Jump to content

gulfstream2013

Members
  • Posts

    18
  • Joined

  • Last visited

Reputation

0 Neutral
  1. # AdwCleaner v2.301 - Logfile created 05/17/2013 at 07:05:23 # Updated 16/05/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Owner - CR-5858417754B2 # Boot Mode : Normal # Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner (3).exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit ***** [Registry] ***** Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\ConduitSearchScopes Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Headlight Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Key Deleted : HKCU\Software\SmartBar Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\58e8ad0e06de417 Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298573 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://www1.delta-search.com/?affID=119357&tt=gc_&babsrc=NT_ss&mntrId=38D900121756A5C2 --> hxxp://www.google.com -\\ Google Chrome v26.0.1410.64 File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences Deleted [l.2540] : urls_to_restore_on_startup = [ "hxxp://www1.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_s[...] ************************* AdwCleaner[R2].txt - [0 octets] - [17/05/2013 07:03:49] AdwCleaner[s1].txt - [2499 octets] - [17/05/2013 07:05:23] ########## EOF - C:\AdwCleaner[s1].txt - [2559 octets] ##########
  2. roguekiller report also: RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Owner [Admin rights] Mode : Scan -- Date : 05/16/2013 21:43:51 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [Faked.Drv][FILE] kmixer.sys : C:\WINDOWS\system32\drivers\kmixer.sys [-] --> FOUND ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Maxtor 4D040H2 +++++ --- User --- [MBR] ea99bc85ada8810dc3476bcd92739550 [bSP] c6ad1847dc9468896fb106c9e021542a : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 39072 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_05162013_02d2143.txt >> RKreport[1]_S_05162013_02d2143.txt
  3. <p> </p> <div>.</div> <div>UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.</div> <div>IF REQUESTED, ZIP IT UP & ATTACH IT</div> <div>.</div> <div>DDS (Ver_2012-11-20.01)</div> <div>.</div> <div>Microsoft Windows XP Home Edition</div> <div>Boot Device: \Device\HarddiskVolume1</div> <div>Install Date: 4/25/2013 8:36:31 AM</div> <div>System Uptime: 5/16/2013 2:46:25 PM (2 hours ago)</div> <div>.</div> <div>Motherboard: | | </div> <div>Processor: Intel® Pentium® 4 CPU 1.60GHz | | 1597/mhz</div> <div>.</div> <div>==== Disk Partitions =========================</div> <div>.</div> <div>A: is Removable</div> <div>C: is FIXED (NTFS) - 38 GiB total, 18.849 GiB free.</div> <div>D: is Removable</div> <div>E: is CDROM ()</div> <div>F: is CDROM ()</div> <div>G: is FIXED (NTFS) - 466 GiB total, 460.144 GiB free.</div> <div>.</div> <div>==== Disabled Device Manager Items =============</div> <div>.</div> <div>==== System Restore Points ===================</div> <div>.</div> <div>RP16: 4/26/2013 4:53:33 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161</div> <div>RP17: 4/26/2013 4:55:07 PM - Installed OpenOffice.org 3.4.1</div> <div>RP18: 4/29/2013 9:33:49 AM - System Checkpoint</div> <div>RP19: 5/1/2013 11:08:43 AM - Installed Microsoft Office Professional Edition 2003</div> <div>RP20: 5/1/2013 11:26:33 AM - Installed Compatibility Pack for the 2007 Office system</div> <div>RP21: 5/10/2013 4:00:38 PM - System Checkpoint</div> <div>RP22: 5/10/2013 4:36:39 PM - Software Distribution Service 3.0</div> <div>RP23: 5/10/2013 8:26:39 PM - Revo Uninstaller's restore point - AVG 2013</div> <div>RP24: 5/10/2013 8:31:50 PM - Removed AVG 2013</div> <div>RP25: 5/10/2013 8:34:42 PM - Removed AVG 2013</div> <div>RP26: 5/10/2013 8:40:22 PM - Revo Uninstaller's restore point - Hoolapp For Android</div> <div>RP27: 5/10/2013 8:43:17 PM - Revo Uninstaller's restore point - OpenOffice.org 3.4.1</div> <div>RP28: 5/10/2013 8:45:59 PM - Removed OpenOffice.org 3.4.1</div> <div>RP29: 5/10/2013 8:52:18 PM - Revo Uninstaller's restore point - Java 7 Update 21</div> <div>RP30: 5/10/2013 8:52:35 PM - Removed Java 7 Update 21</div> <div>RP31: 5/11/2013 12:00:31 AM - Software Distribution Service 3.0</div> <div>RP32: 5/11/2013 6:42:12 AM - Installed DirectX</div> <div>RP33: 5/11/2013 6:45:10 AM - Installed NVIDIA PhysX</div> <div>RP34: 5/11/2013 6:46:01 AM - Installed Microsoft Visual C++ 2005 Redistributable</div> <div>RP35: 5/11/2013 6:46:38 AM - Installed Steam</div> <div>RP36: 5/11/2013 7:13:04 AM - Installed DirectX</div> <div>RP37: 5/11/2013 9:43:42 AM - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106</div> <div>RP38: 5/11/2013 10:47:35 AM - Revo Uninstaller's restore point - Ship Simulator Extremes</div> <div>RP39: 5/11/2013 11:06:11 AM - Revo Uninstaller's restore point - Steam</div> <div>RP40: 5/11/2013 11:06:53 AM - Removed Steam</div> <div>RP41: 5/11/2013 4:04:53 PM - Installed hp LaserJet 1010 Series</div> <div>RP42: 5/11/2013 5:36:03 PM - Software Distribution Service 3.0</div> <div>RP43: 5/11/2013 6:28:51 PM - Software Distribution Service 3.0</div> <div>RP44: 5/11/2013 7:11:58 PM - Revo Uninstaller's restore point - SweetIM for Messenger 3.7</div> <div>RP45: 5/11/2013 7:32:42 PM - Revo Uninstaller's restore point - SweetIM for Messenger 3.7</div> <div>RP46: 5/11/2013 7:32:56 PM - Removed SweetIM for Messenger 3.7</div> <div>RP47: 5/11/2013 7:35:18 PM - Revo Uninstaller's restore point - SweetIM Bundle by SweetPacks</div> <div>RP48: 5/11/2013 7:36:52 PM - Revo Uninstaller's restore point - Sim Aquarium 3</div> <div>RP49: 5/11/2013 9:39:43 PM - Revo Uninstaller's restore point - Search Protect by conduit</div> <div>RP50: 5/11/2013 9:41:11 PM - Revo Uninstaller's restore point - MixiDJ V37 Toolbar</div> <div>RP51: 5/12/2013 12:45:28 AM - Software Distribution Service 3.0</div> <div>RP52: 5/12/2013 7:34:37 AM - Revo Uninstaller's restore point - Delta Chrome Toolbar</div> <div>RP53: 5/12/2013 7:36:15 AM - Revo Uninstaller's restore point - Delta toolbar </div> <div>RP54: 5/12/2013 7:38:41 AM - Revo Uninstaller's restore point - MiPony 2.0.2</div> <div>RP55: 5/12/2013 7:39:31 AM - Revo Uninstaller's restore point - Mipony Download Manager Packages</div> <div>RP56: 5/12/2013 7:40:46 AM - Revo Uninstaller's restore point - Update for Mipony Download Manager</div> <div>RP57: 5/12/2013 8:57:42 AM - Software Distribution Service 3.0</div> <div>RP58: 5/12/2013 3:56:43 PM - Software Distribution Service 3.0</div> <div>RP59: 5/12/2013 11:20:03 PM - Revo Uninstaller's restore point - 3Planesoft Screensaver Manager 1.4</div> <div>RP60: 5/12/2013 11:22:48 PM - Revo Uninstaller's restore point - Fireplace 3D Screensaver 1.0</div> <div>RP61: 5/12/2013 11:24:05 PM - Revo Uninstaller's restore point - Free Fire Screensaver</div> <div>RP62: 5/12/2013 11:25:01 PM - Revo Uninstaller's restore point - GameFly</div> <div>RP63: 5/12/2013 11:26:29 PM - Revo Uninstaller's restore point - Nature 3D Screensaver 1.1</div> <div>RP64: 5/13/2013 12:56:38 AM - Software Distribution Service 3.0</div> <div>RP65: 5/13/2013 3:13:30 PM - Installed HiJackThis</div> <div>RP66: 5/13/2013 8:33:20 PM - Installed SpyHunter</div> <div>RP67: 5/13/2013 9:53:27 PM - Revo Uninstaller's restore point - SpyHunter</div> <div>RP68: 5/13/2013 9:54:08 PM - Removed SpyHunter</div> <div>RP69: 5/14/2013 1:00:50 AM - Software Distribution Service 3.0</div> <div>RP70: 5/14/2013 10:04:54 PM - Unsigned driver install</div> <div>RP71: 5/14/2013 11:03:30 PM - Software Distribution Service 3.0</div> <div>RP72: 5/15/2013 10:45:02 PM - Software Distribution Service 3.0</div> <div>RP73: 5/16/2013 12:00:42 AM - Software Distribution Service 3.0</div> <div>RP74: 5/16/2013 7:08:49 AM - Revo Uninstaller's restore point - Microsoft Age of Empires II: The Conquerors Expansion</div> <div>RP75: 5/16/2013 7:10:25 AM - Revo Uninstaller's restore point - Microsoft Age of Empires II</div> <div>RP76: 5/16/2013 2:54:51 PM - Revo Uninstaller's restore point - FileASSASSIN</div> <div>.</div> <div>==== Installed Programs ======================</div> <div>.</div> <div>AD Blocker</div> <div>Adobe Flash Player 11 ActiveX</div> <div>Adobe Reader XI (11.0.02)</div> <div>Adobe Shockwave Player 12.0</div> <div>Amazon Cloud Player</div> <div>Amazon MP3 Downloader 1.0.18</div> <div>Anvi Smart Defender 1.8</div> <div>Apple Application Support</div> <div>Apple Mobile Device Support</div> <div>Apple Software Update</div> <div>Bonjour</div> <div>Bus Driver 1.5</div> <div>CCleaner</div> <div>Compatibility Pack for the 2007 Office system</div> <div>Defraggler</div> <div>Dream Aquarium</div> <div>Google Chrome</div> <div>Google Update Helper</div> <div>HiJackThis</div> <div>Hotfix for Windows Media Format 11 SDK (KB929399)</div> <div>Hotfix for Windows Media Player 11 (KB939683)</div> <div>Hotfix for Windows XP (KB2779562)</div> <div>Hotfix for Windows XP (KB952287)</div> <div>hp LaserJet 1010 Series</div> <div>iTunes</div> <div>Malwarebytes Anti-Malware version 1.75.0.1300</div> <div>Microsoft .NET Framework 4 Client Profile</div> <div>Microsoft .NET Framework 4 Extended</div> <div>Microsoft Age of Empires II</div> <div>Microsoft Age of Empires II: The Conquerors Expansion</div> <div>Microsoft Application Error Reporting</div> <div>Microsoft Compression Client Pack 1.0 for Windows XP</div> <div>Microsoft Office File Validation Add-In</div> <div>Microsoft Office Professional Edition 2003</div> <div>Microsoft Security Client</div> <div>Microsoft Security Essentials</div> <div>Microsoft Train Simulator</div> <div>Microsoft User-Mode Driver Framework Feature Pack 1.0</div> <div>Microsoft Visual C++ 2005 Redistributable</div> <div>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161</div> <div>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219</div> <div>Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106</div> <div>Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106</div> <div>Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106</div> <div>NVIDIA PhysX</div> <div>QuickTime</div> <div>Revo Uninstaller 1.94</div> <div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)</div> <div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)</div> <div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)</div> <div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)</div> <div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)</div> <div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)</div> <div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)</div> <div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)</div> <div>Security Update for Microsoft .NET Framework 4 Extended (KB2487367)</div> <div>Security Update for Microsoft .NET Framework 4 Extended (KB2656351)</div> <div>Security Update for Microsoft .NET Framework 4 Extended (KB2736428)</div> <div>Security Update for Microsoft .NET Framework 4 Extended (KB2742595)</div> <div>Security Update for Microsoft Windows (KB2564958)</div> <div>Security Update for Windows Internet Explorer 8 (KB2510531)</div> <div>Security Update for Windows Internet Explorer 8 (KB2618444)</div> <div>Security Update for Windows Internet Explorer 8 (KB2744842)</div> <div>Security Update for Windows Internet Explorer 8 (KB2817183)</div> <div>Security Update for Windows Internet Explorer 8 (KB2829530)</div> <div>Security Update for Windows Internet Explorer 8 (KB2847204)</div> <div>Security Update for Windows Internet Explorer 8 (KB982381)</div> <div>Security Update for Windows Media Player (KB2378111)</div> <div>Security Update for Windows Media Player (KB952069)</div> <div>Security Update for Windows Media Player (KB954155)</div> <div>Security Update for Windows Media Player (KB973540)</div> <div>Security Update for Windows Media Player (KB975558)</div> <div>Security Update for Windows Media Player (KB978695)</div> <div>Security Update for Windows Media Player 11 (KB954154)</div> <div>Security Update for Windows XP (KB2115168)</div> <div>Security Update for Windows XP (KB2229593)</div> <div>Security Update for Windows XP (KB2296011)</div> <div>Security Update for Windows XP (KB2347290)</div> <div>Security Update for Windows XP (KB2360937)</div> <div>Security Update for Windows XP (KB2387149)</div> <div>Security Update for Windows XP (KB2393802)</div> <div>Security Update for Windows XP (KB2419632)</div> <div>Security Update for Windows XP (KB2423089)</div> <div>Security Update for Windows XP (KB2440591)</div> <div>Security Update for Windows XP (KB2443105)</div> <div>Security Update for Windows XP (KB2478960)</div> <div>Security Update for Windows XP (KB2478971)</div> <div>Security Update for Windows XP (KB2479943)</div> <div>Security Update for Windows XP (KB2481109)</div> <div>Security Update for Windows XP (KB2483185)</div> <div>Security Update for Windows XP (KB2485663)</div> <div>Security Update for Windows XP (KB2506212)</div> <div>Security Update for Windows XP (KB2507938)</div> <div>Security Update for Windows XP (KB2508429)</div> <div>Security Update for Windows XP (KB2509553)</div> <div>Security Update for Windows XP (KB2510581)</div> <div>Security Update for Windows XP (KB2535512)</div> <div>Security Update for Windows XP (KB2536276-v2)</div> <div>Security Update for Windows XP (KB2544893-v2)</div> <div>Security Update for Windows XP (KB2566454)</div> <div>Security Update for Windows XP (KB2570947)</div> <div>Security Update for Windows XP (KB2584146)</div> <div>Security Update for Windows XP (KB2585542)</div> <div>Security Update for Windows XP (KB2592799)</div> <div>Security Update for Windows XP (KB2598479)</div> <div>Security Update for Windows XP (KB2603381)</div> <div>Security Update for Windows XP (KB2618451)</div> <div>Security Update for Windows XP (KB2619339)</div> <div>Security Update for Windows XP (KB2620712)</div> <div>Security Update for Windows XP (KB2624667)</div> <div>Security Update for Windows XP (KB2631813)</div> <div>Security Update for Windows XP (KB2653956)</div> <div>Security Update for Windows XP (KB2655992)</div> <div>Security Update for Windows XP (KB2659262)</div> <div>Security Update for Windows XP (KB2661637)</div> <div>Security Update for Windows XP (KB2676562)</div> <div>Security Update for Windows XP (KB2686509)</div> <div>Security Update for Windows XP (KB2691442)</div> <div>Security Update for Windows XP (KB2698365)</div> <div>Security Update for Windows XP (KB2705219-v2)</div> <div>Security Update for Windows XP (KB2712808)</div> <div>Security Update for Windows XP (KB2719985)</div> <div>Security Update for Windows XP (KB2723135-v2)</div> <div>Security Update for Windows XP (KB2727528)</div> <div>Security Update for Windows XP (KB2753842-v2)</div> <div>Security Update for Windows XP (KB2757638)</div> <div>Security Update for Windows XP (KB2758857)</div> <div>Security Update for Windows XP (KB2770660)</div> <div>Security Update for Windows XP (KB2780091)</div> <div>Security Update for Windows XP (KB2802968)</div> <div>Security Update for Windows XP (KB2807986)</div> <div>Security Update for Windows XP (KB2808735)</div> <div>Security Update for Windows XP (KB2813170)</div> <div>Security Update for Windows XP (KB2813345)</div> <div>Security Update for Windows XP (KB2817183)</div> <div>Security Update for Windows XP (KB2820197)</div> <div>Security Update for Windows XP (KB2820917)</div> <div>Security Update for Windows XP (KB2829361)</div> <div>Security Update for Windows XP (KB923561)</div> <div>Security Update for Windows XP (KB923789)</div> <div>Security Update for Windows XP (KB941569)</div> <div>Security Update for Windows XP (KB946648)</div> <div>Security Update for Windows XP (KB950762)</div> <div>Security Update for Windows XP (KB950974)</div> <div>Security Update for Windows XP (KB951376-v2)</div> <div>Security Update for Windows XP (KB952004)</div> <div>Security Update for Windows XP (KB952954)</div> <div>Security Update for Windows XP (KB956572)</div> <div>Security Update for Windows XP (KB956802)</div> <div>Security Update for Windows XP (KB956844)</div> <div>Security Update for Windows XP (KB959426)</div> <div>Security Update for Windows XP (KB960803)</div> <div>Security Update for Windows XP (KB960859)</div> <div>Security Update for Windows XP (KB969059)</div> <div>Security Update for Windows XP (KB970430)</div> <div>Security Update for Windows XP (KB971657)</div> <div>Security Update for Windows XP (KB972270)</div> <div>Security Update for Windows XP (KB973507)</div> <div>Security Update for Windows XP (KB973869)</div> <div>Security Update for Windows XP (KB973904)</div> <div>Security Update for Windows XP (KB974112)</div> <div>Security Update for Windows XP (KB974318)</div> <div>Security Update for Windows XP (KB974392)</div> <div>Security Update for Windows XP (KB974571)</div> <div>Security Update for Windows XP (KB975025)</div> <div>Security Update for Windows XP (KB975467)</div> <div>Security Update for Windows XP (KB975560)</div> <div>Security Update for Windows XP (KB975713)</div> <div>Security Update for Windows XP (KB977816)</div> <div>Security Update for Windows XP (KB977914)</div> <div>Security Update for Windows XP (KB978338)</div> <div>Security Update for Windows XP (KB978542)</div> <div>Security Update for Windows XP (KB978706)</div> <div>Security Update for Windows XP (KB979309)</div> <div>Security Update for Windows XP (KB979482)</div> <div>Security Update for Windows XP (KB979687)</div> <div>Security Update for Windows XP (KB981322)</div> <div>Security Update for Windows XP (KB981997)</div> <div>Security Update for Windows XP (KB982132)</div> <div>Security Update for Windows XP (KB982665)</div> <div>SimCity 4 Deluxe</div> <div>Spybot - Search & Destroy</div> <div>swMSM</div> <div>The Weather Channel App</div> <div>The Weather Channel Desktop 6</div> <div>Update for Microsoft Windows (KB971513)</div> <div>Update for Windows Internet Explorer 8 (KB2598845)</div> <div>Update for Windows Internet Explorer 8 (KB2632503)</div> <div>Update for Windows XP (KB2345886)</div> <div>Update for Windows XP (KB2467659)</div> <div>Update for Windows XP (KB2492386)</div> <div>Update for Windows XP (KB2661254-v2)</div> <div>Update for Windows XP (KB2736233)</div> <div>Update for Windows XP (KB2749655)</div> <div>Update for Windows XP (KB898461)</div> <div>Update for Windows XP (KB951978)</div> <div>Update for Windows XP (KB968389)</div> <div>Update for Windows XP (KB971029)</div> <div>Update for Windows XP (KB973815)</div> <div>WebFldrs XP</div> <div>Windows Genuine Advantage Validation Tool (KB892130)</div> <div>Windows Internet Explorer 8</div> <div>Windows Media Format 11 runtime</div> <div>Windows Media Player 11</div> <div>Windows XP Service Pack 3</div> <div>WinPatrol</div> <div>.</div> <div>==== Event Viewer Messages From Past Week ========</div> <div>.</div> <div>5/11/2013 3:38:24 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.</div> <div>5/11/2013 3:38:24 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.</div> <div>5/10/2013 8:37:48 PM, error: System Error [1003] - Error code 1000000a, parameter1 4d42f880, parameter2 00000002, parameter3 00000000, parameter4 804d90aa.</div> <div>5/10/2013 3:14:33 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.</div> <div>.</div> <div>==== End Of File ===========================</div> <div> </div>
  4. <p> DDS (Ver_2012-11-20.01) - NTFS_x86 </p> <div>Internet Explorer: 8.0.6001.18702</div> <div>Run by Owner at 16:24:19 on 2013-05-16</div> <div>Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.380 [GMT -4:00]</div> <div>.</div> <div>AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}</div> <div>.</div> <div>============== Running Processes ================</div> <div>.</div> <div>C:\Program Files\Microsoft Security Client\MsMpEng.exe</div> <div>C:\WINDOWS\Explorer.EXE</div> <div>C:\WINDOWS\system32\spoolsv.exe</div> <div>C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe</div> <div>C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</div> <div>C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe</div> <div>C:\Program Files\Bonjour\mDNSResponder.exe</div> <div>C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe</div> <div>C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe</div> <div>C:\WINDOWS\System32\alg.exe</div> <div>C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE</div> <div>C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE</div> <div>C:\Program Files\Google\Chrome\Application\chrome.exe</div> <div>C:\Program Files\Google\Chrome\Application\chrome.exe</div> <div>C:\Program Files\Google\Chrome\Application\chrome.exe</div> <div>C:\WINDOWS\system32\wbem\wmiprvse.exe</div> <div>C:\WINDOWS\System32\svchost.exe -k netsvcs</div> <div>C:\WINDOWS\system32\svchost.exe -k NetworkService</div> <div>C:\WINDOWS\system32\svchost.exe -k LocalService</div> <div>C:\WINDOWS\system32\svchost.exe -k LocalService</div> <div>.</div> <div>============== Pseudo HJT Report ===============</div> <div>.</div> <div>uStart Page = hxxp://www.claresworld.us/</div> <div>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll</div> <div>BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll</div> <div>uPolicies-Explorer: NoDriveTypeAutoRun = dword:145</div> <div>mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1</div> <div>mPolicies-Explorer: NoDriveTypeAutoRun = dword:145</div> <div>IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}</div> <div>IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll</div> <div>IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe</div> <div>IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe</div> <div>.</div> <div>INFO: HKCU has more than 50 listed domains.</div> <div>If you wish to scan all of them, select the 'Force scan all domains' option.</div> <div>.</div> <div>.</div> <div>INFO: HKLM has more than 50 listed domains.</div> <div> If you wish to scan all of them, select the 'Force scan all domains' option.</div> <div>.</div> <div>DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab</div> <div>DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1366898000867</div> <div>DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab</div> <div>TCP: NameServer = 192.168.1.1</div> <div>TCP: Interfaces\{A583220F-B9F6-4CA9-95DE-01843D0FBCEE} : DHCPNameServer = 192.168.1.1</div> <div>Notify: crypt32chain - <no file></div> <div>Notify: cryptnet - <no file></div> <div>Notify: cscdll - <no file></div> <div>Notify: dimsntfy - <no file></div> <div>Notify: ScCertProp - <no file></div> <div>Notify: Schedule - <no file></div> <div>Notify: sclgntfy - <no file></div> <div>Notify: SensLogn - <no file></div> <div>Notify: termsrv - <no file></div> <div>Notify: wlballoon - <no file></div> <div>SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll</div> <div>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome</div> <div>Hosts: 127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>www.spywareinfo.com</div> <div>.</div> <div>============= SERVICES / DRIVERS ===============</div> <div>.</div> <div>R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-5-13 13560]</div> <div>R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]</div> <div>R1 asdnet;asdnet;c:\program files\anvisoft\anvi smart defender\toolbox\adblocker\sys\x86\asdnet.sys [2013-5-13 15696]</div> <div>R1 asdrm;asdrm;c:\windows\system32\drivers\asdrm.sys [2013-5-13 16208]</div> <div>R2 ADBlockerSrv;AD Blocker Service;c:\program files\anvisoft\anvi smart defender\toolbox\adblocker\ADBlockerSrv.exe [2013-5-13 280648]</div> <div>R2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\drivers\asdrs.sys [2013-5-13 22864]</div> <div>R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\anvisoft\anvi smart defender\ASDSrv.exe [2013-3-5 739400]</div> <div>R2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\drivers\asdws.sys [2013-5-13 14160]</div> <div>R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-10 418376]</div> <div>R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-5-10 701512]</div> <div>R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-10 22856]</div> <div>S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]</div> <div>S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]</div> <div>S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-5-10 35144]</div> <div>S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]</div> <div>.</div> <div>=============== Created Last 30 ================</div> <div>.</div> <div>2013-05-16 13:02:33<span class="Apple-tab-span" style="white-space:pre"> </span>7016152<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a1f9ea85-e2ca-4618-879e-5b85d13ecdf0}\mpengine.dll</div> <div>2013-05-15 03:04:58<span class="Apple-tab-span" style="white-space:pre"> </span>7016152<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll</div> <div>2013-05-14 18:29:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\Amazon Cloud Player</div> <div>2013-05-14 15:22:06<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\Program Files</div> <div>2013-05-14 11:23:02<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Spybot - Search & Destroy</div> <div>2013-05-14 11:23:02<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\all users\application data\Spybot - Search & Destroy</div> <div>2013-05-14 02:30:31<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\Anvisoft</div> <div>2013-05-14 02:30:04<span class="Apple-tab-span" style="white-space:pre"> </span>22864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\asdrs.sys</div> <div>2013-05-14 02:30:04<span class="Apple-tab-span" style="white-space:pre"> </span>16208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\asdrm.sys</div> <div>2013-05-14 02:30:04<span class="Apple-tab-span" style="white-space:pre"> </span>14160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\asdws.sys</div> <div>2013-05-14 02:29:51<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\all users\application data\Anvisoft</div> <div>2013-05-14 02:29:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Anvisoft</div> <div>2013-05-14 02:19:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\GetRightToGo</div> <div>2013-05-14 02:13:10<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\LavasoftStatistics</div> <div>2013-05-14 02:11:39<span class="Apple-tab-span" style="white-space:pre"> </span>13560<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\gfibto.sys</div> <div>2013-05-14 02:11:38<span class="Apple-tab-span" style="white-space:pre"> </span>44424<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\sbbd.exe</div> <div>2013-05-14 02:11:35<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\Ad-Aware Antivirus</div> <div>2013-05-14 00:33:22<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Enigma Software Group</div> <div>2013-05-14 00:31:22<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\D8167CA8236B4334B77DF388F494EE18.TMP</div> <div>2013-05-13 19:13:35<span class="Apple-tab-span" style="white-space:pre"> </span>388096<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe</div> <div>2013-05-13 19:13:33<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Trend Micro</div> <div>2013-05-13 02:47:58<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Maxis</div> <div>2013-05-12 22:58:20<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\GameFly</div> <div>2013-05-12 11:22:49<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\Extensions</div> <div>2013-05-12 11:22:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\searchplugins</div> <div>2013-05-12 11:20:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\DSite</div> <div>2013-05-12 11:03:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\PCHealth</div> <div>2013-05-12 10:49:53<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Bus Driver</div> <div>2013-05-12 10:23:55<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Microsoft Games</div> <div>2013-05-12 02:48:25<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Defraggler</div> <div>2013-05-12 01:22:06<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\Conduit</div> <div>2013-05-12 01:22:05<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\Temp</div> <div>2013-05-12 01:20:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\CRE</div> <div>2013-05-11 23:46:57<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\Dream Aquarium</div> <div>2013-05-11 23:46:53<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Dream Aquarium</div> <div>2013-05-11 23:02:37<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\all users\application data\SimAquarium</div> <div>2013-05-11 23:00:02<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\The Weather Channel</div> <div>2013-05-11 22:41:29<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\The Weather Channel FW</div> <div>2013-05-11 22:41:24<span class="Apple-tab-span" style="white-space:pre"> </span>499712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msvcp71.dll</div> <div>2013-05-11 22:41:23<span class="Apple-tab-span" style="white-space:pre"> </span>348160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msvcr71.dll</div> <div>2013-05-11 22:40:30<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\The Weather Channel</div> <div>2013-05-11 20:11:46<span class="Apple-tab-span" style="white-space:pre"> </span>45056<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\NCUNINST.EXE</div> <div>2013-05-11 20:08:41<span class="Apple-tab-span" style="white-space:pre"> </span>12928<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\dot4prt.sys</div> <div>2013-05-11 20:08:41<span class="Apple-tab-span" style="white-space:pre"> </span>12928<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\Dot4Prt.sys</div> <div>2013-05-11 20:08:31<span class="Apple-tab-span" style="white-space:pre"> </span>206976<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\dot4.sys</div> <div>2013-05-11 20:08:31<span class="Apple-tab-span" style="white-space:pre"> </span>206976<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\Dot4.sys</div> <div>2013-05-11 20:08:28<span class="Apple-tab-span" style="white-space:pre"> </span>23808<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\dot4usb.sys</div> <div>2013-05-11 20:08:28<span class="Apple-tab-span" style="white-space:pre"> </span>23808<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\Dot4usb.sys</div> <div>2013-05-11 20:02:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\common files\SWF Studio</div> <div>2013-05-11 18:36:10<span class="Apple-tab-span" style="white-space:pre"> </span>60032<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\usbaudio.sys</div> <div>2013-05-11 18:36:10<span class="Apple-tab-span" style="white-space:pre"> </span>60032<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\USBAUDIO.sys</div> <div>2013-05-11 15:25:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\lj1010seriesprintsys</div> <div>2013-05-11 13:43:42<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\all users\application data\Package Cache</div> <div>2013-05-11 13:14:06<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\Quest3D</div> <div>2013-05-11 13:14:02<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\Roaming</div> <div>2013-05-11 10:48:13<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\dumps</div> <div>2013-05-11 10:45:11<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\NVIDIA Corporation</div> <div>2013-05-11 10:43:55<span class="Apple-tab-span" style="white-space:pre"> </span>443752<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\d3dx10_33.dll</div> <div>2013-05-11 10:42:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\Logs</div> <div>2013-05-11 10:38:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Application Data</div> <div>2013-05-11 01:38:17<span class="Apple-tab-span" style="white-space:pre"> </span>35144<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbamchameleon.sys</div> <div>2013-05-11 01:37:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d--h--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\PIF</div> <div>2013-05-11 01:16:57<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\Malwarebytes</div> <div>2013-05-11 01:15:51<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\all users\application data\Malwarebytes</div> <div>2013-05-11 01:15:45<span class="Apple-tab-span" style="white-space:pre"> </span>22856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div> <div>2013-05-11 01:15:45<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Malwarebytes' Anti-Malware</div> <div>2013-05-11 01:02:56<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\WinPatrol</div> <div>2013-05-11 01:02:31<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\BillP Studios</div> <div>2013-05-11 01:02:31<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\all users\application data\InstallMate</div> <div>2013-05-11 00:34:19<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\Avg2013</div> <div>2013-05-11 00:10:46<span class="Apple-tab-span" style="white-space:pre"> </span>214256<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\muweb.dll</div> <div>2013-05-11 00:10:44<span class="Apple-tab-span" style="white-space:pre"> </span>275696<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\mucltui.dll</div> <div>2013-05-11 00:10:44<span class="Apple-tab-span" style="white-space:pre"> </span>17136<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\mucltui.dll.mui</div> <div>2013-05-10 20:44:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\VS Revo Group</div> <div>2013-05-10 20:36:40<span class="Apple-tab-span" style="white-space:pre"> </span>238872<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MpSigStub.exe</div> <div>2013-05-10 20:23:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Microsoft Security Client</div> <div>2013-05-10 20:18:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\HoolappForAndroid</div> <div>2013-05-10 19:24:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\OpenOffice.org</div> <div>2013-05-10 19:14:43<span class="Apple-tab-span" style="white-space:pre"> </span>21504<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\hidserv.dll</div> <div>2013-05-10 19:14:43<span class="Apple-tab-span" style="white-space:pre"> </span>21504<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\hidserv.dll</div> <div>2013-05-10 19:13:46<span class="Apple-tab-span" style="white-space:pre"> </span>26368<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\usbstor.sys</div> <div>2013-05-10 19:13:37<span class="Apple-tab-span" style="white-space:pre"> </span>32128<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\usbccgp.sys</div> <div>2013-05-10 19:13:37<span class="Apple-tab-span" style="white-space:pre"> </span>32128<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\usbccgp.sys</div> <div>2013-05-01 15:26:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\MSECache</div> <div>2013-05-01 15:15:29<span class="Apple-tab-span" style="white-space:pre"> </span>28552<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll</div> <div>2013-05-01 15:15:29<span class="Apple-tab-span" style="white-space:pre"> </span>28040<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\mdimon.dll</div> <div>2013-05-01 15:10:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SHELLNEW</div> <div>2013-05-01 15:10:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Microsoft ActiveSync</div> <div>2013-05-01 15:00:53<span class="Apple-tab-span" style="white-space:pre"> </span>14592<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\kbdhid.sys</div> <div>2013-05-01 15:00:53<span class="Apple-tab-span" style="white-space:pre"> </span>14592<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\kbdhid.sys</div> <div>2013-05-01 15:00:27<span class="Apple-tab-span" style="white-space:pre"> </span>12160<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\mouhid.sys</div> <div>2013-05-01 15:00:27<span class="Apple-tab-span" style="white-space:pre"> </span>12160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mouhid.sys</div> <div>2013-05-01 15:00:14<span class="Apple-tab-span" style="white-space:pre"> </span>10368<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\hidusb.sys</div> <div>2013-05-01 15:00:14<span class="Apple-tab-span" style="white-space:pre"> </span>10368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\hidusb.sys</div> <div>2013-04-29 14:04:57<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-sh--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\IECompatCache</div> <div>2013-04-29 13:39:19<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\CCleaner</div> <div>2013-04-26 14:33:58<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Windows Media Connect 2</div> <div>2013-04-26 14:31:32<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\LogFiles</div> <div>2013-04-26 14:27:41<span class="Apple-tab-span" style="white-space:pre"> </span>221184<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wmpns.dll</div> <div>2013-04-26 13:22:06<span class="Apple-tab-span" style="white-space:pre"> </span>159744<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\internet explorer\plugins\npqtplugin7.dll</div> <div>2013-04-26 13:22:06<span class="Apple-tab-span" style="white-space:pre"> </span>159744<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\internet explorer\plugins\npqtplugin6.dll</div> <div>2013-04-26 13:22:06<span class="Apple-tab-span" style="white-space:pre"> </span>159744<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\internet explorer\plugins\npqtplugin5.dll</div> <div>2013-04-26 13:22:06<span class="Apple-tab-span" style="white-space:pre"> </span>159744<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\internet explorer\plugins\npqtplugin4.dll</div> <div>2013-04-26 13:22:06<span class="Apple-tab-span" style="white-space:pre"> </span>159744<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\internet explorer\plugins\npqtplugin3.dll</div> <div>2013-04-26 13:22:06<span class="Apple-tab-span" style="white-space:pre"> </span>159744<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\internet explorer\plugins\npqtplugin2.dll</div> <div>2013-04-26 13:22:06<span class="Apple-tab-span" style="white-space:pre"> </span>159744<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\internet explorer\plugins\npqtplugin.dll</div> <div>2013-04-25 18:22:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\Apple Computer</div> <div>2013-04-25 18:22:08<span class="Apple-tab-span" style="white-space:pre"> </span>26840<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\GEARAspiWDM.sys</div> <div>2013-04-25 18:20:59<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\iPod</div> <div>2013-04-25 18:20:54<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\iTunes</div> <div>2013-04-25 18:20:54<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1</div> <div>2013-04-25 18:18:51<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\Apple</div> <div>2013-04-25 18:18:14<span class="Apple-tab-span" style="white-space:pre"> </span>6112864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\usbaaplrc.dll</div> <div>2013-04-25 18:18:14<span class="Apple-tab-span" style="white-space:pre"> </span>45056<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\usbaapl.sys</div> <div>2013-04-25 18:17:20<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Bonjour</div> <div>2013-04-25 18:01:25<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\Google</div> <div>2013-04-25 18:00:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\Sun</div> <div>2013-04-25 17:55:56<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\Adobe</div> <div>2013-04-25 17:53:08<span class="Apple-tab-span" style="white-space:pre"> </span>788896<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\deployJava1.dll</div> <div>2013-04-25 17:53:07<span class="Apple-tab-span" style="white-space:pre"> </span>866720<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\npDeployJava1.dll</div> <div>2013-04-25 17:37:35<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\Adobe</div> <div>2013-04-25 17:21:49<span class="Apple-tab-span" style="white-space:pre"> </span>71048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerCPLApp.cpl</div> <div>2013-04-25 17:21:49<span class="Apple-tab-span" style="white-space:pre"> </span>692104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerApp.exe</div> <div>2013-04-25 16:04:49<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\TuneUp Software</div> <div>2013-04-25 15:59:39<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d--h--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\all users\application data\Common Files</div> <div>2013-04-25 15:59:39<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\MFAData</div> <div>2013-04-25 15:59:39<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\all users\application data\MFAData</div> <div>2013-04-25 15:47:53<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-sh--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\PrivacIE</div> <div>2013-04-25 15:39:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-sh--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\IETldCache</div> <div>2013-04-25 15:26:19<span class="Apple-tab-span" style="white-space:pre"> </span>522240<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\jsdbgui.dll</div> <div>2013-04-25 15:25:34<span class="Apple-tab-span" style="white-space:pre"> </span>6144<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\iecompat.dll</div> <div>2013-04-25 15:25:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\ie8updates</div> <div>2013-04-25 15:24:54<span class="Apple-tab-span" style="white-space:pre"> </span>743424<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\iedvtool.dll</div> <div>2013-04-25 15:24:54<span class="Apple-tab-span" style="white-space:pre"> </span>630272<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\msfeeds.dll</div> <div>2013-04-25 15:24:54<span class="Apple-tab-span" style="white-space:pre"> </span>55296<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\msfeedsbs.dll</div> <div>2013-04-25 15:24:54<span class="Apple-tab-span" style="white-space:pre"> </span>247808<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\ieproxy.dll</div> <div>2013-04-25 15:24:54<span class="Apple-tab-span" style="white-space:pre"> </span>2005504<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\iertutil.dll</div> <div>2013-04-25 15:24:54<span class="Apple-tab-span" style="white-space:pre"> </span>12800<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\xpshims.dll</div> <div>2013-04-25 15:24:54<span class="Apple-tab-span" style="white-space:pre"> </span>11112960<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\ieframe.dll</div> <div>2013-04-25 15:23:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>dc-h--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\ie8</div> <div>2013-04-25 15:05:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\nview</div> <div>2013-04-25 15:03:29<span class="Apple-tab-span" style="white-space:pre"> </span>12928<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\usb8023.sys</div> <div>2013-04-25 15:03:28<span class="Apple-tab-span" style="white-space:pre"> </span>12928<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\usb8023x.sys</div> <div>2013-04-25 15:02:41<span class="Apple-tab-span" style="white-space:pre"> </span>290560<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\atmfd.dll</div> <div>2013-04-25 15:01:39<span class="Apple-tab-span" style="white-space:pre"> </span>139784<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\rdpwd.sys</div> <div>2013-04-25 14:59:10<span class="Apple-tab-span" style="white-space:pre"> </span>3072<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\iacenc.dll</div> <div>2013-04-25 14:56:41<span class="Apple-tab-span" style="white-space:pre"> </span>456320<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\mrxsmb.sys</div> <div>2013-04-25 14:56:36<span class="Apple-tab-span" style="white-space:pre"> </span>10496<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\ndistapi.sys</div> <div>2013-04-25 14:56:18<span class="Apple-tab-span" style="white-space:pre"> </span>105472<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\mup.sys</div> <div>2013-04-25 14:56:13<span class="Apple-tab-span" style="white-space:pre"> </span>471552<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\aclayers.dll</div> <div>2013-04-25 14:53:23<span class="Apple-tab-span" style="white-space:pre"> </span>40960<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\ndproxy.sys</div> <div>2013-04-25 14:53:07<span class="Apple-tab-span" style="white-space:pre"> </span>45568<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\wab.exe</div> <div>2013-04-25 14:53:02<span class="Apple-tab-span" style="white-space:pre"> </span>590848<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\rpcrt4.dll</div> <div>2013-04-25 14:52:44<span class="Apple-tab-span" style="white-space:pre"> </span>978944<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\mfc42.dll</div> <div>2013-04-25 14:52:44<span class="Apple-tab-span" style="white-space:pre"> </span>953856<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\mfc40u.dll</div> <div>2013-04-25 14:52:25<span class="Apple-tab-span" style="white-space:pre"> </span>617472<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\comctl32.dll</div> <div>2013-04-25 14:51:36<span class="Apple-tab-span" style="white-space:pre"> </span>3558912<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\moviemk.exe</div> <div>2013-04-25 14:51:05<span class="Apple-tab-span" style="white-space:pre"> </span>744448<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\helpsvc.exe</div> <div>2013-04-25 14:48:36<span class="Apple-tab-span" style="white-space:pre"> </span>81920<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\fontsub.dll</div> <div>2013-04-25 14:48:36<span class="Apple-tab-span" style="white-space:pre"> </span>119808<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\t2embed.dll</div> <div>2013-04-25 14:46:29<span class="Apple-tab-span" style="white-space:pre"> </span>153088<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\triedit.dll</div> <div>2013-04-25 14:43:15<span class="Apple-tab-span" style="white-space:pre"> </span>272128<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\bthport.sys</div> <div>2013-04-25 14:43:10<span class="Apple-tab-span" style="white-space:pre"> </span>203136<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\rmcast.sys</div> <div>2013-04-25 14:05:57<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\PreInstall</div> <div>2013-04-25 13:58:03<span class="Apple-tab-span" style="white-space:pre"> </span>22040<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wucltui.dll.mui</div> <div>2013-04-25 13:58:02<span class="Apple-tab-span" style="white-space:pre"> </span>17944<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuaueng.dll.mui</div> <div>2013-04-25 13:58:02<span class="Apple-tab-span" style="white-space:pre"> </span>15384<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuaucpl.cpl.mui</div> <div>2013-04-25 13:58:02<span class="Apple-tab-span" style="white-space:pre"> </span>15384<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuapi.dll.mui</div> <div>2013-04-25 13:58:02<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\SoftwareDistribution</div> <div>2013-04-25 13:40:25<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\ServicePackFiles</div> <div>2013-04-25 13:40:12<span class="Apple-tab-span" style="white-space:pre"> </span>294912<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\windows media player\dlimport.exe</div> <div>2013-04-25 13:40:07<span class="Apple-tab-span" style="white-space:pre"> </span>294912<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\dlimport.exe</div> <div>2013-04-25 13:35:40<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ReinstallBackups</div> <div>2013-04-25 13:35:23<span class="Apple-tab-span" style="white-space:pre"> </span>26144<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\spupdsvc.exe</div> <div>2013-04-25 13:32:10<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\EHome</div> <div>.</div> <div>==================== Find3M ====================</div> <div>.</div> <div>2013-04-16 22:17:15<span class="Apple-tab-span" style="white-space:pre"> </span>920064<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wininet.dll</div> <div>2013-04-16 22:17:14<span class="Apple-tab-span" style="white-space:pre"> </span>43520<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\licmgr10.dll</div> <div>2013-04-16 22:17:14<span class="Apple-tab-span" style="white-space:pre"> </span>1469440<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\inetcpl.cpl</div> <div>2013-04-12 23:28:55<span class="Apple-tab-span" style="white-space:pre"> </span>385024<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\html.iec</div> <div>2013-04-10 01:31:19<span class="Apple-tab-span" style="white-space:pre"> </span>1876352<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\win32k.sys</div> <div>2013-03-08 08:36:22<span class="Apple-tab-span" style="white-space:pre"> </span>293376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\winsrv.dll</div> <div>2013-03-07 01:28:24<span class="Apple-tab-span" style="white-space:pre"> </span>2193408<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntoskrnl.exe</div> <div>2013-03-07 00:50:28<span class="Apple-tab-span" style="white-space:pre"> </span>2070016<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntkrnlpa.exe</div> <div>2013-02-27 07:56:51<span class="Apple-tab-span" style="white-space:pre"> </span>2067456<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\mstscax.dll</div> <div>2013-02-21 19:06:25<span class="Apple-tab-span" style="white-space:pre"> </span>81920<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ieencode.dll</div> <div>.</div> <div>============= FINISH: 16:26:28.47 ===============</div> <div> </div>
  5. MBAM not detecting Security Essentials not detecting Spybot S&D not detecting
  6. 10-4 Gringo. I uninstalled everything along with antivirus. I've installed the programs you recommend. I will upgrade to Paid Version MBAM. Thanks again for your expert and unexpected help. I will let you know if anything comes up. This has been an interesting learning experience. gulfstream2013
  7. Thank you for your help Gringo: C:\Documents and Settings\Clare Colthup\Application Data\Uniblue\RegistryBooster\_temp\registrybooster.exe Win32/RegistryBooster application C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1442\A0355671.exe a variant of Win32/SoftonicDownloader.E application C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1454\A0357837.dll Win32/Toolbar.MyWebSearch application
  8. Gringo: When I ran Revo Uninstaller I did uninstall Java 7 Update, but the only IE icon was IE 8, not Default Page, so I did not uninstall IE 8. Computer is running ok, but shutdown or restart hangs for a couple minutes and then finally executes. Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.19.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Clare Colthup :: CLARE [administrator] Protection: Enabled 4/19/2013 7:48:01 AM mbam-log-2013-04-19 (07-48-01).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 285779 Time elapsed: 13 minute(s), 53 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ogfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:23:28 AM, on 4/19/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe C:\Documents and Settings\Clare Colthup\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Anvi Smart Defender] C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe O4 - HKLM\..\Run: [ADBlocker] "C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe" -tray O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O23 - Service: AD Blocker Service (ADBlockerSrv) - Unknown owner - C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Anvi Smart Defender Realtime Guard Service (asdsrv) - Anvisoft - C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 5128 bytes
  9. Hello Gringo No problems running Combofix. The computer is running very well now. Browser seems to be fixed. Computer and browser speeds are good. ComboFix 13-04-18.03 - Clare Colthup 04/18/2013 19:28:31.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.983 [GMT -4:00] Running from: c:\documents and settings\Clare Colthup\Desktop\Virus Programs\ComboFix.exe Command switches used :: c:\documents and settings\Clare Colthup\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: Trend Micro Firewall Booster *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2013-03-18 to 2013-04-18 ))))))))))))))))))))))))))))))) . . 2013-04-18 19:21 . 2013-04-18 19:21 -------- dc----w- C:\_OTL 2013-04-16 23:37 . 2013-04-16 23:37 -------- dc----w- c:\program files\Common Files\Java 2013-04-16 23:32 . 2013-04-16 23:31 144896 -c--a-w- c:\windows\system32\javacpl.cpl 2013-04-16 23:32 . 2013-04-16 23:32 94112 -c--a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-04-16 11:28 . 2013-04-16 11:28 -------- dc----w- c:\documents and settings\Clare Colthup\Application Data\Anvisoft 2013-04-16 11:25 . 2012-11-07 07:16 22864 -c--a-w- c:\windows\system32\drivers\asdrs.sys 2013-04-16 11:25 . 2012-11-07 07:16 14160 -c--a-w- c:\windows\system32\drivers\asdws.sys 2013-04-16 11:25 . 2012-11-07 07:16 16208 -c--a-w- c:\windows\system32\drivers\asdrm.sys 2013-04-16 11:25 . 2013-04-16 11:25 -------- dc----w- c:\documents and settings\All Users\Application Data\Anvisoft 2013-04-16 11:25 . 2013-04-16 11:25 -------- dc----w- c:\program files\Anvisoft 2013-04-14 22:21 . 2013-04-14 22:21 -------- dc----w- c:\documents and settings\Clare Colthup\Application Data\Xilisoft 2013-04-14 21:13 . 2013-04-14 21:13 -------- dc----w- c:\documents and settings\Clare Colthup\Local Settings\Application Data\CRE 2013-04-14 20:46 . 2013-04-14 20:46 -------- dc----w- C:\Multimedia Files 2013-04-14 20:45 . 2013-04-14 20:46 -------- dc----w- c:\program files\Microsoft Image Composer 2013-04-14 17:51 . 2013-04-14 17:51 -------- dc----w- c:\documents and settings\Clare Colthup\Local Settings\Application Data\IAC 2013-04-14 16:20 . 2012-08-21 17:01 26840 -c--a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2013-04-14 16:19 . 2013-04-14 16:19 -------- dc----w- c:\program files\iPod 2013-04-13 18:55 . 2013-04-13 18:57 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple 2013-04-13 18:14 . 2013-04-13 18:14 -------- dc----w- c:\documents and settings\All Users\Application Data\NCH Software 2013-04-13 18:14 . 2013-04-13 18:18 -------- dc----w- c:\program files\NCH Software 2013-04-13 18:14 . 2013-04-13 18:14 -------- dc----w- c:\documents and settings\Clare Colthup\Application Data\NCH Software 2013-04-12 19:20 . 2013-04-12 19:20 -------- dc----w- c:\documents and settings\Clare Colthup\Application Data\Microsoft Web Folders 2013-04-11 11:57 . 2013-04-14 16:40 -------- dc----w- c:\program files\Microsoft Games 2013-04-10 14:41 . 2013-04-10 14:58 -------- dc----w- c:\documents and settings\Clare Colthup\Application Data\FixCleaner 2013-03-29 15:55 . 2013-03-29 15:55 -------- dc----w- c:\documents and settings\Clare Colthup\Application Data\1&1 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-16 23:31 . 2012-12-17 19:42 866720 -c--a-w- c:\windows\system32\npDeployJava1.dll 2013-04-16 23:31 . 2012-12-17 19:42 788896 -c--a-w- c:\windows\system32\deployJava1.dll 2013-04-11 20:59 . 2012-12-17 19:45 691592 -c--a-w- c:\windows\system32\FlashPlayerApp.exe 2013-04-11 20:59 . 2011-08-04 21:45 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-04 18:50 . 2012-12-14 15:28 22856 -c--a-w- c:\windows\system32\drivers\mbam.sys 2013-03-08 08:36 . 2002-08-29 11:00 293376 -c--a-w- c:\windows\system32\winsrv.dll 2013-03-07 01:28 . 1980-01-01 06:00 2193408 -c--a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 00:50 . 1980-01-01 06:00 2070016 -c--a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-06 22:33 . 2013-03-18 15:52 164736 -c--a-w- c:\windows\system32\drivers\aswVmm.sys 2013-03-06 22:33 . 2013-03-18 15:52 49248 -c--a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-03-06 22:33 . 2012-06-06 22:18 368176 -c--a-w- c:\windows\system32\drivers\aswSP.sys 2013-03-06 22:33 . 2012-06-06 22:18 62376 -c--a-w- c:\windows\system32\drivers\aswTdi.sys 2013-03-06 22:33 . 2012-06-06 22:18 49760 -c--a-w- c:\windows\system32\drivers\aswRdr.sys 2013-03-06 22:33 . 2012-06-06 22:18 765736 -c--a-w- c:\windows\system32\drivers\aswSnx.sys 2013-03-06 22:33 . 2013-03-18 15:52 66336 -c--a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-03-06 22:33 . 2012-06-06 22:18 29816 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-03-06 22:32 . 2012-06-06 22:17 41664 -c--a-w- c:\windows\avastSS.scr 2013-03-06 22:32 . 2012-06-06 22:17 228600 -c--a-w- c:\windows\system32\aswBoot.exe 2013-03-02 02:06 . 2004-08-24 01:32 916480 -c--a-w- c:\windows\system32\wininet.dll 2013-03-02 02:06 . 2002-08-29 11:00 43520 -c----w- c:\windows\system32\licmgr10.dll 2013-03-02 02:06 . 2002-08-29 11:00 1469440 -c----w- c:\windows\system32\inetcpl.cpl 2013-03-02 01:25 . 2002-08-29 11:00 1867264 -c--a-w- c:\windows\system32\win32k.sys 2013-03-02 01:08 . 2004-08-04 05:59 385024 -c----w- c:\windows\system32\html.iec 2013-02-27 07:56 . 2002-08-29 11:00 2067456 -c--a-w- c:\windows\system32\mstscax.dll 2013-02-12 00:32 . 2004-08-04 06:04 12928 -c----w- c:\windows\system32\drivers\usb8023x.sys 2013-02-12 00:32 . 2002-08-29 11:00 12928 -c--a-w- c:\windows\system32\drivers\usb8023.sys 2013-01-26 03:55 . 2002-08-29 11:00 552448 -c--a-w- c:\windows\system32\oleaut32.dll 2013-01-15 09:27 . 2013-01-15 09:27 2174976 -c--a-w- c:\program files\Common Files\atimpenc.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-03-06 22:32 121968 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-24 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416] "StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392] "ADBlocker"="c:\program files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe" [2012-12-21 979816] "Anvi Smart Defender"="c:\program files\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-12-21 1434984] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2012-12-19 18:37 92072 -c--a-w- c:\windows\SYSTEM32\LMIinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-01-24 02:30 68856 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup] 2003-03-31 23:28 155648 -c--a-w- c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "ose"=3 (0x3) "LVPrcSrv"=2 (0x2) "IDriverT"=3 (0x3) "gusvc"=3 (0x3) "gupdatem"=3 (0x3) "gupdate"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 aswRvrt;aswRvrt;c:\windows\SYSTEM32\DRIVERS\aswRvrt.sys [3/18/2013 11:52 AM 49248] R1 asdnet;asdnet;c:\program files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\x86\asdnet.sys [4/16/2013 7:25 AM 15696] R1 asdrm;asdrm;c:\windows\SYSTEM32\DRIVERS\asdrm.sys [4/16/2013 7:25 AM 16208] R1 aswKbd;aswKbd;c:\windows\SYSTEM32\DRIVERS\aswKbd.sys [10/12/2012 11:43 AM 20624] R1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.sys [6/6/2012 6:18 PM 765736] R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [6/6/2012 6:18 PM 368176] R2 ADBlockerSrv;AD Blocker Service;c:\program files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [4/16/2013 7:25 AM 279368] R2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\SYSTEM32\DRIVERS\asdrs.sys [4/16/2013 7:25 AM 22864] R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [12/20/2012 10:43 PM 735592] R2 asdws;AnviSmartDefender Web Guard;c:\windows\SYSTEM32\DRIVERS\asdws.sys [4/16/2013 7:25 AM 14160] R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [6/6/2012 6:18 PM 29816] R2 aswMonFlt;aswMonFlt;c:\windows\SYSTEM32\DRIVERS\aswMonFlt.sys [3/18/2013 11:52 AM 66336] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/29/2010 9:34 PM 374704] S0 Lbd;Lbd; [x] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/16/2011 3:10 PM 12856] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/14/2012 11:28 AM 418376] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/14/2012 11:28 AM 701512] S3 aswVmm;aswVmm;c:\windows\SYSTEM32\DRIVERS\aswVmm.sys [3/18/2013 11:52 AM 164736] S3 esgiguard;esgiguard; [x] S3 Lavasoft Kernexplorer;Lavasoft helper driver; [x] S3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [12/14/2012 11:28 AM 22856] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-19 14:10 1629648 -c--a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-17 20:59] . 2013-04-17 c:\windows\Tasks\AnviQuickScan.job - c:\program files\Anvisoft\Anvi Smart Defender\PopupScan.exe [2012-12-21 02:43] . 2013-03-18 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-15 22:32] . 2013-04-13 c:\windows\Tasks\SwitchReminder.job - c:\program files\NCH Software\Switch\switch.exe [2013-04-13 20:41] . 2012-12-20 c:\windows\Tasks\User_Feed_Synchronization-{79105A1A-C2D8-48BC-B1E9-CD0FE252C4C6}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 09:31] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.claresworld.us/ mStart Page = hxxp://www.claresworld.us uInternet Settings,ProxyOverride = <local>;*.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s TCP: DhcpNameServer = 192.168.254.254 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-04-18 19:45 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(672) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . - - - - - - - > 'explorer.exe'(3200) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2013-04-18 19:50:27 ComboFix-quarantined-files.txt 2013-04-18 23:50 ComboFix2.txt 2013-04-17 10:55 ComboFix3.txt 2011-10-20 18:02 . Pre-Run: 58,926,587,904 bytes free Post-Run: 58,929,471,488 bytes free . - - End Of File - - 6678EBF19F007F25DB5412A28A64DC06
  10. Gringo, computer takes a while to boot up, as if a scan is running? Browser also took a while to open completely, but mixiDJ and Bing seem to be gone. Manage add-ons opened by itself. I deleted "Live Search" which was listed as 'unavailable'. ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@radialpoint.com/SPA,version=1\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}\ not found. Registry key HKEY_USERS\S-1-5-21-1819532754-2096334853-3671780774-1007\Software\Microsoft\Internet Explorer\SearchScopes\{57A6DD8A-5BB6-4FD0-A136-9045C35B994D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57A6DD8A-5BB6-4FD0-A136-9045C35B994D}\ not found. Registry key HKEY_USERS\S-1-5-21-1819532754-2096334853-3671780774-1007\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_USERS\S-1-5-21-1819532754-2096334853-3671780774-1007\Software\Microsoft\Internet Explorer\SearchScopes\{57A6DD8A-5BB6-4FD0-A136-9045C35B994D}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57A6DD8A-5BB6-4FD0-A136-9045C35B994D}\ not found. Registry key HKEY_USERS\S-1-5-21-1819532754-2096334853-3671780774-1007\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\Clare Colthup\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\Clare Colthup\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: Administrator User: All Users User: BB443B11-7D12-450c-9F85-2D32804655F9 User: Clare Colthup ->Java cache emptied: 0 bytes User: Default User User: LocalService User: LogMeInRemoteUser User: LogMeInRemoteUser.CLARE User: NetworkService User: Rosie for Grandpa Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: Administrator User: All Users User: BB443B11-7D12-450c-9F85-2D32804655F9 User: Clare Colthup ->Flash cache emptied: 57983 bytes User: Default User ->Flash cache emptied: 57472 bytes User: LocalService User: LogMeInRemoteUser User: LogMeInRemoteUser.CLARE ->Flash cache emptied: 56502 bytes User: NetworkService User: Rosie for Grandpa Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 04182013_152247
  11. Hi Gringo, OTL run successfully. OTL.txt: OTL logfile created on: 4/18/2013 7:19:59 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Clare Colthup\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.50 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 52.50% Memory free 2.29 Gb Paging File | 1.71 Gb Available in Paging File | 74.64% Paging File free Paging file location(s): C:\pagefile.sys 957 957 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.47 Gb Total Space | 54.85 Gb Free Space | 73.65% Space Free | Partition Type: NTFS Computer Name: CLARE | User Name: Clare Colthup | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Clare Colthup\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe () PRC - C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft) PRC - C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe (Anvisoft) PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.) PRC - C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe () PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.) PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard) ========== Modules (No Company Name) ========== MOD - C:\Program Files\AVAST Software\Avast\defs\13041701\algo.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe () MOD - C:\Program Files\Anvisoft\Anvi Smart Defender\sqlite3.dll () MOD - C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe () MOD - C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sqlite3.dll () MOD - C:\WINDOWS\SYSTEM32\HPBHEALR.DLL () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (asdsrv) -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe (Anvisoft) SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.) SRV - (ADBlockerSrv) -- C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe () SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.) SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\SYSTEM32\hpzipm12.exe (HP) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (wanatw) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (MRESP50a64) -- File not found DRV - (MRESP50) -- File not found DRV - (MRENDIS5) -- File not found DRV - (MREMPR5) -- File not found DRV - (MREMP50a64) -- File not found DRV - (MREMP50) -- File not found DRV - (lbrtfdc) -- File not found DRV - (Lbd) -- File not found DRV - (Lavasoft Kernexplorer) -- File not found DRV - (iAimTV2) -- File not found DRV - (FilterService) -- File not found DRV - (esgiguard) -- File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOCUME~1\CLAREC~1\LOCALS~1\Temp\catchme.sys File not found DRV - (MBAMProtector) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys (Malwarebytes Corporation) DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys () DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys () DRV - (aswMonFlt) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (LVUVC) -- C:\WINDOWS\System32\drivers\lvuvc.hs () DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV - (asdrs) -- C:\WINDOWS\SYSTEM32\DRIVERS\asdrs.sys (Anvisoft) DRV - (asdws) -- C:\WINDOWS\SYSTEM32\DRIVERS\asdws.sys () DRV - (asdrm) -- C:\WINDOWS\SYSTEM32\DRIVERS\asdrm.sys (Anvisoft) DRV - (aswKbd) -- C:\WINDOWS\System32\drivers\aswKbd.sys (AVAST Software) DRV - (asdnet) -- C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\x86\asdnet.sys () DRV - (LMIRfsDriver) -- C:\WINDOWS\SYSTEM32\DRIVERS\LMIRfsDriver.sys (LogMeIn, Inc.) DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.) DRV - (hamachi) -- C:\WINDOWS\SYSTEM32\DRIVERS\hamachi.sys (LogMeIn, Inc.) DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation) DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation) DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation) DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation) DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation) DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation) DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation) DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation) DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation) DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation) DRV - (BCMModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys (Broadcom Corporation) DRV - (bcm4sbxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation) DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation) DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.claresworld.us IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^HJ^xdm017^YY^us&si=pconverter&ptb=9BB61B67-7936-48B6-9827-039A2621A2DC&ind=2013041413&n=77fc9305&psa=&st=sb&searchfor={searchTerms} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.claresworld.us/ IE - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\..\SearchScopes,DefaultScope = {57A6DD8A-5BB6-4FD0-A136-9045C35B994D} IE - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\..\SearchScopes\{57A6DD8A-5BB6-4FD0-A136-9045C35B994D}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3287822&CUI=UN23365699186637288&UM=2 IE - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\..\SearchScopes\{A81D283D-CA62-4A34-BBBC-B8302125AD5E}: "URL" = IE - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - Extension: No name found = C:\Documents and Settings\Clare Colthup\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: No name found = C:\Documents and Settings\Clare Colthup\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/04/17 06:49:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [ADBlocker] C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe () O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb07.exe (HP) O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA1DC0A0-681F-42D6-A7E9-CCF8B4727FD2}: DhcpNameServer = 192.168.254.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Clare Colthup\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Clare Colthup\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2002/09/03 10:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/04/18 07:18:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Clare Colthup\Desktop\OTL.exe [2013/04/17 08:45:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013/04/16 20:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Desktop\RK_Quarantine [2013/04/16 19:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013/04/16 19:32:49 | 000,144,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013/04/16 19:32:48 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013/04/16 19:32:34 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013/04/16 19:32:34 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013/04/16 19:32:34 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013/04/16 07:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Application Data\Anvisoft [2013/04/16 07:25:41 | 000,022,864 | ---- | C] (Anvisoft) -- C:\WINDOWS\System32\drivers\asdrs.sys [2013/04/16 07:25:41 | 000,016,208 | ---- | C] (Anvisoft) -- C:\WINDOWS\System32\drivers\asdrm.sys [2013/04/16 07:25:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\anvisoft [2013/04/16 07:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Anvisoft [2013/04/16 07:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft [2013/04/14 18:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Application Data\Xilisoft [2013/04/14 17:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Local Settings\Application Data\CRE [2013/04/14 16:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Start Menu\Programs\Microsoft Image Composer [2013/04/14 16:46:10 | 000,000,000 | ---D | C] -- C:\Multimedia Files [2013/04/14 16:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Image Composer [2013/04/14 13:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Local Settings\Application Data\IAC [2013/04/14 12:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes [2013/04/14 12:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/04/14 12:18:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013/04/14 12:18:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/04/14 12:17:43 | 006,112,864 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll [2013/04/14 09:18:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Clare Colthup\Recent [2013/04/13 19:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer [2013/04/13 15:00:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Local Settings\Application Data\Apple Computer [2013/04/13 15:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Application Data\Apple Computer [2013/04/13 14:58:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2013/04/13 14:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Local Settings\Application Data\Apple [2013/04/13 14:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer [2013/04/13 14:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013/04/13 14:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013/04/13 14:55:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple [2013/04/13 14:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Start Menu\Programs\NCH Software Suite [2013/04/13 14:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Start Menu\Programs\Audio Related Programs [2013/04/13 14:14:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software [2013/04/13 14:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite [2013/04/13 14:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Audio Related Programs [2013/04/13 14:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software [2013/04/13 14:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Application Data\NCH Software [2013/04/12 15:31:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\My Documents\My Webs [2013/04/12 15:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools [2013/04/12 15:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft Web Folders [2013/04/11 08:10:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games [2013/04/11 07:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games [2013/04/10 10:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Application Data\FixCleaner [2013/04/10 10:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers [2013/04/10 09:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\My Documents\Pete [2013/04/10 09:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\My Documents\Clare's Book [2013/04/01 12:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\1&1 [2013/03/29 11:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Application Data\1&1 [2013/03/19 10:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome [2013/01/15 05:27:04 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files\Common Files\atimpenc.dll [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/04/18 07:19:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Clare Colthup\Desktop\OTL.exe [2013/04/18 07:06:35 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk [2013/04/17 11:50:16 | 000,000,560 | ---- | M] () -- C:\WINDOWS\tasks\AnviUpdate.job [2013/04/17 11:50:16 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\AnviQuickScan.job [2013/04/17 11:09:33 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Clare Colthup\Desktop\email.lnk [2013/04/17 10:11:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT [2013/04/17 09:38:49 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns [2013/04/17 09:38:49 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns [2013/04/17 06:49:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts [2013/04/16 19:38:02 | 000,001,109 | ---- | M] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Anvi AD Blocker.lnk [2013/04/16 19:38:02 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Anvi Smart Defender.lnk [2013/04/16 19:32:05 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013/04/16 19:31:56 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013/04/16 19:31:56 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013/04/16 19:31:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013/04/16 19:31:55 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013/04/16 19:31:53 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2013/04/16 19:31:52 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2013/04/15 11:37:53 | 000,002,467 | ---- | M] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft FrontPage.lnk [2013/04/15 08:03:29 | 000,001,701 | ---- | M] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\avast! Free Antivirus.lnk [2013/04/14 17:35:51 | 000,395,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/04/14 12:45:22 | 000,001,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Conquerors.lnk [2013/04/14 12:20:16 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2013/04/14 06:47:22 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Switch Sound File Converter.lnk [2013/04/13 17:21:52 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\SwitchReminder.job [2013/04/12 15:30:08 | 000,000,377 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2013/04/12 15:23:47 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2013/04/11 16:59:03 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/04/11 16:59:00 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/04/11 16:59:00 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/04/11 08:10:07 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Train Simulator.lnk [2013/04/10 11:36:43 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk [2013/04/10 10:07:52 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware (2).lnk [2013/04/10 10:03:07 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL [2013/04/10 09:03:30 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Clare Colthup\Desktop\Microsoft Office Excel 2003.lnk [2013/04/10 08:55:26 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Clare Colthup\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/04/10 08:50:43 | 000,437,068 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT [2013/04/10 08:50:43 | 000,069,294 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT [2013/04/10 07:23:01 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013/04/01 12:48:28 | 000,001,722 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\1&1 WebMail.lnk [2013/03/20 08:47:33 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/03/19 10:15:33 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/04/17 11:44:37 | 000,000,560 | ---- | C] () -- C:\WINDOWS\tasks\AnviUpdate.job [2013/04/16 19:38:02 | 000,001,109 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Anvi AD Blocker.lnk [2013/04/16 19:38:02 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Anvi Smart Defender.lnk [2013/04/16 14:30:56 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\AnviQuickScan.job [2013/04/16 07:25:41 | 000,014,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\asdws.sys [2013/04/15 08:03:29 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\avast! Free Antivirus.lnk [2013/04/14 12:45:22 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Conquerors.lnk [2013/04/14 12:20:16 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2013/04/14 06:47:22 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Switch Sound File Converter.lnk [2013/04/14 06:47:09 | 000,002,467 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft FrontPage.lnk [2013/04/13 17:21:52 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\SwitchReminder.job [2013/04/13 14:57:40 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk [2013/04/13 14:15:26 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\WavePad Sound Editor.lnk [2013/04/13 14:14:25 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Switch Sound File Converter.lnk [2013/04/12 15:23:47 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2013/04/12 15:23:46 | 000,001,998 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft FrontPage.lnk [2013/04/11 08:32:05 | 000,000,000 | ---- | C] () -- C:\FileOut.Cns [2013/04/11 08:32:05 | 000,000,000 | ---- | C] () -- C:\FileIn.Cns [2013/04/11 08:10:03 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Train Simulator.lnk [2013/04/10 12:48:54 | 000,002,513 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk [2013/04/10 11:36:43 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk [2013/04/10 10:07:52 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware (2).lnk [2013/04/10 08:55:26 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/04/01 12:48:28 | 000,001,722 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\1&1 WebMail.lnk [2013/03/19 10:15:34 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/03/19 10:15:29 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2013/03/18 11:52:03 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013/03/18 11:52:01 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2012/03/19 14:21:54 | 000,016,954 | ---- | C] () -- C:\WINDOWS\hplj1010.ini [2011/10/20 13:43:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/10/20 13:43:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/10/20 13:43:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/10/20 13:43:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/08/04 20:33:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Brother [2011/08/04 20:33:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Bass [2010/04/08 18:59:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\Application Data\Bubble Noise [2010/04/08 18:59:31 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT [2007/01/31 23:20:24 | 000,003,622 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\resetlog.txp [2004/03/19 12:45:34 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\Application Data\PFP110JPR.{PB [2004/03/19 12:45:34 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\Application Data\PFP110JCM.{PB ========== ZeroAccess Check ========== [2004/03/06 02:37:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 < End of report >
  12. No problems running ComboFix. Computer seems to be running well...perhaps a bit faster. Bing continues to dominate search instead of Google. "MixiDJ V8 Customized Web Search" shows in search box top right of browser. I never asked for Bing or mixiDJ. I previously tried deleting MixiDJ in search provider management, but there's no option to remove, only for Google. Now I don't see search engine manager under browser tools at all? Here's the log - thanks Gringo for your help: ComboFix 13-04-17.01 - Clare Colthup 04/17/2013 6:33.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.962 [GMT -4:00] Running from: c:\documents and settings\Clare Colthup\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: Trend Micro Firewall Booster *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\fad.sys c:\windows\system32\SET104.tmp c:\windows\system32\SET109.tmp c:\windows\system32\setb4.tmp c:\windows\system32\SETB5.tmp c:\windows\system32\SETC1.tmp c:\windows\system32\SETCE.tmp c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2013-03-17 to 2013-04-17 ))))))))))))))))))))))))))))))) . . 2013-04-16 23:37 . 2013-04-16 23:37 -------- dc----w- c:\program files\Common Files\Java 2013-04-16 23:32 . 2013-04-16 23:31 144896 -c--a-w- c:\windows\system32\javacpl.cpl 2013-04-16 23:32 . 2013-04-16 23:32 94112 -c--a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-04-16 11:28 . 2013-04-16 11:28 -------- dc----w- c:\documents and settings\Clare Colthup\Application Data\Anvisoft 2013-04-16 11:25 . 2012-11-07 07:16 22864 -c--a-w- c:\windows\system32\drivers\asdrs.sys 2013-04-16 11:25 . 2012-11-07 07:16 14160 -c--a-w- c:\windows\system32\drivers\asdws.sys 2013-04-16 11:25 . 2012-11-07 07:16 16208 -c--a-w- c:\windows\system32\drivers\asdrm.sys 2013-04-16 11:25 . 2013-04-16 11:25 -------- dc----w- c:\documents and settings\All Users\Application Data\Anvisoft 2013-04-16 11:25 . 2013-04-16 11:25 -------- dc----w- c:\program files\Anvisoft 2013-04-14 22:21 . 2013-04-14 22:21 -------- dc----w- c:\documents and settings\Clare Colthup\Application Data\Xilisoft 2013-04-14 21:13 . 2013-04-14 21:13 -------- dc----w- c:\documents and settings\Clare Colthup\Local Settings\Application Data\CRE 2013-04-14 20:46 . 2013-04-14 20:46 -------- dc----w- C:\Multimedia Files 2013-04-14 20:45 . 2013-04-14 20:46 -------- dc----w- c:\program files\Microsoft Image Composer 2013-04-14 17:51 . 2013-04-14 17:51 -------- dc----w- c:\documents and settings\Clare Colthup\Local Settings\Application Data\IAC 2013-04-14 16:20 . 2012-08-21 17:01 26840 -c--a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2013-04-14 16:19 . 2013-04-14 16:19 -------- dc----w- c:\program files\iPod 2013-04-13 18:55 . 2013-04-13 18:57 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple 2013-04-13 18:14 . 2013-04-13 18:14 -------- dc----w- c:\documents and settings\All Users\Application Data\NCH Software 2013-04-13 18:14 . 2013-04-13 18:18 -------- dc----w- c:\program files\NCH Software 2013-04-13 18:14 . 2013-04-13 18:14 -------- dc----w- c:\documents and settings\Clare Colthup\Application Data\NCH Software 2013-04-12 19:20 . 2013-04-12 19:20 -------- dc----w- c:\documents and settings\Clare Colthup\Application Data\Microsoft Web Folders 2013-04-11 11:57 . 2013-04-14 16:40 -------- dc----w- c:\program files\Microsoft Games 2013-04-10 14:41 . 2013-04-10 14:58 -------- dc----w- c:\documents and settings\Clare Colthup\Application Data\FixCleaner 2013-03-29 15:55 . 2013-03-29 15:55 -------- dc----w- c:\documents and settings\Clare Colthup\Application Data\1&1 2013-03-18 15:52 . 2013-03-06 22:33 164736 -c--a-w- c:\windows\system32\drivers\aswVmm.sys 2013-03-18 15:52 . 2013-03-06 22:33 49248 -c--a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-03-18 15:52 . 2013-03-06 22:33 66336 -c--a-w- c:\windows\system32\drivers\aswMonFlt.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-16 23:31 . 2012-12-17 19:42 866720 -c--a-w- c:\windows\system32\npDeployJava1.dll 2013-04-16 23:31 . 2012-12-17 19:42 788896 -c--a-w- c:\windows\system32\deployJava1.dll 2013-04-11 20:59 . 2012-12-17 19:45 691592 -c--a-w- c:\windows\system32\FlashPlayerApp.exe 2013-04-11 20:59 . 2011-08-04 21:45 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-04 18:50 . 2012-12-14 15:28 22856 -c--a-w- c:\windows\system32\drivers\mbam.sys 2013-03-08 08:36 . 2002-08-29 11:00 293376 -c--a-w- c:\windows\system32\winsrv.dll 2013-03-07 01:28 . 1980-01-01 06:00 2193408 -c--a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 00:50 . 1980-01-01 06:00 2070016 -c--a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-06 22:33 . 2012-06-06 22:18 368176 -c--a-w- c:\windows\system32\drivers\aswSP.sys 2013-03-06 22:33 . 2012-06-06 22:18 62376 -c--a-w- c:\windows\system32\drivers\aswTdi.sys 2013-03-06 22:33 . 2012-06-06 22:18 49760 -c--a-w- c:\windows\system32\drivers\aswRdr.sys 2013-03-06 22:33 . 2012-06-06 22:18 765736 -c--a-w- c:\windows\system32\drivers\aswSnx.sys 2013-03-06 22:33 . 2012-06-06 22:18 29816 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-03-06 22:32 . 2012-06-06 22:17 41664 -c--a-w- c:\windows\avastSS.scr 2013-03-06 22:32 . 2012-06-06 22:17 228600 -c--a-w- c:\windows\system32\aswBoot.exe 2013-03-02 02:06 . 2004-08-24 01:32 916480 -c--a-w- c:\windows\system32\wininet.dll 2013-03-02 02:06 . 2002-08-29 11:00 43520 -c----w- c:\windows\system32\licmgr10.dll 2013-03-02 02:06 . 2002-08-29 11:00 1469440 -c----w- c:\windows\system32\inetcpl.cpl 2013-03-02 01:25 . 2002-08-29 11:00 1867264 -c--a-w- c:\windows\system32\win32k.sys 2013-03-02 01:08 . 2004-08-04 05:59 385024 -c----w- c:\windows\system32\html.iec 2013-02-27 07:56 . 2002-08-29 11:00 2067456 -c--a-w- c:\windows\system32\mstscax.dll 2013-02-12 00:32 . 2004-08-04 06:04 12928 -c----w- c:\windows\system32\drivers\usb8023x.sys 2013-02-12 00:32 . 2002-08-29 11:00 12928 -c--a-w- c:\windows\system32\drivers\usb8023.sys 2013-01-26 03:55 . 2002-08-29 11:00 552448 -c--a-w- c:\windows\system32\oleaut32.dll 2013-01-15 09:27 . 2013-01-15 09:27 2174976 -c--a-w- c:\program files\Common Files\atimpenc.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-03-06 22:32 121968 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-24 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416] "StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392] "ADBlocker"="c:\program files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe" [2012-12-21 979816] "Anvi Smart Defender"="c:\program files\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-12-21 1434984] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2012-12-19 18:37 92072 -c--a-w- c:\windows\SYSTEM32\LMIinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-01-24 02:30 68856 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup] 2003-03-31 23:28 155648 -c--a-w- c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "ose"=3 (0x3) "LVPrcSrv"=2 (0x2) "IDriverT"=3 (0x3) "gusvc"=3 (0x3) "gupdatem"=3 (0x3) "gupdate"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 aswRvrt;aswRvrt;c:\windows\SYSTEM32\DRIVERS\aswRvrt.sys [3/18/2013 11:52 AM 49248] R1 asdnet;asdnet;c:\program files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\x86\asdnet.sys [4/16/2013 7:25 AM 15696] R1 asdrm;asdrm;c:\windows\SYSTEM32\DRIVERS\asdrm.sys [4/16/2013 7:25 AM 16208] R1 aswKbd;aswKbd;c:\windows\SYSTEM32\DRIVERS\aswKbd.sys [10/12/2012 11:43 AM 20624] R1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.sys [6/6/2012 6:18 PM 765736] R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [6/6/2012 6:18 PM 368176] R2 ADBlockerSrv;AD Blocker Service;c:\program files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [4/16/2013 7:25 AM 279368] R2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\SYSTEM32\DRIVERS\asdrs.sys [4/16/2013 7:25 AM 22864] R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [12/20/2012 10:43 PM 735592] R2 asdws;AnviSmartDefender Web Guard;c:\windows\SYSTEM32\DRIVERS\asdws.sys [4/16/2013 7:25 AM 14160] R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [6/6/2012 6:18 PM 29816] R2 aswMonFlt;aswMonFlt;c:\windows\SYSTEM32\DRIVERS\aswMonFlt.sys [3/18/2013 11:52 AM 66336] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/29/2010 9:34 PM 374704] S0 Lbd;Lbd; [x] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/16/2011 3:10 PM 12856] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/14/2012 11:28 AM 418376] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/14/2012 11:28 AM 701512] S3 aswVmm;aswVmm;c:\windows\SYSTEM32\DRIVERS\aswVmm.sys [3/18/2013 11:52 AM 164736] S3 esgiguard;esgiguard; [x] S3 Lavasoft Kernexplorer;Lavasoft helper driver; [x] S3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [12/14/2012 11:28 AM 22856] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - TRUESIGHT *Deregistered* - TrueSight . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-19 14:10 1629648 -c--a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-17 20:59] . 2013-04-16 c:\windows\Tasks\AnviQuickScan.job - c:\program files\Anvisoft\Anvi Smart Defender\PopupScan.exe [2012-12-21 02:43] . 2013-03-18 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-15 22:32] . 2013-04-13 c:\windows\Tasks\SwitchReminder.job - c:\program files\NCH Software\Switch\switch.exe [2013-04-13 20:41] . 2012-12-20 c:\windows\Tasks\User_Feed_Synchronization-{79105A1A-C2D8-48BC-B1E9-CD0FE252C4C6}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 09:31] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.claresworld.us/ mStart Page = hxxp://www.claresworld.us uInternet Settings,ProxyOverride = <local>;*.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s TCP: DhcpNameServer = 192.168.254.254 . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-Google Update - c:\documents and settings\Clare Colthup\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-04-17 06:49 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(676) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . Completion time: 2013-04-17 06:55:09 ComboFix-quarantined-files.txt 2013-04-17 10:55 ComboFix2.txt 2011-10-20 18:02 . Pre-Run: 58,981,756,928 bytes free Post-Run: 59,045,793,792 bytes free . - - End Of File - - F8E0BF6B095B9F3D996466D195F7964C
  13. Gringo, I'm not sure if my ComboFix log got posted?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.