetch\CERTSENTRY_SETUP.EXE-58FC0582.pf"
"C:\Windows\Prefetch\CERTSENTRY_SETUP.EXE-242DE3C4.pf"
"C:\Windows\Prefetch\CFPCONFG.EXE-A9FE19C1.pf"
"C:\Windows\Prefetch\CFW_INSTALLER.EXE-17F59D26.pf"
"C:\Windows\Prefetch\CIS.EXE-7DDE53FE.pf"
"C:\Windows\Prefetch\CISBF.EXE-5C7FFF36.pf"
"C:\Windows\Prefetch\CISTRAY.EXE-D7F757B6.pf"
"C:\Windows\Prefetch\CLTMNG.EXE-B8F0815A.pf"
"C:\Windows\Prefetch\CLTMNG.EXE-E14AC8B0.pf"
"C:\Windows\Prefetch\CMDAGENT.EXE-78C04C12.pf"
"C:\Windows\Prefetch\CMDINSTALL.EXE-0A68BBF9.pf"
"C:\Windows\Prefetch\CMDVIRTH.EXE-D7511A98.pf"
"C:\Windows\Prefetch\CONHOST.EXE-F98A1078.pf"
"C:\Windows\Prefetch\CONSENT.EXE-2D674CE4.pf"
"C:\Windows\Prefetch\CONTROL.EXE-5BCB0217.pf"
"C:\Windows\Prefetch\CSC.EXE-4D47A477.pf"
"C:\Windows\Prefetch\CSC.EXE-064435F2.pf"
"C:\Windows\Prefetch\CSRSS.EXE-A7A2B218.pf"
"C:\Windows\Prefetch\CTFMON.EXE-5E6E7DF5.pf"
"C:\Windows\Prefetch\CVTRES.EXE-84F07AF8.pf"
"C:\Windows\Prefetch\CVTRES.EXE-9077A165.pf"
"C:\Windows\Prefetch\DEFRAG.EXE-22AD8A37.pf"
"C:\Windows\Prefetch\DLLHOST.EXE-5C94BCB3.pf"
"C:\Windows\Prefetch\DLLHOST.EXE-6AA5D6C5.pf"
"C:\Windows\Prefetch\DLLHOST.EXE-50AF0BCC.pf"
"C:\Windows\Prefetch\DLLHOST.EXE-50DEE1CF.pf"
"C:\Windows\Prefetch\DLLHOST.EXE-59F5A146.pf"
"C:\Windows\Prefetch\DLLHOST.EXE-38926D07.pf"
"C:\Windows\Prefetch\DLLHOST.EXE-461712A4.pf"
"C:\Windows\Prefetch\DLLHOST.EXE-7242160E.pf"
"C:\Windows\Prefetch\DLLHOST.EXE-C1C2EFBE.pf"
"C:\Windows\Prefetch\DLLHOST.EXE-C7028A70.pf"
"C:\Windows\Prefetch\DMEDIA.EXE-FAA82C3F.pf"
"C:\Windows\Prefetch\DPTFPOLICYLPMSERVICE.EXE-5981626A.pf"
"C:\Windows\Prefetch\DPTFPOLICYLPMSERVICEHELPER.EX-8EC05A62.pf"
"C:\Windows\Prefetch\DRAGON.EXE-F6903912.pf"
"C:\Windows\Prefetch\DRAGON.EXE-F6903915.pf"
"C:\Windows\Prefetch\DRAGON.EXE-F6903916.pf"
"C:\Windows\Prefetch\DRAGON.EXE-F6903919.pf"
"C:\Windows\Prefetch\DRAGON_UPDATER.EXE-277E571E.pf"
"C:\Windows\Prefetch\DRAGONSETUP.EXE-06668C80.pf"
"C:\Windows\Prefetch\DRVINST.EXE-26FFA444.pf"
"C:\Windows\Prefetch\DSMUSERTASK.EXE-D4A83970.pf"
"C:\Windows\Prefetch\DW20.EXE-DB97FF03.pf"
"C:\Windows\Prefetch\DWM.EXE-F29FE9E2.pf"
"C:\Windows\Prefetch\EXPLORER.EXE-03C49D11.pf"
"C:\Windows\Prefetch\EXPRESSCACHE.EXE-90CF5D74.pf"
"C:\Windows\Prefetch\FIREFOX.EXE-528BC649.pf"
"C:\Windows\Prefetch\FLASHPLAYERPLUGIN_11_6_602_18-54979347.pf"
"C:\Windows\Prefetch\FLASHPLAYERUPDATESERVICE.EXE-E0E5E52F.pf"
"C:\Windows\Prefetch\FREEALARMCLOCK.EXE-92BD2D09.pf"
"C:\Windows\Prefetch\GEEKBUDDYRSP.EXE-00F934D5.pf"
"C:\Windows\Prefetch\GOOGLEUPDATE.EXE-62E5E10F.pf"
"C:\Windows\Prefetch\GRPCONV.EXE-926E9525.pf"
"C:\Windows\Prefetch\GRPCONV.EXE-D0333FE9.pf"
"C:\Windows\Prefetch\HCONTROL.EXE-752ABE5C.pf"
"C:\Windows\Prefetch\HECISERVER.EXE-AD396A6A.pf"
"C:\Windows\Prefetch\HELPER.EXE-FDD78328.pf"
"C:\Windows\Prefetch\HELPPANE.EXE-5A92E3D5.pf"
"C:\Windows\Prefetch\HKCMD.EXE-15DC91D5.pf"
"C:\Windows\Prefetch\HPQTRA08.EXE-97BDFA1A.pf"
"C:\Windows\Prefetch\HSMSERVICEENTRY.EXE-59F1E6CC.pf"
"C:\Windows\Prefetch\HTCSYNCMANAGER.EXE-1F03F570.pf"
"C:\Windows\Prefetch\IEXPLORE.EXE-7A9337F2.pf"
"C:\Windows\Prefetch\IEXPLORE.EXE-F4FB5D2F.pf"
"C:\Windows\Prefetch\IGFXEXT.EXE-B04096D5.pf"
"C:\Windows\Prefetch\IGFXSRVC.EXE-F41E6E8E.pf"
"C:\Windows\Prefetch\IGFXTRAY.EXE-21BDFE68.pf"
"C:\Windows\Prefetch\INSONWMI.EXE-D024CEF9.pf"
"C:\Windows\Prefetch\INTELMEFWSERVICE.EXE-265333D9.pf"
"C:\Windows\Prefetch\JAVA.EXE-4EF2C834.pf"
"C:\Windows\Prefetch\JAVAW.EXE-EF2DD849.pf"
"C:\Windows\Prefetch\JUSCHED.EXE-4B303C70.pf"
"C:\Windows\Prefetch\LAUNCHER.EXE-4240042A.pf"
"C:\Windows\Prefetch\LAUNCHER_HELPER.EXE-F206875D.pf"
"C:\Windows\Prefetch\LAUNCHER_SERVICE.EXE-4698DC02.pf"
"C:\Windows\Prefetch\LAUNCHTM.EXE-B444BC8E.pf"
"C:\Windows\Prefetch\Layout.ini"
"C:\Windows\Prefetch\LIGHTSCRIBECONTROLPANEL.EXE-DCE20B68.pf"
"C:\Windows\Prefetch\LMS.EXE-409EDB07.pf"
"C:\Windows\Prefetch\LOGONUI.EXE-E35F76FB.pf"
"C:\Windows\Prefetch\MBAMGUI.EXE-9FF23AE2.pf"
"C:\Windows\Prefetch\MBAMSCHEDULER.EXE-E0C395DC.pf"
"C:\Windows\Prefetch\MBAMSERVICE.EXE-5C46DB66.pf"
"C:\Windows\Prefetch\MOVIEMAKER.EXE-A6401490.pf"
"C:\Windows\Prefetch\MPCMDRUN.EXE-6520183E.pf"
"C:\Windows\Prefetch\MSDT.EXE-A16F1692.pf"
"C:\Windows\Prefetch\MSFEEDSSYNC.EXE-C2C33DF2.pf"
"C:\Windows\Prefetch\MSIEXEC.EXE-7D20CFB0.pf"
"C:\Windows\Prefetch\MSIEXEC.EXE-BAE57A74.pf"
"C:\Windows\Prefetch\MSNMSGR.EXE-424B3DE6.pf"
"C:\Windows\Prefetch\MY_INTEL_CPP_X64.EXE-1A95AA96.pf"
"C:\Windows\Prefetch\NETSH.EXE-59756CAC.pf"
"C:\Windows\Prefetch\NETSH.EXE-355423B0.pf"
"C:\Windows\Prefetch\NOTEPAD.EXE-1A4CC1C3.pf"
"C:\Windows\Prefetch\NOTEPAD.EXE-B28CC291.pf"
"C:\Windows\Prefetch\NOTEPAD.EXE-F0516D55.pf"
"C:\Windows\Prefetch\OPENWITH.EXE-BA0DC300.pf"
"C:\Windows\Prefetch\Op-EXPLORER.EXE-03C49D11-000000F5.pf"
"C:\Windows\Prefetch\PASSTHRUSVR.EXE-82F7BBA9.pf"
"C:\Windows\Prefetch\PfSvPerfStats.bin"
"C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-E510713D.pf"
"C:\Windows\Prefetch\POWERCFG.EXE-14BEB11F.pf"
"C:\Windows\Prefetch\REG.EXE-CC1AF0A4.pf"
"C:\Windows\Prefetch\REGSVR32.EXE-3290E8FC.pf"
"C:\Windows\Prefetch\REGSVR32.EXE-E1DBB6D8.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-18B33C45.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-27D6367C.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-96F2406E.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-210D3DBE.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-69686E69.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-A1396DE2.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-B72ECF45.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-B865F023.pf"
"C:\Windows\Prefetch\RUNDLL32.EXE-C9FC3476.pf"
"C:\Windows\Prefetch\RUNONCE.EXE-AAB0060C.pf"
"C:\Windows\Prefetch\RUNONCE.EXE-E874B0D0.pf"
"C:\Windows\Prefetch\RUNTIMEBROKER.EXE-17E2786F.pf"
"C:\Windows\Prefetch\SC.EXE-443D0E78.pf"
"C:\Windows\Prefetch\SCALC.EXE-5046D548.pf"
"C:\Windows\Prefetch\SDIAGNHOST.EXE-D8BC1DC6.pf"
"C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-10E4267C.pf"
"C:\Windows\Prefetch\SEARCHINDEXER.EXE-EF8503D3.pf"
"C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf"
"C:\Windows\Prefetch\SETTINGSYNCHOST.EXE-DD400067.pf"
"C:\Windows\Prefetch\SETUP_CLPS_BOOT_TIME_MONITOR_-3C5060EF.pf"
"C:\Windows\Prefetch\SETUP_CLPS_BROWSER_ADDONS_MON-BBC42489.pf"
"C:\Windows\Prefetch\SETUP_CLPS_CLIENT_TRANSACTION-992F173E.pf"
"C:\Windows\Prefetch\SETUP_CLPS_WINDOWS_EVENT_MONI-492DC639.pf"
"C:\Windows\Prefetch\SMSS.EXE-81AD91F0.pf"
"C:\Windows\Prefetch\SOFFICE.BIN-72E915F8.pf"
"C:\Windows\Prefetch\SOFFICE.EXE-7F5AFD1D.pf"
"C:\Windows\Prefetch\SPPSVC.EXE-7B160CA5.pf"
"C:\Windows\Prefetch\SSVAGENT.EXE-03CE9021.pf"
"C:\Windows\Prefetch\SVCHOST.EXE-5B401A7E.pf"
"C:\Windows\Prefetch\SVCHOST.EXE-574A519D.pf"
"C:\Windows\Prefetch\SVCHOST.EXE-3395AAB7.pf"
"C:\Windows\Prefetch\SVCHOST.EXE-5511E724.pf"
"C:\Windows\Prefetch\SVCHOST.EXE-B7E95B0C.pf"
"C:\Windows\Prefetch\SVCHOST.EXE-BD1BACA1.pf"
"C:\Windows\Prefetch\SVCHOST.EXE-F76F2CFA.pf"
"C:\Windows\Prefetch\SWRITER.EXE-FDA9E68A.pf"
"C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf"
"C:\Windows\Prefetch\TABTIP.EXE-58E52E53.pf"
"C:\Windows\Prefetch\TABTIP32.EXE-9819DFFF.pf"
"C:\Windows\Prefetch\TASKENG.EXE-23205583.pf"
"C:\Windows\Prefetch\TASKHOST.EXE-29D61DAB.pf"
"C:\Windows\Prefetch\TASKHOST.EXE-985C34E6.pf"
"C:\Windows\Prefetch\TASKHOST.EXE-D687BE54.pf"
"C:\Windows\Prefetch\TASKHOST.EXE-F2C7AEBC.pf"
"C:\Windows\Prefetch\TASKHOSTEX.EXE-7356AAC0.pf"
"C:\Windows\Prefetch\TASKMGR.EXE-39AABA37.pf"
"C:\Windows\Prefetch\TIWORKER.EXE-D3BFD41F.pf"
"C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-B018CCBF.pf"
"C:\Windows\Prefetch\UNINSTALL.EXE-4C83D450.pf"
"C:\Windows\Prefetch\UNINSTALL.EXE-8DDEB871.pf"
"C:\Windows\Prefetch\UNINSTALL.EXE-641B5087.pf"
"C:\Windows\Prefetch\UNINSTALL.EXE-AB0C8B25.pf"
"C:\Windows\Prefetch\UNINSTALL.EXE-CF399C92.pf"
"C:\Windows\Prefetch\UNIT.EXE-7102C278.pf"
"C:\Windows\Prefetch\UNIT_MANAGER.EXE-A10E606A.pf"
"C:\Windows\Prefetch\UNS.EXE-9B1279FB.pf"
"C:\Windows\Prefetch\UNSECAPP.EXE-454AB5C0.pf"
"C:\Windows\Prefetch\USERINIT.EXE-7FD17ED1.pf"
"C:\Windows\Prefetch\VDECK.EXE-815C8D0F.pf"
"C:\Windows\Prefetch\VIAAUD.EXE-93054CC8.pf"
"C:\Windows\Prefetch\VIRTKIOSK.EXE-87F784B1.pf"
"C:\Windows\Prefetch\VMMMODESELECTION.EXE-F15CAECD.pf"
"C:\Windows\Prefetch\VSSVC.EXE-206E55B3.pf"
"C:\Windows\Prefetch\WELCOME_SCREEN.EXE-7E1FAA87.pf"
"C:\Windows\Prefetch\WERFAULT.EXE-44194444.pf"
"C:\Windows\Prefetch\WERMGR.EXE-D948C216.pf"
"C:\Windows\Prefetch\WINLOGON.EXE-0D9AB72B.pf"
"C:\Windows\Prefetch\WLCOMM.EXE-D12936DC.pf"
"C:\Windows\Prefetch\WLMAIL.EXE-A89F57F3.pf"
"C:\Windows\Prefetch\WMIADAP.EXE-7D63BB4C.pf"
"C:\Windows\Prefetch\WMIAPSRV.EXE-CF150EEA.pf"
"C:\Windows\Prefetch\WMIPRVSE.EXE-0C8A533A.pf"
"C:\Windows\Prefetch\WMIPRVSE.EXE-BB49B536.pf"
"C:\Windows\Prefetch\WUAUCLT.EXE-4A7CF88B.pf"
Are we infected or is this all nothing?
Thank you for the help you may offer.
Marshall
I am sorry that I did not run DDS as requested in the first part of the forum. I had not read that but here are the two txt files, first dds.txt then attach.txt.
Thank you for any help you offer
Marshall
=========================================================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16519 BrowserJavaVersion: 10.17.2
Run by JeanetteN at 13:05:58 on 2013-03-19
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3982.1015 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Windows\system32\DptfParticipantProcessorService.exe
C:\Windows\system32\dashost.exe
C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\SysWOW64\irstrtsv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\igfxpers.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Online Backup\OnlineBackup.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\JeanetteN\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
C:\Users\JeanetteN\AppData\Local\Amazon\Cloud Drive\jre\bin\javaw.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\splwow64.exe
C:\Windows\syswow64\wwahost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus13.msn.com
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://asus13.msn.com
mURLSearchHooks: MixiDJ V8 Toolbar: {e4c3a8b6-7724-45d1-a629-17b69118ebcd} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: GetSavin 5.0: {76E7224A-2612-41FD-A504-44AE1EB663F0} - C:\Users\JeanetteN\AppData\Local\getsavin\ie\getsavin_1363531801.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: MixiDJ V8 Toolbar: {e4c3a8b6-7724-45d1-a629-17b69118ebcd} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll
TB: MixiDJ V8 Toolbar: {E4C3A8B6-7724-45D1-A629-17B69118EBCD} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: MixiDJ V8 Toolbar: {e4c3a8b6-7724-45d1-a629-17b69118ebcd} - C:\Program Files (x86)\MixiDJ_V8\prxtbMixi.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [OnlineBackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Amazon Cloud Drive] C:\Users\JeanetteN\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
uRun: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIIBE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-400 Series"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S
mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
StartupFolder: C:\Users\JEANET~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001017-0002-0017-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {4125262D-2E47-11D3-9387-00C04F5B12B1} - hxxps://www.backup.com/user/webrestore.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{F434B957-C29E-4F11-923E-0DEBB2C6D006} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F434B957-C29E-4F11-923E-0DEBB2C6D006}\24F6F63747D4F62696C656023547F627560275966496 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{F434B957-C29E-4F11-923E-0DEBB2C6D006}\C6776796C63756D696075726C69636 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [DptfPolicyLpmServiceHelper] C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
x64-Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
x64-Run: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe
x64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JeanetteN\AppData\Roaming\Mozilla\Firefox\Profiles\nf8bx0p3.default-1363265529755\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=3&q={searchTerms}&CUI=UN33930829371937960
FF - prefs.js: browser.startup.homepage - hxxps://news.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=2&CUI=UN33930829371937960&UM=UM_ID&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-02-07 18:05; {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}; C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF - ExtSQL: 2013-02-12 14:09; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-03-14 07:33; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-3-17 65336]
R0 excsd;ExpressCache Storage Filter Driver;C:\Windows\System32\Drivers\excsd.sys [2012-12-6 95024]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-5 645952]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-2-12 1025808]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-2-12 377920]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 excfs;ExpressCache File System Filter Driver;C:\Windows\System32\Drivers\excfs.sys [2012-12-6 23344]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-2-12 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-2-12 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-17 45248]
R2 DptfParticipantProcessorService;Intel® Dynamic Platform & Thermal Framework Processor Participant Service Application;C:\Windows\System32\DptfParticipantProcessorService.exe [2012-9-28 29056]
R2 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2012-3-30 79664]
R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-1-29 87368]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-12-6 129856]
R2 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2012-12-6 193576]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-12-6 166720]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-17 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-17 682344]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-7 167424]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-12-6 365376]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-9-28 27792]
R2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2013-2-7 109064]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-7-24 17152]
R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-10-31 61824]
R3 DptfDevDram;DptfDevDram;C:\Windows\System32\Drivers\DptfDevDram.sys [2012-9-28 107328]
R3 DptfDevFan;DptfDevFan;C:\Windows\System32\Drivers\DptfDevFan.sys [2012-9-28 42816]
R3 DptfDevGen;DptfDevGen;C:\Windows\System32\Drivers\DptfDevGen.sys [2012-9-28 64832]
R3 DptfDevPch;DptfDevPch;C:\Windows\System32\Drivers\DptfDevPch.sys [2012-9-28 96064]
R3 DptfDevProc;DptfDevProc;C:\Windows\System32\Drivers\DptfDevProc.sys [2012-9-28 228672]
R3 DptfManager;DptfManager;C:\Windows\System32\Drivers\DptfManager.sys [2012-9-28 361792]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-9-28 21152]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-9-28 342528]
R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\Drivers\irstrtdv.sys [2012-12-6 43800]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-9-28 110744]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-3-17 24176]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\Drivers\viahduaa.sys [2012-9-28 2203792]
S2 DptfPolicyLpmService;Intel® Dynamic Platform & Thermal Framework Low Power Mode Service Application;C:\Windows\System32\DptfPolicyLpmService.exe [2012-9-28 36224]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-7 161384]
S2 SwOffScheduler;Airytec Switch Off - Task Scheduler;C:\Program Files\Airytec\Switch Off\swoff.exe -service --> C:\Program Files\Airytec\Switch Off\swoff.exe -service [?]
S2 SwOffWeb;Airytec Switch Off - Web Interface;C:\Program Files\Airytec\Switch Off\swoff.exe -service --> C:\Program Files\Airytec\Switch Off\swoff.exe -service [?]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\Drivers\AmUStor.sys [2012-7-13 101504]
S3 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-3-17 178624]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\Drivers\ANDROIDUSB.sys [2013-3-17 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\Drivers\htcnprot.sys [2012-12-7 36928]
S3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
S3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2013-2-12 23552]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2013-03-18 19:05:19 388096 ----a-r- C:\Users\JeanetteN\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-18 19:05:19 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-03-18 02:36:11 -------- d-----w- C:\ProgramData\COMODO
2013-03-18 02:35:56 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Comodo
2013-03-18 02:35:51 50952 ----a-w- C:\Windows\System32\certsentry.dll
2013-03-18 02:35:45 -------- d-----w- C:\Program Files (x86)\Comodo
2013-03-18 02:35:43 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2013-03-18 00:50:01 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-03-18 00:50:01 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-03-17 22:51:01 -------- d-----w- C:\Users\JeanetteN\AppData\Roaming\Malwarebytes
2013-03-17 22:50:53 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-17 22:50:53 -------- d-----w- C:\ProgramData\Malwarebytes
2013-03-17 22:50:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-17 21:38:54 -------- d-----w- C:\Program Files (x86)\Citrix
2013-03-17 21:38:42 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Citrix
2013-03-17 21:38:41 103832 ----a-w- C:\Users\JeanetteN\GoToAssistDownloadHelper.exe
2013-03-17 21:02:19 -------- d-----w- C:\Users\JeanetteN\AppData\Roaming\HTC Sync
2013-03-17 21:02:01 -------- d-----w- C:\Users\JeanetteN\AppData\Local\HTC MediaHub
2013-03-17 21:00:59 -------- d-----w- C:\Program Files (x86)\Spirent Communications
2013-03-17 19:18:57 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
2013-03-17 17:08:31 -------- d-----w- C:\Program Files\HTC
2013-03-17 16:29:19 -------- d-----w- C:\Users\JeanetteN\AppData\Roaming\HTC
2013-03-17 16:29:13 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Apple Computer
2013-03-17 16:29:05 -------- d-----w- C:\ProgramData\Motorola
2013-03-17 16:27:05 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Downloaded Installations
2013-03-17 16:26:07 -------- d-----w- C:\Program Files (x86)\HTC
2013-03-17 16:25:25 33736 ----a-w- C:\Windows\System32\drivers\ANDROIDUSB.sys
2013-03-17 16:25:25 1122664 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2013-03-17 16:25:24 -------- d-----w- C:\ProgramData\HTC
2013-03-17 16:01:23 -------- d-----w- C:\Users\JeanetteN\AppData\Roaming\Mp3do
2013-03-17 16:01:11 -------- d-----w- C:\Program Files (x86)\mp3do
2013-03-17 15:08:28 -------- d-----w- C:\Program Files (x86)\Free Convert All Music Audio Converter Gold
2013-03-17 15:01:08 -------- d-----w- C:\Program Files (x86)\Conduit
2013-03-17 15:01:06 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Conduit
2013-03-17 15:01:06 -------- d-----w- C:\Program Files (x86)\MixiDJ_V8
2013-03-17 14:51:36 -------- d-----w- C:\Users\JeanetteN\AppData\Local\getsavin
2013-03-15 13:46:55 -------- d-----w- C:\Program Files\Common Files\EPSON
2013-03-15 13:46:48 -------- d-----w- C:\ProgramData\EPSON
2013-03-15 13:46:30 10752 ----a-w- C:\Windows\System32\E_GCINST.DLL
2013-03-15 13:46:29 120320 ----a-w- C:\Windows\System32\E_ILMIBE.DLL
2013-03-15 13:46:29 120320 ----a-w- C:\Windows\System32\E_ILMIBA.DLL
2013-03-15 13:46:28 83968 ----a-w- C:\Windows\System32\E_ID4BIBE.DLL
2013-03-15 13:46:28 83968 ----a-w- C:\Windows\System32\E_ID4BIBA.DLL
2013-03-14 13:04:46 -------- d-----w- C:\Program Files (x86)\NCH Software
2013-03-13 16:44:47 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Apps
2013-03-13 02:29:04 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-03-13 02:29:03 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-03-13 02:29:00 2246656 ----a-w- C:\Windows\System32\wininet.dll
2013-03-11 02:00:08 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-03-10 18:54:14 -------- d-----w- C:\Windows\SysWow64\Adobe
2013-03-10 18:03:39 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-03 03:55:39 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-03 03:55:39 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-02-28 15:29:59 -------- d-----w- C:\Users\JeanetteN\dwhelper
2013-02-27 21:08:12 443392 ----a-w- C:\Windows\System32\ReAgent.dll
2013-02-27 21:08:12 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll
2013-02-27 21:08:12 1010688 ----a-w- C:\Windows\System32\reseteng.dll
2013-02-25 05:36:51 -------- d-----w- C:\Users\JeanetteN\AppData\Roaming\Airytec
2013-02-25 05:35:59 -------- d-----w- C:\Program Files\Airytec
2013-02-24 15:16:01 -------- d-----w- C:\Program Files (x86)\FreeAlarmClock
2013-02-21 01:07:20 -------- d-----r- C:\Program Files (x86)\Skype
2013-02-19 19:20:44 -------- d-----w- C:\Users\JeanetteN\AppData\Local\Aimersoft
2013-02-19 19:20:44 -------- d-----w- C:\Program Files (x86)\Common Files\Aimersoft
2013-02-19 19:20:30 -------- d-----w- C:\Program Files (x86)\Aimersoft
.
==================== Find3M ====================
.
2013-03-19 17:51:02 401 ----a-w- C:\Users\JeanetteN\AppData\Roaming\sp_data.sys
2013-03-06 22:33:21 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-03-06 22:33:21 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-03-06 22:33:20 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-06 22:32:51 41664 ----a-w- C:\Windows\avastSS.scr
2013-03-05 23:07:25 78168 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-05 23:07:25 692568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-02 08:22:18 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll
2013-03-02 02:44:30 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll
2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll
2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 01:44:27 16384 ----a-w- C:\Windows\SysWow64\lgfwunis.exe
2013-02-12 01:30:04 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2013-02-12 00:56:19 53760 ----a-w- C:\Windows\System32\UXInit.dll
2013-02-12 00:25:18 4041728 ----a-w- C:\Windows\System32\win32k.sys
2013-02-12 00:17:50 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-02-07 04:09:56 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys
2013-02-07 03:34:58 10115072 ----a-w- C:\Windows\System32\twinui.dll
2013-02-07 03:33:47 2302464 ----a-w- C:\Windows\System32\authui.dll
2013-02-07 03:33:42 2146816 ----a-w- C:\Windows\System32\actxprxy.dll
2013-02-07 01:34:00 8856576 ----a-w- C:\Windows\SysWow64\twinui.dll
2013-02-07 01:33:03 2033664 ----a-w- C:\Windows\SysWow64\authui.dll
2013-02-07 01:33:01 754176 ----a-w- C:\Windows\SysWow64\actxprxy.dll
2013-02-05 22:31:11 622080 ----a-w- C:\Windows\System32\drivers\srv2.sys
2013-02-05 22:29:09 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2013-02-05 22:28:48 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2013-02-05 22:28:36 215552 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2013-02-05 04:56:27 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-02-05 04:56:27 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-02-05 03:55:27 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-05 01:44:50 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2013-02-04 22:39:39 907776 ----a-w- C:\Windows\System32\uxtheme.dll
2013-02-04 22:38:55 3966464 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-04 22:38:53 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-02-02 11:19:44 496872 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-02-02 11:19:44 446184 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2013-02-02 11:19:41 329960 ----a-w- C:\Windows\System32\drivers\storport.sys
2013-02-02 11:19:33 61672 ----a-w- C:\Windows\System32\drivers\crashdmp.sys
2013-02-02 10:54:54 1933544 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-02-02 10:28:54 993512 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-02-02 10:28:54 2226408 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-02 09:42:07 2207232 ----a-w- C:\Windows\SysWow64\PrintConfig.dll
2013-02-02 08:40:58 375808 ----a-w- C:\Windows\SysWow64\wbem\WmiPrvSE.exe
2013-02-02 08:40:55 80896 ----a-w- C:\Windows\SysWow64\tasklist.exe
2013-02-02 08:40:55 79360 ----a-w- C:\Windows\SysWow64\taskkill.exe
2013-02-02 08:40:36 155136 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2013-02-02 08:40:35 370688 ----a-w- C:\Windows\SysWow64\WWanAPI.dll
2013-02-02 08:40:27 131072 ----a-w- C:\Windows\SysWow64\wbem\WmiDcPrv.dll
2013-02-02 08:40:26 410624 ----a-w- C:\Windows\SysWow64\wlroamextension.dll
2013-02-02 08:40:22 197632 ----a-w- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
2013-02-02 08:40:22 10792448 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll
2013-02-02 08:40:01 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll
2013-02-02 08:39:59 325632 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-02-02 08:39:47 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll
2013-02-02 08:39:34 55296 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2013-02-02 08:39:34 15872 ----a-w- C:\Windows\SysWow64\nlmproxy.dll
2013-02-02 08:39:34 12288 ----a-w- C:\Windows\SysWow64\nlmsprep.dll
2013-02-02 08:39:33 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll
2013-02-02 08:39:28 5090816 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-02-02 08:39:15 157696 ----a-w- C:\Windows\SysWow64\mbsmsapi.dll
2013-02-02 08:38:54 567808 ----a-w- C:\Windows\SysWow64\duser.dll
2013-02-02 08:24:19 107520 ----a-w- C:\Windows\System32\taskkill.exe
2013-02-02 08:24:19 102400 ----a-w- C:\Windows\System32\tasklist.exe
2013-02-02 08:23:44 228352 ----a-w- C:\Windows\System32\XpsRasterService.dll
2013-02-02 08:23:43 475136 ----a-w- C:\Windows\System32\WWanAPI.dll
2013-02-02 08:23:37 611840 ----a-w- C:\Windows\System32\wpd_ci.dll
2013-02-02 08:23:37 105472 ----a-w- C:\Windows\System32\wpdbusenum.dll
2013-02-02 08:23:30 830464 ----a-w- C:\Windows\System32\wbem\WmiPrvSD.dll
2013-02-02 08:23:28 543232 ----a-w- C:\Windows\System32\wlroamextension.dll
2013-02-02 08:23:21 13643264 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll
2013-02-02 08:23:19 293376 ----a-w- C:\Windows\System32\Windows.Networking.Connectivity.dll
2013-02-02 08:23:18 731648 ----a-w- C:\Windows\System32\win32spl.dll
2013-02-02 08:23:16 87552 ----a-w- C:\Windows\System32\wersvc.dll
2013-02-02 08:22:28 448512 ----a-w- C:\Windows\System32\SettingSync.dll
2013-02-02 08:22:22 416256 ----a-w- C:\Windows\System32\schannel.dll
2013-02-02 08:21:45 467456 ----a-w- C:\Windows\System32\netprofmsvc.dll
2013-02-02 08:21:44 385024 ----a-w- C:\Windows\System32\ncsi.dll
2013-02-02 08:21:38 5977600 ----a-w- C:\Windows\System32\mstscax.dll
2013-02-02 08:21:10 225280 ----a-w- C:\Windows\System32\mbsmsapi.dll
2013-02-02 08:20:47 260096 ----a-w- C:\Windows\System32\hotspotauth.dll
2013-02-02 08:20:31 729600 ----a-w- C:\Windows\System32\duser.dll
2013-02-02 07:30:05 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-02 07:25:52 297984 ----a-w- C:\Windows\System32\drivers\ks.sys
2013-02-02 07:25:26 82944 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2013-02-02 07:25:23 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys
2013-02-02 05:41:57 1437184 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2013-02-02 05:31:54 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll
2013-01-29 01:57:05 35232 ----a-w- C:\Windows\System32\drivers\WdBoot.sys
2013-01-28 23:08:22 230904 ----a-w- C:\Windows\System32\drivers\WdFilter.sys
2013-01-14 03:56:14 6967016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-12 01:02:34 64624 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2013-01-10 01:53:32 28904 ----a-w- C:\Windows\System32\drivers\msgpiowin32.sys
2013-01-10 01:40:39 1448168 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-01-10 01:40:38 303848 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-01-10 01:39:29 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2013-01-10 01:39:22 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2013-01-10 01:29:56 91880 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2013-01-10 01:29:21 785504 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-01-09 23:26:53 83968 ----a-w- C:\Windows\SysWow64\wiaacmgr.exe
2013-01-09 23:26:46 1611776 ----a-w- C:\Windows\SysWow64\mmc.exe
.
============= FINISH: 13:06:34.82 ===============
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
attach.txt
=======================
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume1
Install Date: 2/9/2013 10:44:06 PM
System Uptime: 3/19/2013 12:50:20 PM (1 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | S400CA
Processor: Intel® Core i5-3317U CPU @ 1.70GHz | SOCKET 0 | 1701/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 186 GiB total, 120.414 GiB free.
D: is FIXED (NTFS) - 258 GiB total, 257.679 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP13: 3/18/2013 1:43:28 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
6400_Help
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6) MUI
Adobe Shockwave Player 12.0
Advanced MP3 Converter Windows 8 1.1
Aimersoft DVD Creator(Build 2.6.5)
Airytec Switch Off
Alcor Micro USB Card Reader
Amazon Cloud Drive
ASUS Instant Connect
ASUS InstantOn
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Smart Gesture
ASUS Splendid Video Enhancement Technology
ASUS Tutor
ASUS USB Charger Plus
ASUS VivoBook
ASUS WebStorage Sync Agent
AsusVibe2.0
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATK Package
Auslogics Disk Defrag
avast! Free Antivirus
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CCleaner
D3DX10
Destinations
DeviceDiscovery
DocProc
EPSON XP-400 Series Printer Uninstall
ExpressCache
Fax
Free Alarm Clock 2.7.1
GetSavin
Google Drive
Google Update Helper
GPBaseService2
HiJackThis
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP OfficeJet J6400 14.0 Rel. 6
HP Solution Center 14.0
HP Update
HPProductAssistant
HPSSupply
HTC Driver Installer
HTC Sync Manager
Intel® Dynamic Platform and Thermal Framework
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Start Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
IPTInstaller
iSEEK AnswerWorks English Runtime
J6400
Java 7 Update 17
Java Auto Updater
Junk Mail filter update
LG CyberLink LabelPrint
LG CyberLink Power2Go
LG CyberLink PowerBackup
LG CyberLink YouCam
LG ODD Auto Firmware Update
LG Power Tools
LightScribe System Software
Magical Jelly Bean KeyFinder
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
Microsoft Application Error Reporting
Microsoft Office
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MixiDJ V8 Toolbar
Movie Maker
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
Network64
OCR Software by I.R.I.S. 14.0
Online Backup
OpenOffice.org 3.4.1
Photo Common
Photo Gallery
PhotoScape
Picasa 3
Pixillion Image Converter
Platform
ProductContext
Qualcomm Atheros Client Installation Program
Quicken 2012
Scan
Shared C Run-time for x64
Shop for HP Supplies
Skype Click to Call
Skype™ 6.2
SolutionCenter
Status
swMSM
Toolbox
TrayApp
VIA Platform Device Manager
Wajam
WebReg
Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
WModem Driver Installer
.
==== Event Viewer Messages From Past Week ========
.
3/19/2013 12:50:23 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
3/18/2013 4:15:11 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================
Another note: I have deleted again the Prefetch folder and this time unlike the first time when the computer was rebooted many items where gone. I rebooted a second and third time and each time I rebooted the prefetch folder had more items in it. This is a list of the items that where in the PF folder after the last reboot. The items that the "tech person" pointed to as proof of a backdoor are gone though they may come back.
=============================================
Pf after deletion and 3 reboots
"C:\Windows\Prefetch\ReadyBoot"
"C:\Windows\Prefetch\ADB.EXE-67EDDB48.pf"
"C:\Windows\Prefetch\AgAppLaunch.db"
"C:\Windows\Prefetch\AgGlFaultHistory.db"
"C:\Windows\Prefetch\AgGlFgAppHistory.db"
"C:\Windows\Prefetch\AgGlGlobalHistory.db"
"C:\Windows\Prefetch\AgRobust.db"
"C:\Windows\Prefetch\AUDIODG.EXE-9848A323.pf"
"C:\Windows\Prefetch\AVAST.SETUP-50B30900.pf"
"C:\Windows\Prefetch\AVASTEMUPDATE.EXE-0DD1597D.pf"
"C:\Windows\Prefetch\AVBUGREPORT.EXE-E4EA699E.pf"
"C:\Windows\Prefetch\CONHOST.EXE-F98A1078.pf"
"C:\Windows\Prefetch\CONSENT.EXE-2D674CE4.pf"
"C:\Windows\Prefetch\CSC.EXE-4D47A477.pf"
"C:\Windows\Prefetch\CVTRES.EXE-9077A165.pf"
"C:\Windows\Prefetch\DLLHOST.EXE-5C94BCB3.pf"
"C:\Windows\Prefetch\DLLHOST.EXE-6AA5D6C5.pf"
"C:\Windows\Prefetch\DLLHOST.EXE-50AF0BCC.pf"
"C:\Windows\Prefetch\DLLHOST.EXE-38926D07.pf"
"C:\Windows\Prefetch\DLLHOST.EXE-C1C2EFBE.pf"
"C:\Windows\Prefetch\DMEDIA.EXE-FAA82C3F.pf"
"C:\Windows\Prefetch\FIREFOX.EXE-528BC649.pf"
"C:\Windows\Prefetch\FLASHPLAYERPLUGIN_11_6_602_18-54979347.pf"
"C:\Windows\Prefetch\GOOGLEUPDATE.EXE-62E5E10F.pf"
"C:\Windows\Prefetch\HPWUSCHD2.EXE-70D5B7CD.pf"
"C:\Windows\Prefetch\INTELMEFWSERVICE.EXE-265333D9.pf"
"C:\Windows\Prefetch\JUSCHED.EXE-4B303C70.pf"
"C:\Windows\Prefetch\LMS.EXE-409EDB07.pf"
"C:\Windows\Prefetch\LPKSETUP.EXE-EE6EE0C2.pf"
"C:\Windows\Prefetch\MBAMGUI.EXE-9FF23AE2.pf"
"C:\Windows\Prefetch\MPCMDRUN.EXE-6520183E.pf"
"C:\Windows\Prefetch\MSIEXEC.EXE-7D20CFB0.pf"
"C:\Windows\Prefetch\NOTEPAD.EXE-1A4CC1C3.pf"
"C:\Windows\Prefetch\PfSvPerfStats.bin"
"C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-E510713D.pf"
"C:\Windows\Prefetch\PRINTISOLATIONHOST.EXE-9AE42873.pf"
"C:\Windows\Prefetch\RUNTIMEBROKER.EXE-17E2786F.pf"
"C:\Windows\Prefetch\SCALC.EXE-5046D548.pf"
"C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-10E4267C.pf"
"C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf"
"C:\Windows\Prefetch\SETTINGSYNCHOST.EXE-DD400067.pf"
"C:\Windows\Prefetch\SIMPRESS.EXE-A76BBA08.pf"
"C:\Windows\Prefetch\SOFFICE.BIN-72E915F8.pf"
"C:\Windows\Prefetch\SOFFICE.EXE-7F5AFD1D.pf"
"C:\Windows\Prefetch\SPLWOW64.EXE-853292E2.pf"
"C:\Windows\Prefetch\SPPSVC.EXE-7B160CA5.pf"
"C:\Windows\Prefetch\TABTIP32.EXE-9819DFFF.pf"
"C:\Windows\Prefetch\TASKHOST.EXE-29D61DAB.pf"
"C:\Windows\Prefetch\TASKHOST.EXE-985C34E6.pf"
"C:\Windows\Prefetch\TIWORKER.EXE-D3BFD41F.pf"
"C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-B018CCBF.pf"
"C:\Windows\Prefetch\UNS.EXE-9B1279FB.pf"
"C:\Windows\Prefetch\VMMMODESELECTION.EXE-F15CAECD.pf"
"C:\Windows\Prefetch\WMIADAP.EXE-7D63BB4C.pf"
"C:\Windows\Prefetch\WMIAPSRV.EXE-CF150EEA.pf"
-
I did as you instructed. Their was some issue with Adobe and I could not use the live link but had to download the full program from their site and install it, but Adobe claimed that this is not unusual because some firewalls have issues. Once I did this I checked it out and it seems to be running fine. I was surprised that you had suggested this for I thought I was getting updates all the time from Adobe. I hope that Adobe is not a problem or an opening for malware.
I ran the clean.exe program and should have figured that uninstall would not get all of Zone Alarm. Does Uninstall ever work, certainly not with HP printers?
I use Malwarebytes all the time and have bought it for my laptop and it is a permanent program their however, as you point out and as others have pointed out to me, I should not have two permanent anti-virus programs running at the same time and I like the "scan at start up" feature of Avast plus it is free as is Malwarebytes basic program. I have told people that none of the permanent programs work all of the time but that one should use Malwarebytes periodically allowing it to do an individual scan. I have done this on computers with other high priced protection programs and have not failed to get some real positive hits with Malwarebytes. I had Norton and McAfee for years and I liked McAfee, especially many years ago when it had it's DOS scan at startup, however none of them got the big problem I had Win98 and was told to use Malwarebytes and Firefox at that time and it helped.
I disabled the "Defense+" feature of Comodo and use only the Firewall feature. I hope I do not still have some conflict their however it seems to be working though I may not know if it was not. I am surprised at Comodo not exiting as it should have and may look into another software firewall even though I have told some people to use Comodo.
Here is the Quick Scan from Malwarebytes
=========================================
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.21.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
mwda :: HOME-SATA [administrator]
6/21/2012 10:29:54 AM
mbam-log-2012-06-21 (10-29-54).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227159
Time elapsed: 2 minute(s), 32 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
====================
I thank you very much for your expert help. I have used help like this more then once and am always amazed at the quality of help I get. I don't care what Microsoft says if it was not for free services like this computers would not win.
Marshall
-
I thank you all very much for your help.
I do admire you people. I could not possibly master the complexities that you deal with every day though I am sure, having read this in the paper and having tried to fix other computers, that this is also why the bad guys seem to be winning in computers.
I ran RSIT with no request from my firewall however I got two error messages which requested of me to allow them to report these errors to a website. I selected yes in both instances and in both instances my browser opened and went to a general "Frontier" type search page.
Bellow are the two RSIT info and log file contents.
==============================
Logfile of random's system information tool 1.09 (written by random/random)
Run by mwda at 2012-06-20 10:03:58
Microsoft Windows XP Professional Service Pack 3
System drive C: has 64 GB (80%) free of 79 GB
Total RAM: 2013 MB (80% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:04:58 AM, on 6/20/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Kalender\Kalender.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\mwda\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\mwda.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Kalender] C:\Program Files\Kalender\Kalender.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc. - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
--
End of file - 5689 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MyDefrag v4.3.1 Daily.job
C:\WINDOWS\tasks\MyDefrag v4.3.1 Monthly.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\mwda\Application Data\Mozilla\Firefox\Profiles\93dgnwqq.default
prefs.js - "browser.startup.homepage" - "http://www.google.com/"
prefs.js - "extensions.enabledItems" - "jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, fdm_ffext@freedownloadmanager.org:1.3.4, {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323, {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3, {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://www.bing.com/search?pc=Z178&form=ZGAADF&install_date=20110901&q="
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.257 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
"Description"=ZoneAlarm Toolbar Api
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660]
"Description"=RealNetworks RealPlayer Chrome Background Extension Plug-In
"Path"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660]
"Description"=RealPlayer HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
QuickTimePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
answers.xml
bing.xml
bing.xml.old
creativecommons.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml
C:\Documents and Settings\mwda\Application Data\Mozilla\Firefox\Profiles\93dgnwqq.default\extensions\
nostmp
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-02-23 814160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-12 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-02-23 814160]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2012-03-11 6749512]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-02-23 3451496]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Kalender"=C:\Program Files\Kalender\Kalender.exe [2010-08-22 933888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-06-06 35736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2009-02-26 173592]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2009-02-26 141336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-05-14 46632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
C:\Program Files\Microsoft Money\System\Money Express.exe [1999-08-04 122940]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-05-14 30248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2009-02-26 142360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-02-01 255528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2010-06-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2009-05-21 17881600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk]
C:\PROGRA~1\NETGEAR\WG111v2\WG111v2.exe [2010-05-10 1268192]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^mwda^Start Menu^Programs^Startup^Locate32 Autorun.lnk]
C:\PROGRA~1\Locate\Locate32.exe [2007-07-01 970752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-02-20 206848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=iyvu9_32.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"VIDC.WMV3"=wmv9vcm.dll
======List of files/folders created in the last 1 month======
2012-06-20 10:03:58 ----D---- C:\rsit
2012-06-20 10:03:58 ----D---- C:\Program Files\trend micro
2012-06-19 13:18:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2707511$
2012-06-19 13:10:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2685939$
2012-06-19 13:07:26 ----A---- C:\WINDOWS\imsins.BAK
2012-06-19 13:07:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2709162$
2012-06-19 13:02:59 ----D---- C:\WINDOWS\temp
2012-06-19 13:02:57 ----A---- C:\ComboFix.txt
2012-06-19 12:37:16 ----D---- C:\Program Files\ERUNT
2012-06-04 13:41:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2718704$
2012-05-22 16:53:32 ----D---- C:\Documents and Settings\mwda\Application Data\Auslogics
======List of files/folders modified in the last 1 month======
2012-06-20 10:04:11 ----D---- C:\WINDOWS\Prefetch
2012-06-20 10:03:58 ----RD---- C:\Program Files
2012-06-20 10:03:09 ----D---- C:\WINDOWS\system32\CatRoot2
2012-06-20 10:02:23 ----D---- C:\WINDOWS\system32\config
2012-06-20 09:53:38 ----D---- C:\WINDOWS\system32\drivers
2012-06-20 09:53:37 ----SHD---- C:\System Volume Information
2012-06-20 09:53:37 ----D---- C:\WINDOWS\system32\Restore
2012-06-20 09:52:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-06-20 09:52:36 ----D---- C:\WINDOWS
2012-06-20 09:52:26 ----D---- C:\WINDOWS\ERDNT
2012-06-19 13:38:36 ----RSD---- C:\WINDOWS\assembly
2012-06-19 13:38:36 ----D---- C:\WINDOWS\Microsoft.NET
2012-06-19 13:19:38 ----D---- C:\WINDOWS\system32
2012-06-19 13:18:38 ----HD---- C:\WINDOWS\inf
2012-06-19 13:18:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-06-19 13:18:25 ----SHD---- C:\WINDOWS\Installer
2012-06-19 13:18:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-06-19 13:18:05 ----D---- C:\WINDOWS\WinSxS
2012-06-19 13:13:05 ----D---- C:\WINDOWS\Debug
2012-06-19 13:13:01 ----A---- C:\WINDOWS\system32\MRT.exe
2012-06-19 13:10:34 ----D---- C:\Program Files\Internet Explorer
2012-06-19 13:10:22 ----D---- C:\WINDOWS\ie8updates
2012-06-19 13:10:16 ----HD---- C:\WINDOWS\$hf_mig$
2012-06-19 13:00:21 ----N---- C:\WINDOWS\system.ini
2012-06-19 12:59:55 ----D---- C:\WINDOWS\system32\drivers\etc
2012-06-19 12:56:10 ----D---- C:\WINDOWS\AppPatch
2012-06-19 12:56:07 ----D---- C:\Program Files\Common Files
2012-06-19 08:47:03 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-06-18 20:52:37 ----D---- C:\Program Files\Mozilla Firefox
2012-06-18 20:21:33 ----A---- C:\WINDOWS\ahd3.ini
2012-06-18 20:15:51 ----D---- C:\WINDOWS\system
2012-06-16 20:31:43 ----D---- C:\Documents and Settings\mwda\Application Data\dvdcss
2012-06-15 14:09:51 ----D---- C:\Documents and Settings\mwda\Application Data\UK's Kalender
2012-06-12 20:17:32 ----SD---- C:\WINDOWS\Tasks
2012-06-12 15:06:45 ----D---- C:\Documents and Settings\mwda\Application Data\Software Informer
2012-06-11 20:46:43 ----D---- C:\Program Files\Mozilla Thunderbird
2012-06-11 14:16:54 ----N---- C:\WINDOWS\win.ini
2012-06-11 14:13:19 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-05-31 08:22:09 ----A---- C:\WINDOWS\system32\crypt32.dll
2012-05-22 16:53:28 ----D---- C:\Program Files\Auslogics
2012-05-22 16:51:57 ----D---- C:\Program Files\AusLogics Disk Defrag
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2012-03-11 97760]
R0 SmartDefragDriver;SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [2010-11-26 14776]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-02-23 30680]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-02-23 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-02-23 371544]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-02-23 301528]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-02-23 49240]
R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2012-03-11 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2012-03-11 31704]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\D:\instal\util\diag\hw32\HWiNFO32.SYS []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-06-11 21419]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-02-23 19544]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-02-23 102232]
R2 cpuz133;cpuz133; \??\C:\WINDOWS\system32\drivers\cpuz133_x32.sys []
R2 pciinfo;pciinfo; C:\WINDOWS\System32\drivers\PCIINFO.SYS [2000-03-15 2752]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-02-20 6312864]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-06-02 5085184]
R3 RT73;ASUS USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2008-01-15 459520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\mwda\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 DirectNT;DirectNT; \??\H:\back\win_e\bat\utilitis\cpu information\DIRECTNT.SYS []
S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys []
S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\18.tmp []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 PORTMON;PORTMON; \??\D:\installed\util\sysinternals\SysinternalsSuite\PORTMSYS.SYS []
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2007-12-26 272128]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-02-23 42184]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2012-03-11 1983232]
R2 OneTouch 4.0 Monitor;OneTouch 4.0 Monitor; C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe [2008-06-02 131072]
R2 UPHClean;User Profile Helper Cleanup; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-08 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 257224]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Diskeeper;Diskeeper; C:\Program Files\Executive Software\DiskeeperLite\DKService.exe [2002-10-16 176128]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-08 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 IS360service;IS360service; C:\Program Files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
S3 WinDefend;Windows Defender; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 PuranDefrag;PuranDefrag; C:\WINDOWS\system32\PuranDefragS.exe [2011-02-15 229376]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.09 2012-06-20 10:05:01
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
A.F.5 Rename your files 1.1-->MsiExec.exe /I{A725C340-77EE-11D6-BBC2-0000CB591583}
ActivePerl 5.8.9 Build 828-->MsiExec.exe /I{908241D6-9CB9-4C7B-ADE2-DE1C20BD0333}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{FE23D063-934D-4829-A0D8-00634CE79B4A}
Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe -maintain plugin
Adobe Reader X (10.1.0)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}
Adobe Shockwave Player 11.6-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Advanced Port Scanner v1.3-->C:\Program Files\Advanced Port Scanner\uninstal.exe
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
ASUS WLAN Card Utilities/Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F722FA9-B994-4C9B-B292-FD32D6206EDF}\Setup.exe" -l0x9
Auslogics Disk Defrag-->"C:\Program Files\Auslogics\Auslogics Disk Defrag\unins000.exe"
Auslogics Duplicate File Finder-->"C:\Program Files\Auslogics\Auslogics Duplicate File Finder\unins000.exe"
Auslogics Task Manager-->"C:\Program Files\Auslogics\Auslogics Task Manager\unins000.exe"
AutoHotkey 1.0.48.05-->C:\Program Files\AutoHotkey\uninst.exe
avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Calculator Powertoy for Windows XP-->MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP Pro 3-->MsiExec.exe /I{12F14497-A7B7-4571-AAAC-154DBC93EAB0}
Chessmaster 9000-->C:\WINDOWS\IsUninst.exe -f"f:\Program Files\Ubi Soft\Chessmaster 9000\CM9kUninst.isu"
CleanHaven 2.2-->"C:\Program Files\CleanHaven\unins000.exe"
ClearType Tuning Control Panel Applet-->MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
CmdHere Powertoy For Windows XP-->MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}
COMODO Internet Security-->MsiExec.exe /I{FD8E178D-8B4E-42DA-B434-EFF270329B1C}
CPUID CPU-Z 1.54-->"C:\Program Files\CPUID\CPU-Z\unins000.exe"
CSVed 2.1.4-->"C:\Program Files\CSVed\unins000.exe"
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
DelinvFile - 3.03-->"C:\Program Files\PurgeIE\unins000.exe"
Disk Investigator 1.51-->C:\Program Files\Disk Investigator\uninst.exe
Diskeeper Lite-->MsiExec.exe /X{A3F60446-48FB-48A8-B5FC-BB3430AEF806}
Duplicate Cleaner 2.0.5-->C:\Program Files\Duplicate Cleaner\uninst.exe
EASEUS Partition Master 8.0.1 Home Edition-->"C:\Program Files\EASEUS\EASEUS Partition Master 8.0.1 Home Edition\unins000.exe"
Encyclopaedia Britannica Ultimate Reference Suite DVD 2004-->"C:\Program Files\Britannica 2004\Ultimate Reference Suite DVD\UninstallerData\Uninstall Encyclopaedia Britannica Ultimate Reference Suite 2004.exe"
Eraser-->"C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe" REMOVE=TRUE MODIFY=FALSE
Eraser-->C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ExamDiff 1.8 (Build 1.8.0.7)-->"C:\Program Files\ExamDiff\unins000.exe"
FastStone Image Viewer 4.6-->C:\Program Files\FastStone Image Viewer\uninst.exe
Final Media Player 2010-->"C:\Program Files\FinalMediaPlayer\unins000.exe"
Free Download Manager 3.0-->"C:\Program Files\Free Download Manager\unins000.exe"
Freemake Video Converter version 3.0.1-->"C:\Program Files\Freemake\Freemake Video Converter\Uninstall\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\19.0.1084.56\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Earth-->MsiExec.exe /X{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GPL Ghostscript 9.00-->"C:\Program Files\gs\uninstgs.exe" "C:\Program Files\gs\gs9.00\uninstal.txt"
HashCalc 2.02-->"C:\Program Files\HashCalc\unins000.exe"
Helicon Filter 4.93.2 Free-->"C:\Program Files\Helicon Software\Helicon Filter\unins000.exe"
Hexonic PDF Split and Merge 1.0-->"C:\Program Files\Hexonic PDF Split and Merge\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2570791)-->"C:\WINDOWS\$NtUninstallKB2570791$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2633952)-->"C:\WINDOWS\$NtUninstallKB2633952$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
HP Business Inkjet 1000 Series-->msiexec /x{8034A623-0A42-4514-9536-BD124A9AEBA5}
HP Drive Key Boot Utility-->C:\Program Files\Compaq\hpdkbu\hpuninst.exe
HP USB Disk Storage Format Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
IObit Security 360-->"C:\Program Files\IObit\IObit Security 360\unins000.exe"
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
IsoBuster 2.8-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
K-Lite Codec Pack 5.9.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Locate32-->C:\Program Files\Locate\Remove.exe
Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Encarta Encyclopedia Standard 2001-->MsiExec.exe /I{01001201-5D65-445A-B3B4-3DCE72BA0C6C}
Microsoft Money 2000 Standard Edition-->C:\Program Files\Microsoft Money\setup\setup.exe
Microsoft Streets and Trips 2001-->MsiExec.exe /I{3D719053-5593-11D3-8F25-0060085C1758}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works 4.0-->C:\Program Files\MSWorks\Setup40\setup.exe
Mozilla Firefox 13.0.1 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"
Mozilla Thunderbird 12.0.1 (x86 en-US)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MyDefrag v4.3.1-->"C:\Program Files\MyDefrag v4.3.1\unins000.exe"
Mz Services Manager-->"C:\Program Files\Mz Ultimate Tools\Mz Services Manager\unins000.exe"
Neat Image v6.1 Home-->"C:\Program Files\Neat Image\unins000.exe"
NETGEAR WG111v2 wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{4102037D-E8E0-48E0-B203-E521D194FB71}\setup.exe -runfromtemp -l0x0009 -removeonly
Norton PartitionMagic 8.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
NoteTab Light 5 (Remove only)-->"C:\Program Files\NoteTab Light\unins000.exe"
OneTouch 4.0-->MsiExec.exe /I{BCDA28CF-BDE3-49BE-AB50-87FD47CA4559}
OpenOffice.org 3.2-->MsiExec.exe /I{6ADD0603-16EF-400D-9F9E-486432835002}
Photo Pos Pro-->"C:\WINDOWS\Photo Pos Pro Uninstaller.exe"
PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"
Pixia-->"C:\Program Files\InstallShield Installation Information\{A0BCF90F-B4E4-435C-A48D-8FAAE10554F9}\setup.exe" -runfromtemp -l0x0409 -removeonly
Puran Defrag Free Edition 7.2-->"C:\Program Files\Puran Defrag\unins000.exe"
PySol Fan Club edition v.2.0-->"C:\Program Files\PySol Fan Club edition\unins000.exe"
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Registrar Lite 2.00-->"C:\Program Files\Registrar Lite\unwise.exe" C:\PROGRA~1\REGIST~1\INSTALL.LOG
Revo Uninstaller 1.88-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
ScanSoft PaperPort 11-->MsiExec.exe /I{0AB8248A-BCC4-4B46-9A8A-1B5FBBDB8278}
SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {86BB5A25-8CC3-33CE-A393-CF28901682B2} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {16EEC04A-B924-37E0-97CF-422DCEFC1B63} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C4D978AA-2668-3404-96DE-96E2AFC62FD7} /parameterfolder Client
Security Update for Microsoft Windows (KB2564958)-->"C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2544521)-->"C:\WINDOWS\ie8updates\KB2544521-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2618444)-->"C:\WINDOWS\ie8updates\KB2618444-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2647516)-->"C:\WINDOWS\ie8updates\KB2647516-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2675157)-->"C:\WINDOWS\ie8updates\KB2675157-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2699988)-->"C:\WINDOWS\ie8updates\KB2699988-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB2447961)-->"C:\WINDOWS\$NtUninstallKB2447961_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2416400)-->"C:\WINDOWS\$NtUninstallKB2416400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2476490)-->"C:\WINDOWS\$NtUninstallKB2476490$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2482017)-->"C:\WINDOWS\$NtUninstallKB2482017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2503665)-->"C:\WINDOWS\$NtUninstallKB2503665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2510581)-->"C:\WINDOWS\$NtUninstallKB2510581$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2530548)-->"C:\WINDOWS\$NtUninstallKB2530548$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2535512)-->"C:\WINDOWS\$NtUninstallKB2535512$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2536276)-->"C:\WINDOWS\$NtUninstallKB2536276$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2544521)-->"C:\WINDOWS\$NtUninstallKB2544521$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2544893)-->"C:\WINDOWS\$NtUninstallKB2544893$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2544893-v2)-->"C:\WINDOWS\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2555917)-->"C:\WINDOWS\$NtUninstallKB2555917$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2559049)-->"C:\WINDOWS\$NtUninstallKB2559049$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2562937)-->"C:\WINDOWS\$NtUninstallKB2562937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2567053)-->"C:\WINDOWS\$NtUninstallKB2567053$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2567680)-->"C:\WINDOWS\$NtUninstallKB2567680$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2570222)-->"C:\WINDOWS\$NtUninstallKB2570222$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2570947)-->"C:\WINDOWS\$NtUninstallKB2570947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2584146)-->"C:\WINDOWS\$NtUninstallKB2584146$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2585542)-->"C:\WINDOWS\$NtUninstallKB2585542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2586448)-->"C:\WINDOWS\$NtUninstallKB2586448$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2598479)-->"C:\WINDOWS\$NtUninstallKB2598479$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2603381)-->"C:\WINDOWS\$NtUninstallKB2603381$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2618444)-->"C:\WINDOWS\$NtUninstallKB2618444$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2618451)-->"C:\WINDOWS\$NtUninstallKB2618451$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2619339)-->"C:\WINDOWS\$NtUninstallKB2619339$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2620712)-->"C:\WINDOWS\$NtUninstallKB2620712$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2621440)-->"C:\WINDOWS\$NtUninstallKB2621440$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2624667)-->"C:\WINDOWS\$NtUninstallKB2624667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2631813)-->"C:\WINDOWS\$NtUninstallKB2631813$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2633171)-->"C:\WINDOWS\$NtUninstallKB2633171$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2639417)-->"C:\WINDOWS\$NtUninstallKB2639417$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2641653)-->"C:\WINDOWS\$NtUninstallKB2641653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2646524)-->"C:\WINDOWS\$NtUninstallKB2646524$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2647518)-->"C:\WINDOWS\$NtUninstallKB2647518$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2653956)-->"C:\WINDOWS\$NtUninstallKB2653956$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2659262)-->"C:\WINDOWS\$NtUninstallKB2659262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2660465)-->"C:\WINDOWS\$NtUninstallKB2660465$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2661637)-->"C:\WINDOWS\$NtUninstallKB2661637$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2676562)-->"C:\WINDOWS\$NtUninstallKB2676562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2685939)-->"C:\WINDOWS\$NtUninstallKB2685939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2686509)-->"C:\WINDOWS\$NtUninstallKB2686509$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2695962)-->"C:\WINDOWS\$NtUninstallKB2695962$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2707511)-->"C:\WINDOWS\$NtUninstallKB2707511$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2709162)-->"C:\WINDOWS\$NtUninstallKB2709162$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\INSTALL.LOG
Smart Defrag 2-->"C:\Program Files\IObit\Smart Defrag 2\unins000.exe"
Software Informer 1.0 BETA-->"C:\Program Files\Software Informer\unins000.exe"
Speccy-->"C:\Program Files\Speccy\uninst.exe"
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
SyncBack-->"C:\Program Files\2BrightSparks\SyncBack\unins000.exe"
TestPath v1.3-->"C:\Program Files\TestPath2\unins000.exe"
TreeComp-->MsiExec.exe /I{30A01D71-86B1-4C24-8B1B-F9CCBDE094CC}
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
UK's Kalender 2.3.2-->"C:\Program Files\Kalender\unins000.exe"
Undelete Plus 2.98-->"C:\Program Files\TouchStoneSoftware\UndeletePlus\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB2598845)-->"C:\WINDOWS\ie8updates\KB2598845-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"
Update for Windows XP (KB2541763)-->"C:\WINDOWS\$NtUninstallKB2541763$\spuninst\spuninst.exe"
Update for Windows XP (KB2607712)-->"C:\WINDOWS\$NtUninstallKB2607712$\spuninst\spuninst.exe"
Update for Windows XP (KB2616676)-->"C:\WINDOWS\$NtUninstallKB2616676$\spuninst\spuninst.exe"
Update for Windows XP (KB2641690)-->"C:\WINDOWS\$NtUninstallKB2641690$\spuninst\spuninst.exe"
Update for Windows XP (KB2718704)-->"C:\WINDOWS\$NtUninstallKB2718704$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
User Profile Helper Cleanup Service-->MsiExec.exe /I{2769265D-6DFF-4ECA-AD5A-5DDD91ECF134}
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
virtualStudio 1.0.38-->"C:\Program Files\virtualStudio\unins000.exe"
What's Running 3.0-->"C:\Program Files\WhatsRunning\unins000.exe"
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray-->"C:\WINDOWS\$NtUninstallKB952011$\spuninst\spuninst.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Support Tools-->MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Xml Viewer-->MsiExec.exe /I{F58E04CD-6E76-43C8-AAF1-482225C2910E}
XXClone ver 0.58.0-->C:\WINDOWS\SYSTEM32\xxclone.exe /uninst
XXConsole: Super Console Generator ver 0.96-->C:\WINDOWS\system32\XXCONSOLE.EXE /uninstall
Yet Another (remote) Process Monitor 2.4.1-->"C:\Program Files\Yet Another (remote) Process Monitor\unins000.exe"
ZipGenius 6.3-->"C:\Program Files\ZipGenius 6\unins000.exe"
======Security center information======
AV: avast! Antivirus
FW: ZoneAlarm Firewall (disabled)
FW: COMODO Firewall
======Environment variables======
"CLASSPATH"="C:\Program Files\Java\jre6\lib\ext\QTJava.zip"
"ComSpec"=%SystemRoot%\system32\cmd.exe
"DiskeeperIcon"=C:\Program Files\Executive Software\DiskeeperLite\
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Perl\site\bin;C:\Perl\bin;C:\Program Files\Executive Software\DiskeeperLite;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\Support Tools;C:\Program Files\ZipGenius 6
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=170a
"QTJAVA"="C:\Program Files\Java\jre6\lib\ext\QTJava.zip"
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"tvdumpflags"=14
"windir"=%SystemRoot%
"tvdebugcategories"=all
-----------------EOF-----------------
=================
Bellow the file from FSS
==============================
Farbar Service Scanner Version: 19-06-2012 01
Ran by mwda (administrator) on 20-06-2012 at 10:14:18
Running from "D:\util-flash\virus-spyware\combofix\fss"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
Security Center:
============
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
**** End of log ****
==========================
I uninstalled Combofix and reboot and all is well. The problem may be solved unless it is something even more complicated then this.
-
Thank you so much for your help
I will do everything you say and post as you instruct me to do.
The information I posted about services was gotten from the XP services program in "administrative tools" which has a copy to text option as you may know. All I did was copy and paste those 3 lines in my post.
I tried several times to run combofix to solve this problem. I did not run it as you have now instructed me to and this is most likely why I had this problem however each time I uninstalled combofix the error with "Cryptographic service" would return so my only assumption is that it had something to do with the problem, though clearly not the cause of the problem. I had a long time ago run combofix and checking out my services and noted a service I did not know about and upon googling it found that it was set up by combofix so I ran the uninstall option and this service went away. I learned from this that it is important to uninstall combofix. I have learned recently that, as it is important to disable Anti virus and firewall programs when installing combofix, it is important to make sure that they are disabled in the uninstall process as well. As I am sure you know that when you reboot some of these programs return.
In this problem I had not checked to make sure that "unhide system files" was selected though I thought I had done that a long time ago as it turns out it had not been done.
This time as I did what you instructed me to do when I stopped my firewall and antivirus program I checked to see if they where still running in process and the Comodo firewall was still listed as a running process, even though the icon had been removed from the lower right had corner of my screen by my selecting exit from it's drop down menue, so I selected "Kill this Process". I don't know if eather of these are a reason for a change but they are a difference from what I had done before.
Marshall
Marshall
-
I went to services and I see that the services that I noted before have been removed, namely
@%SystemRoot%\system32\iphlpsvc.dll,-200 @%SystemRoot%\system32\iphlpsvc.dll,-201 Automatic Local System
@%SystemRoot%\system32\winhttp.dll,-100 @%SystemRoot%\system32\winhttp.dll,-101 Manual Local Service
@%SystemRoot%\System32\wscsvc.dll,-200 @%SystemRoot%\System32\wscsvc.dll,-201 Started Automatic Local System.
Should I now try again to uninstall combofix?
Thank you very much for your help
Marshall
-
Thank you again for your help!
here is the log file created by combofix
=======================
ComboFix 12-06-19.01 - mwda 06/19/2012 12:53:02.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1522 [GMT -5:00]
Running from: c:\documents and settings\mwda\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))
.
.
2012-06-19 17:37 . 2012-06-19 17:37 -------- d-----w- c:\program files\ERUNT
2012-06-11 19:49 . 2012-06-11 19:49 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-11 19:49 . 2012-06-11 19:49 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-05-22 21:53 . 2012-05-22 21:53 -------- d-----w- c:\documents and settings\mwda\Application Data\Auslogics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 19:13 . 2012-03-31 21:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-11 19:13 . 2011-08-26 02:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 13:22 . 2004-08-04 06:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-04-11 13:14 . 2004-08-04 05:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-08-04 05:17 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 20:56 . 2004-07-08 20:59 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-19 01:52 . 2011-05-07 22:21 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kalender"="c:\program files\Kalender\Kalender.exe" [2010-08-22 933888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WG111v2 Smart Wizard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^mwda^Start Menu^Programs^Startup^Locate32 Autorun.lnk]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 17:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-02-26 18:37 173592 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-02-26 18:37 141336 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-05-14 17:35 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
1999-08-04 05:00 122940 ----a-w- c:\program files\Microsoft Money\System\Money Express.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-05-14 17:38 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-02-26 18:37 142360 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-02-01 18:46 255528 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-06-14 02:00 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-05-21 19:01 17881600 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [1/18/2011 8:25 PM 14776]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/11/2011 4:34 PM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/11/2011 4:34 PM 301528]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [6/11/2010 12:49 PM 13696]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 6:37 PM 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 6:37 PM 31704]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;d:\instal\util\diag\hw32\HWiNFO32.sys [12/16/2011 10:02 PM 21624]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/11/2011 4:34 PM 19544]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [6/19/2010 7:22 PM 20968]
R2 pciinfo;pciinfo;c:\windows\system32\drivers\PCIINFO.SYS [6/20/2010 9:30 AM 2752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/8/2010 9:56 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 4:43 PM 257224]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/11/2010 12:51 PM 1684736]
S3 cpuz130;cpuz130;\??\c:\docume~1\mwda\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\mwda\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 DirectNT;DirectNT;\??\h:\back\win_e\bat\utilitis\cpu information\DIRECTNT.SYS --> h:\back\win_e\bat\utilitis\cpu information\DIRECTNT.SYS [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [3/31/2011 4:00 PM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [3/31/2011 4:00 PM 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/8/2010 9:56 PM 136176]
S3 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [1/18/2011 5:47 PM 312152]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\18.tmp --> c:\windows\system32\18.tmp [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/27/2012 11:27 AM 113120]
S3 PORTMON;PORTMON;\??\d:\installed\util\sysinternals\SysinternalsSuite\PORTMSYS.SYS --> d:\installed\util\sysinternals\SysinternalsSuite\PORTMSYS.SYS [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [8/24/2011 4:19 PM 272128]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [8/4/2004 1:56 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [3/28/2011 12:39 PM 229376]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
UPHClean REG_MULTI_SZ UPHClean
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:13]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-09 02:56]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-09 02:56]
.
2012-05-25 c:\windows\Tasks\MyDefrag v4.3.1 Daily.job
- c:\program files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2011-03-21 17:03]
.
2011-03-21 c:\windows\Tasks\MyDefrag v4.3.1 Monthly.job
- c:\program files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2011-03-21 17:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Define - c:\program files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Look Up in &Encyclopedia - c:\program files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\mwda\Application Data\Mozilla\Firefox\Profiles\93dgnwqq.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z178&form=ZGAADF&install_date=20110901&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-19 13:00
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\18.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2896)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Visioneer\OneTouch 4.0\OtService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-06-19 13:02:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-19 18:02
ComboFix2.txt 2012-06-19 00:13
ComboFix3.txt 2012-06-19 00:00
.
Pre-Run: 66,849,611,776 bytes free
Post-Run: 66,814,255,104 bytes free
.
- - End Of File - - E9C93AEFD430FA7F8DFD0187E0C9F3BE
-
Thank you for your response
I will do all you stipulate. The reason for looking at the service CryptSvc is, as I noted, that "Event viewer" indicates that this service stops unexpectedly when I start my computer with out Combofix. When I first was trying to fix the problem I went to "event viewer" and saw this error message and believed it part of the problem.
I will post the combofix log when I am done.
Marshall
-
Thank you very much for your help
It is hard to not run combofix when it works so well and of course all of your advice may well be appropriate for many people as I am sure you know however I accept your criticizem, though I have run combofix on computers with no access to the internet and that would have required a full reinstall if it had failed and it did not fail.
I uninstalled Zone Alarm a long time ago and their is only one entry in the ComboFix-quarantined-files.txt file listed bellow
===========================
2012-06-19 00:09:01 . 2012-06-19 00:09:01 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
==================================
a small note: it is my understanding that the CryptSvc service is used by virus detection and firewall programs also I see only one of these services that I believe Combofix uses in the list above
@%SystemRoot%\system32\iphlpsvc.dll,-200 @%SystemRoot%\system32\iphlpsvc.dll,-201 Automatic Local System
@%SystemRoot%\system32\winhttp.dll,-100 @%SystemRoot%\system32\winhttp.dll,-101 Manual Local Service
@%SystemRoot%\System32\wscsvc.dll,-200 @%SystemRoot%\System32\wscsvc.dll,-201 Started Automatic Local System
and their is no tdx.exe or tdx.sys file that I can find. I hope this is helpfull and not pointless.
Thank you again for your help
Marshall
-
I have WinXP SP3 professional. I use Avast and Comodo and malwarebytes when I have a problem.
I hope this is the right forum if not please let me know. I use malwarebytes and then combofix if I find a problem. This has worked many times and I have found iinnumerable problems with malwearbytes and combofix both programs deleting many files and solving many problems like browser hyjacking. I am no expert and I know that you will tell me to never use combofix but I think it a great program and have had no problems untill now. I understand that it must be run from the desktop and one must disable firewalls and virus protection giving it plenty of time to finish. This is the first problem I have ever had with combofix and it occured recently with the "12.6.12.3" version.
My computer works fine now untill I try to uninstall combofix with the "combofix /uninstall" command at the run box. When I do that and I reboot I get, in event viewer
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 6/18/2012
Time: 4:16:39 PM
User: N/A
Computer: HOME-SATA
Description:
The CryptSvc service failed to start due to the following error:
The executable program that this service is configured to run in does not
implement the service.
and my icons are all on one side and if I move them they return to one side on a reboot. I can not connect to the internet but when I try to disable the Windows connection I get an error telling me that the device can not be found. All these problems go away when I reinstall combofix.
This is my Combofix log from my reinstall of combofix.
============================
ComboFix 12-06-12.03 - mwda 06/18/2012 19:10:30.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1507 [GMT -5:00]
Running from: c:\documents and settings\mwda\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))
.
.
2012-06-11 19:49 . 2012-06-11 19:49 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-11 19:49 . 2012-06-11 19:49 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-05-22 21:53 . 2012-05-22 21:53 -------- d-----w- c:\documents and settings\mwda\Application Data\Auslogics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 19:13 . 2012-03-31 21:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-11 19:13 . 2011-08-26 02:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 13:22 . 2004-08-04 06:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-04-11 13:14 . 2004-08-04 05:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-08-04 05:17 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 20:56 . 2004-07-08 20:59 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-11 19:49 . 2011-05-07 22:21 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kalender"="c:\program files\Kalender\Kalender.exe" [2010-08-22 933888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WG111v2 Smart Wizard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^mwda^Start Menu^Programs^Startup^Locate32 Autorun.lnk]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 17:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-02-26 18:37 173592 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-02-26 18:37 141336 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-05-14 17:35 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
1999-08-04 05:00 122940 ----a-w- c:\program files\Microsoft Money\System\Money Express.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-05-14 17:38 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-02-26 18:37 142360 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-02-01 18:46 255528 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-06-14 02:00 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-05-21 19:01 17881600 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [1/18/2011 8:25 PM 14776]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/11/2011 4:34 PM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/11/2011 4:34 PM 301528]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [6/11/2010 12:49 PM 13696]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 6:37 PM 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 6:37 PM 31704]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;d:\instal\util\diag\hw32\HWiNFO32.sys [12/16/2011 10:02 PM 21624]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/11/2011 4:34 PM 19544]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [6/19/2010 7:22 PM 20968]
R2 pciinfo;pciinfo;c:\windows\system32\drivers\PCIINFO.SYS [6/20/2010 9:30 AM 2752]
S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/8/2010 9:56 PM 136176]
S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [8/4/2004 1:56 AM 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 4:43 PM 257224]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/11/2010 12:51 PM 1684736]
S3 cpuz130;cpuz130;\??\c:\docume~1\mwda\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\mwda\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 DirectNT;DirectNT;\??\h:\back\win_e\bat\utilitis\cpu information\DIRECTNT.SYS --> h:\back\win_e\bat\utilitis\cpu information\DIRECTNT.SYS [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [3/31/2011 4:00 PM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [3/31/2011 4:00 PM 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/8/2010 9:56 PM 136176]
S3 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [1/18/2011 5:47 PM 312152]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\18.tmp --> c:\windows\system32\18.tmp [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/27/2012 11:27 AM 113120]
S3 PORTMON;PORTMON;\??\d:\installed\util\sysinternals\SysinternalsSuite\PORTMSYS.SYS --> d:\installed\util\sysinternals\SysinternalsSuite\PORTMSYS.SYS [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [8/24/2011 4:19 PM 272128]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [8/4/2004 1:56 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [3/28/2011 12:39 PM 229376]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
UPHClean REG_MULTI_SZ UPHClean
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:13]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-09 02:56]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-09 02:56]
.
2012-05-25 c:\windows\Tasks\MyDefrag v4.3.1 Daily.job
- c:\program files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2011-03-21 17:03]
.
2011-03-21 c:\windows\Tasks\MyDefrag v4.3.1 Monthly.job
- c:\program files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2011-03-21 17:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Define - c:\program files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Look Up in &Encyclopedia - c:\program files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\mwda\Application Data\Mozilla\Firefox\Profiles\93dgnwqq.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z178&form=ZGAADF&install_date=20110901&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-18 19:11
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\18.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(840)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(2524)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-06-18 19:13:28
ComboFix-quarantined-files.txt 2012-06-19 00:13
ComboFix2.txt 2012-06-19 00:00
.
Pre-Run: 67,047,350,272 bytes free
Post-Run: 67,029,594,112 bytes free
.
- - End Of File - - 4B0530F5AF933F1F4A2437CB5B73CBA3
========================
I may be still infected with some sort of malware though I just updated and ran a full scan of Malwarebytes and it found nothing.
any help would be appreciated
Marshall
Win 8 problem possable
in Resolved Malware Removal Logs
Posted
Thank you very much for your response. I did as you instructed and Dr Web found nothing however this may not be fair. I was impatient and after 5 days waiting I posted at BleepingComputers and they instructed me to run 3 programs, ADWCleaner, which found and removed a program called "Conduit", then "Junkware Removal Tool", which did not find much of anything, and last "Rouge Killer", which found a trojan called "Rans.Gendarm" and removed it.
You are right though because whille my sister was waiting for me to find something she called Verizon again and they evedently where able to get the HTC program to communicate with her HTC-DNA mobel phone. It really was a problem with the software that Verizon uses to comunicate with the phone. I still do not know how Verizon could tell us that we where getting a Microsoft tech support person when we where clearly not getting that support. I also don't know how they could charge $200, almost half the price of the laptop.
I thank you for the information about prefetch which is not like my XP computer for it seems to have only one item in prefetch however it is clear that win 7 and win 8 do things a lot different when it comes to prefetch.
I am very happy with the service that Malwarebytes has offered over the years and will recomend them to anyone.
Thank you again for your help
Marshall D'Arcy