gulfstream2013
-
Posts
18 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by gulfstream2013
-
-
# AdwCleaner v2.301 - Logfile created 05/17/2013 at 07:05:23
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - CR-5858417754B2
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner (3).exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
***** [Registry] *****
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\58e8ad0e06de417
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298573
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://www1.delta-search.com/?affID=119357&tt=gc_&babsrc=NT_ss&mntrId=38D900121756A5C2 --> hxxp://www.google.com
-\\ Google Chrome v26.0.1410.64
File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
Deleted [l.2540] : urls_to_restore_on_startup = [ "hxxp://www1.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_s[...]
*************************
AdwCleaner[R2].txt - [0 octets] - [17/05/2013 07:03:49]
AdwCleaner[s1].txt - [2499 octets] - [17/05/2013 07:05:23]
########## EOF - C:\AdwCleaner[s1].txt - [2559 octets] ##########
-
roguekiller report also:
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 05/16/2013 21:43:51
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[Faked.Drv][FILE] kmixer.sys : C:\WINDOWS\system32\drivers\kmixer.sys [-] --> FOUND
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Maxtor 4D040H2 +++++
--- User ---
[MBR] ea99bc85ada8810dc3476bcd92739550
[bSP] c6ad1847dc9468896fb106c9e021542a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 39072 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_05162013_02d2143.txt >>
RKreport[1]_S_05162013_02d2143.txt
-
-
<p> </p>
<div>.</div>
<div>UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.</div>
<div>IF REQUESTED, ZIP IT UP & ATTACH IT</div>
<div>.</div>
<div>DDS (Ver_2012-11-20.01)</div>
<div>.</div>
<div>Microsoft Windows XP Home Edition</div>
<div>Boot Device: \Device\HarddiskVolume1</div>
<div>Install Date: 4/25/2013 8:36:31 AM</div>
<div>System Uptime: 5/16/2013 2:46:25 PM (2 hours ago)</div>
<div>.</div>
<div>Motherboard: | | </div>
<div>Processor: Intel® Pentium® 4 CPU 1.60GHz | | 1597/mhz</div>
<div>.</div>
<div>==== Disk Partitions =========================</div>
<div>.</div>
<div>A: is Removable</div>
<div>C: is FIXED (NTFS) - 38 GiB total, 18.849 GiB free.</div>
<div>D: is Removable</div>
<div>E: is CDROM ()</div>
<div>F: is CDROM ()</div>
<div>G: is FIXED (NTFS) - 466 GiB total, 460.144 GiB free.</div>
<div>.</div>
<div>==== Disabled Device Manager Items =============</div>
<div>.</div>
<div>==== System Restore Points ===================</div>
<div>.</div>
<div>RP16: 4/26/2013 4:53:33 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161</div>
<div>RP17: 4/26/2013 4:55:07 PM - Installed OpenOffice.org 3.4.1</div>
<div>RP18: 4/29/2013 9:33:49 AM - System Checkpoint</div>
<div>RP19: 5/1/2013 11:08:43 AM - Installed Microsoft Office Professional Edition 2003</div>
<div>RP20: 5/1/2013 11:26:33 AM - Installed Compatibility Pack for the 2007 Office system</div>
<div>RP21: 5/10/2013 4:00:38 PM - System Checkpoint</div>
<div>RP22: 5/10/2013 4:36:39 PM - Software Distribution Service 3.0</div>
<div>RP23: 5/10/2013 8:26:39 PM - Revo Uninstaller's restore point - AVG 2013</div>
<div>RP24: 5/10/2013 8:31:50 PM - Removed AVG 2013</div>
<div>RP25: 5/10/2013 8:34:42 PM - Removed AVG 2013</div>
<div>RP26: 5/10/2013 8:40:22 PM - Revo Uninstaller's restore point - Hoolapp For Android</div>
<div>RP27: 5/10/2013 8:43:17 PM - Revo Uninstaller's restore point - OpenOffice.org 3.4.1</div>
<div>RP28: 5/10/2013 8:45:59 PM - Removed OpenOffice.org 3.4.1</div>
<div>RP29: 5/10/2013 8:52:18 PM - Revo Uninstaller's restore point - Java 7 Update 21</div>
<div>RP30: 5/10/2013 8:52:35 PM - Removed Java 7 Update 21</div>
<div>RP31: 5/11/2013 12:00:31 AM - Software Distribution Service 3.0</div>
<div>RP32: 5/11/2013 6:42:12 AM - Installed DirectX</div>
<div>RP33: 5/11/2013 6:45:10 AM - Installed NVIDIA PhysX</div>
<div>RP34: 5/11/2013 6:46:01 AM - Installed Microsoft Visual C++ 2005 Redistributable</div>
<div>RP35: 5/11/2013 6:46:38 AM - Installed Steam</div>
<div>RP36: 5/11/2013 7:13:04 AM - Installed DirectX</div>
<div>RP37: 5/11/2013 9:43:42 AM - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106</div>
<div>RP38: 5/11/2013 10:47:35 AM - Revo Uninstaller's restore point - Ship Simulator Extremes</div>
<div>RP39: 5/11/2013 11:06:11 AM - Revo Uninstaller's restore point - Steam</div>
<div>RP40: 5/11/2013 11:06:53 AM - Removed Steam</div>
<div>RP41: 5/11/2013 4:04:53 PM - Installed hp LaserJet 1010 Series</div>
<div>RP42: 5/11/2013 5:36:03 PM - Software Distribution Service 3.0</div>
<div>RP43: 5/11/2013 6:28:51 PM - Software Distribution Service 3.0</div>
<div>RP44: 5/11/2013 7:11:58 PM - Revo Uninstaller's restore point - SweetIM for Messenger 3.7</div>
<div>RP45: 5/11/2013 7:32:42 PM - Revo Uninstaller's restore point - SweetIM for Messenger 3.7</div>
<div>RP46: 5/11/2013 7:32:56 PM - Removed SweetIM for Messenger 3.7</div>
<div>RP47: 5/11/2013 7:35:18 PM - Revo Uninstaller's restore point - SweetIM Bundle by SweetPacks</div>
<div>RP48: 5/11/2013 7:36:52 PM - Revo Uninstaller's restore point - Sim Aquarium 3</div>
<div>RP49: 5/11/2013 9:39:43 PM - Revo Uninstaller's restore point - Search Protect by conduit</div>
<div>RP50: 5/11/2013 9:41:11 PM - Revo Uninstaller's restore point - MixiDJ V37 Toolbar</div>
<div>RP51: 5/12/2013 12:45:28 AM - Software Distribution Service 3.0</div>
<div>RP52: 5/12/2013 7:34:37 AM - Revo Uninstaller's restore point - Delta Chrome Toolbar</div>
<div>RP53: 5/12/2013 7:36:15 AM - Revo Uninstaller's restore point - Delta toolbar </div>
<div>RP54: 5/12/2013 7:38:41 AM - Revo Uninstaller's restore point - MiPony 2.0.2</div>
<div>RP55: 5/12/2013 7:39:31 AM - Revo Uninstaller's restore point - Mipony Download Manager Packages</div>
<div>RP56: 5/12/2013 7:40:46 AM - Revo Uninstaller's restore point - Update for Mipony Download Manager</div>
<div>RP57: 5/12/2013 8:57:42 AM - Software Distribution Service 3.0</div>
<div>RP58: 5/12/2013 3:56:43 PM - Software Distribution Service 3.0</div>
<div>RP59: 5/12/2013 11:20:03 PM - Revo Uninstaller's restore point - 3Planesoft Screensaver Manager 1.4</div>
<div>RP60: 5/12/2013 11:22:48 PM - Revo Uninstaller's restore point - Fireplace 3D Screensaver 1.0</div>
<div>RP61: 5/12/2013 11:24:05 PM - Revo Uninstaller's restore point - Free Fire Screensaver</div>
<div>RP62: 5/12/2013 11:25:01 PM - Revo Uninstaller's restore point - GameFly</div>
<div>RP63: 5/12/2013 11:26:29 PM - Revo Uninstaller's restore point - Nature 3D Screensaver 1.1</div>
<div>RP64: 5/13/2013 12:56:38 AM - Software Distribution Service 3.0</div>
<div>RP65: 5/13/2013 3:13:30 PM - Installed HiJackThis</div>
<div>RP66: 5/13/2013 8:33:20 PM - Installed SpyHunter</div>
<div>RP67: 5/13/2013 9:53:27 PM - Revo Uninstaller's restore point - SpyHunter</div>
<div>RP68: 5/13/2013 9:54:08 PM - Removed SpyHunter</div>
<div>RP69: 5/14/2013 1:00:50 AM - Software Distribution Service 3.0</div>
<div>RP70: 5/14/2013 10:04:54 PM - Unsigned driver install</div>
<div>RP71: 5/14/2013 11:03:30 PM - Software Distribution Service 3.0</div>
<div>RP72: 5/15/2013 10:45:02 PM - Software Distribution Service 3.0</div>
<div>RP73: 5/16/2013 12:00:42 AM - Software Distribution Service 3.0</div>
<div>RP74: 5/16/2013 7:08:49 AM - Revo Uninstaller's restore point - Microsoft Age of Empires II: The Conquerors Expansion</div>
<div>RP75: 5/16/2013 7:10:25 AM - Revo Uninstaller's restore point - Microsoft Age of Empires II</div>
<div>RP76: 5/16/2013 2:54:51 PM - Revo Uninstaller's restore point - FileASSASSIN</div>
<div>.</div>
<div>==== Installed Programs ======================</div>
<div>.</div>
<div>AD Blocker</div>
<div>Adobe Flash Player 11 ActiveX</div>
<div>Adobe Reader XI (11.0.02)</div>
<div>Adobe Shockwave Player 12.0</div>
<div>Amazon Cloud Player</div>
<div>Amazon MP3 Downloader 1.0.18</div>
<div>Anvi Smart Defender 1.8</div>
<div>Apple Application Support</div>
<div>Apple Mobile Device Support</div>
<div>Apple Software Update</div>
<div>Bonjour</div>
<div>Bus Driver 1.5</div>
<div>CCleaner</div>
<div>Compatibility Pack for the 2007 Office system</div>
<div>Defraggler</div>
<div>Dream Aquarium</div>
<div>Google Chrome</div>
<div>Google Update Helper</div>
<div>HiJackThis</div>
<div>Hotfix for Windows Media Format 11 SDK (KB929399)</div>
<div>Hotfix for Windows Media Player 11 (KB939683)</div>
<div>Hotfix for Windows XP (KB2779562)</div>
<div>Hotfix for Windows XP (KB952287)</div>
<div>hp LaserJet 1010 Series</div>
<div>iTunes</div>
<div>Malwarebytes Anti-Malware version 1.75.0.1300</div>
<div>Microsoft .NET Framework 4 Client Profile</div>
<div>Microsoft .NET Framework 4 Extended</div>
<div>Microsoft Age of Empires II</div>
<div>Microsoft Age of Empires II: The Conquerors Expansion</div>
<div>Microsoft Application Error Reporting</div>
<div>Microsoft Compression Client Pack 1.0 for Windows XP</div>
<div>Microsoft Office File Validation Add-In</div>
<div>Microsoft Office Professional Edition 2003</div>
<div>Microsoft Security Client</div>
<div>Microsoft Security Essentials</div>
<div>Microsoft Train Simulator</div>
<div>Microsoft User-Mode Driver Framework Feature Pack 1.0</div>
<div>Microsoft Visual C++ 2005 Redistributable</div>
<div>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161</div>
<div>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219</div>
<div>Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106</div>
<div>Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106</div>
<div>Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106</div>
<div>NVIDIA PhysX</div>
<div>QuickTime</div>
<div>Revo Uninstaller 1.94</div>
<div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)</div>
<div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)</div>
<div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)</div>
<div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)</div>
<div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)</div>
<div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)</div>
<div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)</div>
<div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)</div>
<div>Security Update for Microsoft .NET Framework 4 Extended (KB2487367)</div>
<div>Security Update for Microsoft .NET Framework 4 Extended (KB2656351)</div>
<div>Security Update for Microsoft .NET Framework 4 Extended (KB2736428)</div>
<div>Security Update for Microsoft .NET Framework 4 Extended (KB2742595)</div>
<div>Security Update for Microsoft Windows (KB2564958)</div>
<div>Security Update for Windows Internet Explorer 8 (KB2510531)</div>
<div>Security Update for Windows Internet Explorer 8 (KB2618444)</div>
<div>Security Update for Windows Internet Explorer 8 (KB2744842)</div>
<div>Security Update for Windows Internet Explorer 8 (KB2817183)</div>
<div>Security Update for Windows Internet Explorer 8 (KB2829530)</div>
<div>Security Update for Windows Internet Explorer 8 (KB2847204)</div>
<div>Security Update for Windows Internet Explorer 8 (KB982381)</div>
<div>Security Update for Windows Media Player (KB2378111)</div>
<div>Security Update for Windows Media Player (KB952069)</div>
<div>Security Update for Windows Media Player (KB954155)</div>
<div>Security Update for Windows Media Player (KB973540)</div>
<div>Security Update for Windows Media Player (KB975558)</div>
<div>Security Update for Windows Media Player (KB978695)</div>
<div>Security Update for Windows Media Player 11 (KB954154)</div>
<div>Security Update for Windows XP (KB2115168)</div>
<div>Security Update for Windows XP (KB2229593)</div>
<div>Security Update for Windows XP (KB2296011)</div>
<div>Security Update for Windows XP (KB2347290)</div>
<div>Security Update for Windows XP (KB2360937)</div>
<div>Security Update for Windows XP (KB2387149)</div>
<div>Security Update for Windows XP (KB2393802)</div>
<div>Security Update for Windows XP (KB2419632)</div>
<div>Security Update for Windows XP (KB2423089)</div>
<div>Security Update for Windows XP (KB2440591)</div>
<div>Security Update for Windows XP (KB2443105)</div>
<div>Security Update for Windows XP (KB2478960)</div>
<div>Security Update for Windows XP (KB2478971)</div>
<div>Security Update for Windows XP (KB2479943)</div>
<div>Security Update for Windows XP (KB2481109)</div>
<div>Security Update for Windows XP (KB2483185)</div>
<div>Security Update for Windows XP (KB2485663)</div>
<div>Security Update for Windows XP (KB2506212)</div>
<div>Security Update for Windows XP (KB2507938)</div>
<div>Security Update for Windows XP (KB2508429)</div>
<div>Security Update for Windows XP (KB2509553)</div>
<div>Security Update for Windows XP (KB2510581)</div>
<div>Security Update for Windows XP (KB2535512)</div>
<div>Security Update for Windows XP (KB2536276-v2)</div>
<div>Security Update for Windows XP (KB2544893-v2)</div>
<div>Security Update for Windows XP (KB2566454)</div>
<div>Security Update for Windows XP (KB2570947)</div>
<div>Security Update for Windows XP (KB2584146)</div>
<div>Security Update for Windows XP (KB2585542)</div>
<div>Security Update for Windows XP (KB2592799)</div>
<div>Security Update for Windows XP (KB2598479)</div>
<div>Security Update for Windows XP (KB2603381)</div>
<div>Security Update for Windows XP (KB2618451)</div>
<div>Security Update for Windows XP (KB2619339)</div>
<div>Security Update for Windows XP (KB2620712)</div>
<div>Security Update for Windows XP (KB2624667)</div>
<div>Security Update for Windows XP (KB2631813)</div>
<div>Security Update for Windows XP (KB2653956)</div>
<div>Security Update for Windows XP (KB2655992)</div>
<div>Security Update for Windows XP (KB2659262)</div>
<div>Security Update for Windows XP (KB2661637)</div>
<div>Security Update for Windows XP (KB2676562)</div>
<div>Security Update for Windows XP (KB2686509)</div>
<div>Security Update for Windows XP (KB2691442)</div>
<div>Security Update for Windows XP (KB2698365)</div>
<div>Security Update for Windows XP (KB2705219-v2)</div>
<div>Security Update for Windows XP (KB2712808)</div>
<div>Security Update for Windows XP (KB2719985)</div>
<div>Security Update for Windows XP (KB2723135-v2)</div>
<div>Security Update for Windows XP (KB2727528)</div>
<div>Security Update for Windows XP (KB2753842-v2)</div>
<div>Security Update for Windows XP (KB2757638)</div>
<div>Security Update for Windows XP (KB2758857)</div>
<div>Security Update for Windows XP (KB2770660)</div>
<div>Security Update for Windows XP (KB2780091)</div>
<div>Security Update for Windows XP (KB2802968)</div>
<div>Security Update for Windows XP (KB2807986)</div>
<div>Security Update for Windows XP (KB2808735)</div>
<div>Security Update for Windows XP (KB2813170)</div>
<div>Security Update for Windows XP (KB2813345)</div>
<div>Security Update for Windows XP (KB2817183)</div>
<div>Security Update for Windows XP (KB2820197)</div>
<div>Security Update for Windows XP (KB2820917)</div>
<div>Security Update for Windows XP (KB2829361)</div>
<div>Security Update for Windows XP (KB923561)</div>
<div>Security Update for Windows XP (KB923789)</div>
<div>Security Update for Windows XP (KB941569)</div>
<div>Security Update for Windows XP (KB946648)</div>
<div>Security Update for Windows XP (KB950762)</div>
<div>Security Update for Windows XP (KB950974)</div>
<div>Security Update for Windows XP (KB951376-v2)</div>
<div>Security Update for Windows XP (KB952004)</div>
<div>Security Update for Windows XP (KB952954)</div>
<div>Security Update for Windows XP (KB956572)</div>
<div>Security Update for Windows XP (KB956802)</div>
<div>Security Update for Windows XP (KB956844)</div>
<div>Security Update for Windows XP (KB959426)</div>
<div>Security Update for Windows XP (KB960803)</div>
<div>Security Update for Windows XP (KB960859)</div>
<div>Security Update for Windows XP (KB969059)</div>
<div>Security Update for Windows XP (KB970430)</div>
<div>Security Update for Windows XP (KB971657)</div>
<div>Security Update for Windows XP (KB972270)</div>
<div>Security Update for Windows XP (KB973507)</div>
<div>Security Update for Windows XP (KB973869)</div>
<div>Security Update for Windows XP (KB973904)</div>
<div>Security Update for Windows XP (KB974112)</div>
<div>Security Update for Windows XP (KB974318)</div>
<div>Security Update for Windows XP (KB974392)</div>
<div>Security Update for Windows XP (KB974571)</div>
<div>Security Update for Windows XP (KB975025)</div>
<div>Security Update for Windows XP (KB975467)</div>
<div>Security Update for Windows XP (KB975560)</div>
<div>Security Update for Windows XP (KB975713)</div>
<div>Security Update for Windows XP (KB977816)</div>
<div>Security Update for Windows XP (KB977914)</div>
<div>Security Update for Windows XP (KB978338)</div>
<div>Security Update for Windows XP (KB978542)</div>
<div>Security Update for Windows XP (KB978706)</div>
<div>Security Update for Windows XP (KB979309)</div>
<div>Security Update for Windows XP (KB979482)</div>
<div>Security Update for Windows XP (KB979687)</div>
<div>Security Update for Windows XP (KB981322)</div>
<div>Security Update for Windows XP (KB981997)</div>
<div>Security Update for Windows XP (KB982132)</div>
<div>Security Update for Windows XP (KB982665)</div>
<div>SimCity 4 Deluxe</div>
<div>Spybot - Search & Destroy</div>
<div>swMSM</div>
<div>The Weather Channel App</div>
<div>The Weather Channel Desktop 6</div>
<div>Update for Microsoft Windows (KB971513)</div>
<div>Update for Windows Internet Explorer 8 (KB2598845)</div>
<div>Update for Windows Internet Explorer 8 (KB2632503)</div>
<div>Update for Windows XP (KB2345886)</div>
<div>Update for Windows XP (KB2467659)</div>
<div>Update for Windows XP (KB2492386)</div>
<div>Update for Windows XP (KB2661254-v2)</div>
<div>Update for Windows XP (KB2736233)</div>
<div>Update for Windows XP (KB2749655)</div>
<div>Update for Windows XP (KB898461)</div>
<div>Update for Windows XP (KB951978)</div>
<div>Update for Windows XP (KB968389)</div>
<div>Update for Windows XP (KB971029)</div>
<div>Update for Windows XP (KB973815)</div>
<div>WebFldrs XP</div>
<div>Windows Genuine Advantage Validation Tool (KB892130)</div>
<div>Windows Internet Explorer 8</div>
<div>Windows Media Format 11 runtime</div>
<div>Windows Media Player 11</div>
<div>Windows XP Service Pack 3</div>
<div>WinPatrol</div>
<div>.</div>
<div>==== Event Viewer Messages From Past Week ========</div>
<div>.</div>
<div>5/11/2013 3:38:24 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.</div>
<div>5/11/2013 3:38:24 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.</div>
<div>5/10/2013 8:37:48 PM, error: System Error [1003] - Error code 1000000a, parameter1 4d42f880, parameter2 00000002, parameter3 00000000, parameter4 804d90aa.</div>
<div>5/10/2013 3:14:33 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.</div>
<div>.</div>
<div>==== End Of File ===========================</div>
<div> </div>
-
<p> DDS (Ver_2012-11-20.01) - NTFS_x86 </p>
<div>Internet Explorer: 8.0.6001.18702</div>
<div>Run by Owner at 16:24:19 on 2013-05-16</div>
<div>Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.380 [GMT -4:00]</div>
<div>.</div>
<div>AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}</div>
<div>.</div>
<div>============== Running Processes ================</div>
<div>.</div>
<div>C:\Program Files\Microsoft Security Client\MsMpEng.exe</div>
<div>C:\WINDOWS\Explorer.EXE</div>
<div>C:\WINDOWS\system32\spoolsv.exe</div>
<div>C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe</div>
<div>C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</div>
<div>C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe</div>
<div>C:\Program Files\Bonjour\mDNSResponder.exe</div>
<div>C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe</div>
<div>C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe</div>
<div>C:\WINDOWS\System32\alg.exe</div>
<div>C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE</div>
<div>C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE</div>
<div>C:\Program Files\Google\Chrome\Application\chrome.exe</div>
<div>C:\Program Files\Google\Chrome\Application\chrome.exe</div>
<div>C:\Program Files\Google\Chrome\Application\chrome.exe</div>
<div>C:\WINDOWS\system32\wbem\wmiprvse.exe</div>
<div>C:\WINDOWS\System32\svchost.exe -k netsvcs</div>
<div>C:\WINDOWS\system32\svchost.exe -k NetworkService</div>
<div>C:\WINDOWS\system32\svchost.exe -k LocalService</div>
<div>C:\WINDOWS\system32\svchost.exe -k LocalService</div>
<div>.</div>
<div>============== Pseudo HJT Report ===============</div>
<div>.</div>
<div>uStart Page = hxxp://www.claresworld.us/</div>
<div>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll</div>
<div>BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll</div>
<div>uPolicies-Explorer: NoDriveTypeAutoRun = dword:145</div>
<div>mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1</div>
<div>mPolicies-Explorer: NoDriveTypeAutoRun = dword:145</div>
<div>IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}</div>
<div>IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll</div>
<div>IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe</div>
<div>IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe</div>
<div>.</div>
<div>INFO: HKCU has more than 50 listed domains.</div>
<div>If you wish to scan all of them, select the 'Force scan all domains' option.</div>
<div>.</div>
<div>.</div>
<div>INFO: HKLM has more than 50 listed domains.</div>
<div> If you wish to scan all of them, select the 'Force scan all domains' option.</div>
<div>.</div>
<div>DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab</div>
<div>DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1366898000867</div>
<div>DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab</div>
<div>TCP: NameServer = 192.168.1.1</div>
<div>TCP: Interfaces\{A583220F-B9F6-4CA9-95DE-01843D0FBCEE} : DHCPNameServer = 192.168.1.1</div>
<div>Notify: crypt32chain - <no file></div>
<div>Notify: cryptnet - <no file></div>
<div>Notify: cscdll - <no file></div>
<div>Notify: dimsntfy - <no file></div>
<div>Notify: ScCertProp - <no file></div>
<div>Notify: Schedule - <no file></div>
<div>Notify: sclgntfy - <no file></div>
<div>Notify: SensLogn - <no file></div>
<div>Notify: termsrv - <no file></div>
<div>Notify: wlballoon - <no file></div>
<div>SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll</div>
<div>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome</div>
<div>Hosts: 127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>www.spywareinfo.com</div>
<div>.</div>
<div>============= SERVICES / DRIVERS ===============</div>
<div>.</div>
<div>R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-5-13 13560]</div>
<div>R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]</div>
<div>R1 asdnet;asdnet;c:\program files\anvisoft\anvi smart defender\toolbox\adblocker\sys\x86\asdnet.sys [2013-5-13 15696]</div>
<div>R1 asdrm;asdrm;c:\windows\system32\drivers\asdrm.sys [2013-5-13 16208]</div>
<div>R2 ADBlockerSrv;AD Blocker Service;c:\program files\anvisoft\anvi smart defender\toolbox\adblocker\ADBlockerSrv.exe [2013-5-13 280648]</div>
<div>R2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\drivers\asdrs.sys [2013-5-13 22864]</div>
<div>R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\anvisoft\anvi smart defender\ASDSrv.exe [2013-3-5 739400]</div>
<div>R2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\drivers\asdws.sys [2013-5-13 14160]</div>
<div>R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-10 418376]</div>
<div>R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-5-10 701512]</div>
<div>R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-10 22856]</div>
<div>S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]</div>
<div>S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]</div>
<div>S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-5-10 35144]</div>
<div>S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]</div>
<div>.</div>
<div>=============== Created Last 30 ================</div>
<div>.</div>
<div>2013-05-16 13:02:33<span class="Apple-tab-span" style="white-space:pre"> </span>7016152<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a1f9ea85-e2ca-4618-879e-5b85d13ecdf0}\mpengine.dll</div>
<div>2013-05-15 03:04:58<span class="Apple-tab-span" style="white-space:pre"> </span>7016152<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll</div>
<div>2013-05-14 18:29:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\Amazon Cloud Player</div>
<div>2013-05-14 15:22:06<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\Program Files</div>
<div>2013-05-14 11:23:02<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Spybot - Search & Destroy</div>
<div>2013-05-14 11:23:02<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\all users\application data\Spybot - Search & Destroy</div>
<div>2013-05-14 02:30:31<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\Anvisoft</div>
<div>2013-05-14 02:30:04<span class="Apple-tab-span" style="white-space:pre"> </span>22864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\asdrs.sys</div>
<div>2013-05-14 02:30:04<span class="Apple-tab-span" style="white-space:pre"> </span>16208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\asdrm.sys</div>
<div>2013-05-14 02:30:04<span class="Apple-tab-span" style="white-space:pre"> </span>14160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\asdws.sys</div>
<div>2013-05-14 02:29:51<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\all users\application data\Anvisoft</div>
<div>2013-05-14 02:29:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Anvisoft</div>
<div>2013-05-14 02:19:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\GetRightToGo</div>
<div>2013-05-14 02:13:10<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\LavasoftStatistics</div>
<div>2013-05-14 02:11:39<span class="Apple-tab-span" style="white-space:pre"> </span>13560<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\gfibto.sys</div>
<div>2013-05-14 02:11:38<span class="Apple-tab-span" style="white-space:pre"> </span>44424<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\sbbd.exe</div>
<div>2013-05-14 02:11:35<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\Ad-Aware Antivirus</div>
<div>2013-05-14 00:33:22<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Enigma Software Group</div>
<div>2013-05-14 00:31:22<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\D8167CA8236B4334B77DF388F494EE18.TMP</div>
<div>2013-05-13 19:13:35<span class="Apple-tab-span" style="white-space:pre"> </span>388096<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe</div>
<div>2013-05-13 19:13:33<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Trend Micro</div>
<div>2013-05-13 02:47:58<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Maxis</div>
<div>2013-05-12 22:58:20<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\GameFly</div>
<div>2013-05-12 11:22:49<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\Extensions</div>
<div>2013-05-12 11:22:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\searchplugins</div>
<div>2013-05-12 11:20:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\DSite</div>
<div>2013-05-12 11:03:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\PCHealth</div>
<div>2013-05-12 10:49:53<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Bus Driver</div>
<div>2013-05-12 10:23:55<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Microsoft Games</div>
<div>2013-05-12 02:48:25<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Defraggler</div>
<div>2013-05-12 01:22:06<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\Conduit</div>
<div>2013-05-12 01:22:05<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\Temp</div>
<div>2013-05-12 01:20:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\CRE</div>
<div>2013-05-11 23:46:57<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\Dream Aquarium</div>
<div>2013-05-11 23:46:53<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Dream Aquarium</div>
<div>2013-05-11 23:02:37<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\all users\application data\SimAquarium</div>
<div>2013-05-11 23:00:02<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\The Weather Channel</div>
<div>2013-05-11 22:41:29<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\The Weather Channel FW</div>
<div>2013-05-11 22:41:24<span class="Apple-tab-span" style="white-space:pre"> </span>499712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msvcp71.dll</div>
<div>2013-05-11 22:41:23<span class="Apple-tab-span" style="white-space:pre"> </span>348160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msvcr71.dll</div>
<div>2013-05-11 22:40:30<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\The Weather Channel</div>
<div>2013-05-11 20:11:46<span class="Apple-tab-span" style="white-space:pre"> </span>45056<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\NCUNINST.EXE</div>
<div>2013-05-11 20:08:41<span class="Apple-tab-span" style="white-space:pre"> </span>12928<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\dot4prt.sys</div>
<div>2013-05-11 20:08:41<span class="Apple-tab-span" style="white-space:pre"> </span>12928<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\Dot4Prt.sys</div>
<div>2013-05-11 20:08:31<span class="Apple-tab-span" style="white-space:pre"> </span>206976<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\dot4.sys</div>
<div>2013-05-11 20:08:31<span class="Apple-tab-span" style="white-space:pre"> </span>206976<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\Dot4.sys</div>
<div>2013-05-11 20:08:28<span class="Apple-tab-span" style="white-space:pre"> </span>23808<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\dot4usb.sys</div>
<div>2013-05-11 20:08:28<span class="Apple-tab-span" style="white-space:pre"> </span>23808<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\Dot4usb.sys</div>
<div>2013-05-11 20:02:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\common files\SWF Studio</div>
<div>2013-05-11 18:36:10<span class="Apple-tab-span" style="white-space:pre"> </span>60032<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\usbaudio.sys</div>
<div>2013-05-11 18:36:10<span class="Apple-tab-span" style="white-space:pre"> </span>60032<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\USBAUDIO.sys</div>
<div>2013-05-11 15:25:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\lj1010seriesprintsys</div>
<div>2013-05-11 13:43:42<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\all users\application data\Package Cache</div>
<div>2013-05-11 13:14:06<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\Quest3D</div>
<div>2013-05-11 13:14:02<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\Roaming</div>
<div>2013-05-11 10:48:13<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\dumps</div>
<div>2013-05-11 10:45:11<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\NVIDIA Corporation</div>
<div>2013-05-11 10:43:55<span class="Apple-tab-span" style="white-space:pre"> </span>443752<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\d3dx10_33.dll</div>
<div>2013-05-11 10:42:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\Logs</div>
<div>2013-05-11 10:38:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Application Data</div>
<div>2013-05-11 01:38:17<span class="Apple-tab-span" style="white-space:pre"> </span>35144<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbamchameleon.sys</div>
<div>2013-05-11 01:37:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d--h--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\PIF</div>
<div>2013-05-11 01:16:57<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\Malwarebytes</div>
<div>2013-05-11 01:15:51<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\all users\application data\Malwarebytes</div>
<div>2013-05-11 01:15:45<span class="Apple-tab-span" style="white-space:pre"> </span>22856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div>
<div>2013-05-11 01:15:45<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Malwarebytes' Anti-Malware</div>
<div>2013-05-11 01:02:56<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\WinPatrol</div>
<div>2013-05-11 01:02:31<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\BillP Studios</div>
<div>2013-05-11 01:02:31<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\all users\application data\InstallMate</div>
<div>2013-05-11 00:34:19<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\Avg2013</div>
<div>2013-05-11 00:10:46<span class="Apple-tab-span" style="white-space:pre"> </span>214256<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\muweb.dll</div>
<div>2013-05-11 00:10:44<span class="Apple-tab-span" style="white-space:pre"> </span>275696<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\mucltui.dll</div>
<div>2013-05-11 00:10:44<span class="Apple-tab-span" style="white-space:pre"> </span>17136<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\mucltui.dll.mui</div>
<div>2013-05-10 20:44:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\VS Revo Group</div>
<div>2013-05-10 20:36:40<span class="Apple-tab-span" style="white-space:pre"> </span>238872<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MpSigStub.exe</div>
<div>2013-05-10 20:23:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Microsoft Security Client</div>
<div>2013-05-10 20:18:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\HoolappForAndroid</div>
<div>2013-05-10 19:24:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\OpenOffice.org</div>
<div>2013-05-10 19:14:43<span class="Apple-tab-span" style="white-space:pre"> </span>21504<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\hidserv.dll</div>
<div>2013-05-10 19:14:43<span class="Apple-tab-span" style="white-space:pre"> </span>21504<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\hidserv.dll</div>
<div>2013-05-10 19:13:46<span class="Apple-tab-span" style="white-space:pre"> </span>26368<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\usbstor.sys</div>
<div>2013-05-10 19:13:37<span class="Apple-tab-span" style="white-space:pre"> </span>32128<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\usbccgp.sys</div>
<div>2013-05-10 19:13:37<span class="Apple-tab-span" style="white-space:pre"> </span>32128<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\usbccgp.sys</div>
<div>2013-05-01 15:26:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\MSECache</div>
<div>2013-05-01 15:15:29<span class="Apple-tab-span" style="white-space:pre"> </span>28552<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll</div>
<div>2013-05-01 15:15:29<span class="Apple-tab-span" style="white-space:pre"> </span>28040<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\mdimon.dll</div>
<div>2013-05-01 15:10:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SHELLNEW</div>
<div>2013-05-01 15:10:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Microsoft ActiveSync</div>
<div>2013-05-01 15:00:53<span class="Apple-tab-span" style="white-space:pre"> </span>14592<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\kbdhid.sys</div>
<div>2013-05-01 15:00:53<span class="Apple-tab-span" style="white-space:pre"> </span>14592<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\kbdhid.sys</div>
<div>2013-05-01 15:00:27<span class="Apple-tab-span" style="white-space:pre"> </span>12160<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\mouhid.sys</div>
<div>2013-05-01 15:00:27<span class="Apple-tab-span" style="white-space:pre"> </span>12160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mouhid.sys</div>
<div>2013-05-01 15:00:14<span class="Apple-tab-span" style="white-space:pre"> </span>10368<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\hidusb.sys</div>
<div>2013-05-01 15:00:14<span class="Apple-tab-span" style="white-space:pre"> </span>10368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\hidusb.sys</div>
<div>2013-04-29 14:04:57<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-sh--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\IECompatCache</div>
<div>2013-04-29 13:39:19<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\CCleaner</div>
<div>2013-04-26 14:33:58<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Windows Media Connect 2</div>
<div>2013-04-26 14:31:32<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\LogFiles</div>
<div>2013-04-26 14:27:41<span class="Apple-tab-span" style="white-space:pre"> </span>221184<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wmpns.dll</div>
<div>2013-04-26 13:22:06<span class="Apple-tab-span" style="white-space:pre"> </span>159744<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\internet explorer\plugins\npqtplugin7.dll</div>
<div>2013-04-26 13:22:06<span class="Apple-tab-span" style="white-space:pre"> </span>159744<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\internet explorer\plugins\npqtplugin6.dll</div>
<div>2013-04-26 13:22:06<span class="Apple-tab-span" style="white-space:pre"> </span>159744<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\internet explorer\plugins\npqtplugin5.dll</div>
<div>2013-04-26 13:22:06<span class="Apple-tab-span" style="white-space:pre"> </span>159744<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\internet explorer\plugins\npqtplugin4.dll</div>
<div>2013-04-26 13:22:06<span class="Apple-tab-span" style="white-space:pre"> </span>159744<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\internet explorer\plugins\npqtplugin3.dll</div>
<div>2013-04-26 13:22:06<span class="Apple-tab-span" style="white-space:pre"> </span>159744<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\internet explorer\plugins\npqtplugin2.dll</div>
<div>2013-04-26 13:22:06<span class="Apple-tab-span" style="white-space:pre"> </span>159744<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\internet explorer\plugins\npqtplugin.dll</div>
<div>2013-04-25 18:22:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\Apple Computer</div>
<div>2013-04-25 18:22:08<span class="Apple-tab-span" style="white-space:pre"> </span>26840<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\GEARAspiWDM.sys</div>
<div>2013-04-25 18:20:59<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\iPod</div>
<div>2013-04-25 18:20:54<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\iTunes</div>
<div>2013-04-25 18:20:54<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1</div>
<div>2013-04-25 18:18:51<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\Apple</div>
<div>2013-04-25 18:18:14<span class="Apple-tab-span" style="white-space:pre"> </span>6112864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\usbaaplrc.dll</div>
<div>2013-04-25 18:18:14<span class="Apple-tab-span" style="white-space:pre"> </span>45056<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\usbaapl.sys</div>
<div>2013-04-25 18:17:20<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Bonjour</div>
<div>2013-04-25 18:01:25<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\Google</div>
<div>2013-04-25 18:00:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\Sun</div>
<div>2013-04-25 17:55:56<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\Adobe</div>
<div>2013-04-25 17:53:08<span class="Apple-tab-span" style="white-space:pre"> </span>788896<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\deployJava1.dll</div>
<div>2013-04-25 17:53:07<span class="Apple-tab-span" style="white-space:pre"> </span>866720<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\npDeployJava1.dll</div>
<div>2013-04-25 17:37:35<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\Adobe</div>
<div>2013-04-25 17:21:49<span class="Apple-tab-span" style="white-space:pre"> </span>71048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerCPLApp.cpl</div>
<div>2013-04-25 17:21:49<span class="Apple-tab-span" style="white-space:pre"> </span>692104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerApp.exe</div>
<div>2013-04-25 16:04:49<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\application data\TuneUp Software</div>
<div>2013-04-25 15:59:39<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d--h--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\all users\application data\Common Files</div>
<div>2013-04-25 15:59:39<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\local settings\application data\MFAData</div>
<div>2013-04-25 15:59:39<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\all users\application data\MFAData</div>
<div>2013-04-25 15:47:53<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-sh--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\PrivacIE</div>
<div>2013-04-25 15:39:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-sh--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\owner\IETldCache</div>
<div>2013-04-25 15:26:19<span class="Apple-tab-span" style="white-space:pre"> </span>522240<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\jsdbgui.dll</div>
<div>2013-04-25 15:25:34<span class="Apple-tab-span" style="white-space:pre"> </span>6144<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\iecompat.dll</div>
<div>2013-04-25 15:25:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\ie8updates</div>
<div>2013-04-25 15:24:54<span class="Apple-tab-span" style="white-space:pre"> </span>743424<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\iedvtool.dll</div>
<div>2013-04-25 15:24:54<span class="Apple-tab-span" style="white-space:pre"> </span>630272<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\msfeeds.dll</div>
<div>2013-04-25 15:24:54<span class="Apple-tab-span" style="white-space:pre"> </span>55296<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\msfeedsbs.dll</div>
<div>2013-04-25 15:24:54<span class="Apple-tab-span" style="white-space:pre"> </span>247808<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\ieproxy.dll</div>
<div>2013-04-25 15:24:54<span class="Apple-tab-span" style="white-space:pre"> </span>2005504<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\iertutil.dll</div>
<div>2013-04-25 15:24:54<span class="Apple-tab-span" style="white-space:pre"> </span>12800<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\xpshims.dll</div>
<div>2013-04-25 15:24:54<span class="Apple-tab-span" style="white-space:pre"> </span>11112960<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\ieframe.dll</div>
<div>2013-04-25 15:23:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>dc-h--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\ie8</div>
<div>2013-04-25 15:05:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\nview</div>
<div>2013-04-25 15:03:29<span class="Apple-tab-span" style="white-space:pre"> </span>12928<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\usb8023.sys</div>
<div>2013-04-25 15:03:28<span class="Apple-tab-span" style="white-space:pre"> </span>12928<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\usb8023x.sys</div>
<div>2013-04-25 15:02:41<span class="Apple-tab-span" style="white-space:pre"> </span>290560<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\atmfd.dll</div>
<div>2013-04-25 15:01:39<span class="Apple-tab-span" style="white-space:pre"> </span>139784<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\rdpwd.sys</div>
<div>2013-04-25 14:59:10<span class="Apple-tab-span" style="white-space:pre"> </span>3072<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\iacenc.dll</div>
<div>2013-04-25 14:56:41<span class="Apple-tab-span" style="white-space:pre"> </span>456320<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\mrxsmb.sys</div>
<div>2013-04-25 14:56:36<span class="Apple-tab-span" style="white-space:pre"> </span>10496<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\ndistapi.sys</div>
<div>2013-04-25 14:56:18<span class="Apple-tab-span" style="white-space:pre"> </span>105472<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\mup.sys</div>
<div>2013-04-25 14:56:13<span class="Apple-tab-span" style="white-space:pre"> </span>471552<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\aclayers.dll</div>
<div>2013-04-25 14:53:23<span class="Apple-tab-span" style="white-space:pre"> </span>40960<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\ndproxy.sys</div>
<div>2013-04-25 14:53:07<span class="Apple-tab-span" style="white-space:pre"> </span>45568<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\wab.exe</div>
<div>2013-04-25 14:53:02<span class="Apple-tab-span" style="white-space:pre"> </span>590848<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\rpcrt4.dll</div>
<div>2013-04-25 14:52:44<span class="Apple-tab-span" style="white-space:pre"> </span>978944<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\mfc42.dll</div>
<div>2013-04-25 14:52:44<span class="Apple-tab-span" style="white-space:pre"> </span>953856<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\mfc40u.dll</div>
<div>2013-04-25 14:52:25<span class="Apple-tab-span" style="white-space:pre"> </span>617472<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\comctl32.dll</div>
<div>2013-04-25 14:51:36<span class="Apple-tab-span" style="white-space:pre"> </span>3558912<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\moviemk.exe</div>
<div>2013-04-25 14:51:05<span class="Apple-tab-span" style="white-space:pre"> </span>744448<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\helpsvc.exe</div>
<div>2013-04-25 14:48:36<span class="Apple-tab-span" style="white-space:pre"> </span>81920<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\fontsub.dll</div>
<div>2013-04-25 14:48:36<span class="Apple-tab-span" style="white-space:pre"> </span>119808<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\t2embed.dll</div>
<div>2013-04-25 14:46:29<span class="Apple-tab-span" style="white-space:pre"> </span>153088<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\triedit.dll</div>
<div>2013-04-25 14:43:15<span class="Apple-tab-span" style="white-space:pre"> </span>272128<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\bthport.sys</div>
<div>2013-04-25 14:43:10<span class="Apple-tab-span" style="white-space:pre"> </span>203136<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\rmcast.sys</div>
<div>2013-04-25 14:05:57<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\PreInstall</div>
<div>2013-04-25 13:58:03<span class="Apple-tab-span" style="white-space:pre"> </span>22040<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wucltui.dll.mui</div>
<div>2013-04-25 13:58:02<span class="Apple-tab-span" style="white-space:pre"> </span>17944<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuaueng.dll.mui</div>
<div>2013-04-25 13:58:02<span class="Apple-tab-span" style="white-space:pre"> </span>15384<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuaucpl.cpl.mui</div>
<div>2013-04-25 13:58:02<span class="Apple-tab-span" style="white-space:pre"> </span>15384<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuapi.dll.mui</div>
<div>2013-04-25 13:58:02<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\SoftwareDistribution</div>
<div>2013-04-25 13:40:25<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\ServicePackFiles</div>
<div>2013-04-25 13:40:12<span class="Apple-tab-span" style="white-space:pre"> </span>294912<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\windows media player\dlimport.exe</div>
<div>2013-04-25 13:40:07<span class="Apple-tab-span" style="white-space:pre"> </span>294912<span class="Apple-tab-span" style="white-space:pre"> </span>-c----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\dllcache\dlimport.exe</div>
<div>2013-04-25 13:35:40<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ReinstallBackups</div>
<div>2013-04-25 13:35:23<span class="Apple-tab-span" style="white-space:pre"> </span>26144<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\spupdsvc.exe</div>
<div>2013-04-25 13:32:10<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\EHome</div>
<div>.</div>
<div>==================== Find3M ====================</div>
<div>.</div>
<div>2013-04-16 22:17:15<span class="Apple-tab-span" style="white-space:pre"> </span>920064<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wininet.dll</div>
<div>2013-04-16 22:17:14<span class="Apple-tab-span" style="white-space:pre"> </span>43520<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\licmgr10.dll</div>
<div>2013-04-16 22:17:14<span class="Apple-tab-span" style="white-space:pre"> </span>1469440<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\inetcpl.cpl</div>
<div>2013-04-12 23:28:55<span class="Apple-tab-span" style="white-space:pre"> </span>385024<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\html.iec</div>
<div>2013-04-10 01:31:19<span class="Apple-tab-span" style="white-space:pre"> </span>1876352<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\win32k.sys</div>
<div>2013-03-08 08:36:22<span class="Apple-tab-span" style="white-space:pre"> </span>293376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\winsrv.dll</div>
<div>2013-03-07 01:28:24<span class="Apple-tab-span" style="white-space:pre"> </span>2193408<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntoskrnl.exe</div>
<div>2013-03-07 00:50:28<span class="Apple-tab-span" style="white-space:pre"> </span>2070016<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntkrnlpa.exe</div>
<div>2013-02-27 07:56:51<span class="Apple-tab-span" style="white-space:pre"> </span>2067456<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\mstscax.dll</div>
<div>2013-02-21 19:06:25<span class="Apple-tab-span" style="white-space:pre"> </span>81920<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ieencode.dll</div>
<div>.</div>
<div>============= FINISH: 16:26:28.47 ===============</div>
<div> </div>
-
MBAM not detecting
Security Essentials not detecting
Spybot S&D not detecting
-
10-4 Gringo. I uninstalled everything along with antivirus. I've installed the programs you recommend. I will upgrade to Paid Version MBAM. Thanks again for your expert and unexpected help. I will let you know if anything comes up. This has been an interesting learning experience.
gulfstream2013
-
Thank you for your help Gringo:
C:\Documents and Settings\Clare Colthup\Application Data\Uniblue\RegistryBooster\_temp\registrybooster.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1442\A0355671.exe a variant of Win32/SoftonicDownloader.E application
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1454\A0357837.dll Win32/Toolbar.MyWebSearch application
-
Gringo: When I ran Revo Uninstaller I did uninstall Java 7 Update, but the only IE icon was IE 8, not Default Page, so I did not uninstall IE 8.
Computer is running ok, but shutdown or restart hangs for a couple minutes and then finally executes.
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
Database version: v2013.04.19.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Clare Colthup :: CLARE [administrator]
Protection: Enabled
4/19/2013 7:48:01 AM
mbam-log-2013-04-19 (07-48-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 285779
Time elapsed: 13 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
ogfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:23:28 AM, on 4/19/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
C:\Documents and Settings\Clare Colthup\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Anvi Smart Defender] C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe
O4 - HKLM\..\Run: [ADBlocker] "C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe" -tray
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O23 - Service: AD Blocker Service (ADBlockerSrv) - Unknown owner - C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Anvi Smart Defender Realtime Guard Service (asdsrv) - Anvisoft - C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 5128 bytes
-
Hello Gringo
No problems running Combofix. The computer is running very well now. Browser seems to be fixed. Computer and browser speeds are good.
ComboFix 13-04-18.03 - Clare Colthup 04/18/2013 19:28:31.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.983 [GMT -4:00]
Running from: c:\documents and settings\Clare Colthup\Desktop\Virus Programs\ComboFix.exe
Command switches used :: c:\documents and settings\Clare Colthup\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Trend Micro Firewall Booster *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2013-03-18 to 2013-04-18 )))))))))))))))))))))))))))))))
.
.
2013-04-18 19:21 . 2013-04-18 19:21 -------- dc----w- C:\_OTL
2013-04-16 23:37 . 2013-04-16 23:37 -------- dc----w- c:\program files\Common Files\Java
2013-04-16 23:32 . 2013-04-16 23:31 144896 -c--a-w- c:\windows\system32\javacpl.cpl
2013-04-16 23:32 . 2013-04-16 23:32 94112 -c--a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-16 11:28 . 2013-04-16 11:28 -------- dc----w- c:\documents and settings\Clare Colthup\Application Data\Anvisoft
2013-04-16 11:25 . 2012-11-07 07:16 22864 -c--a-w- c:\windows\system32\drivers\asdrs.sys
2013-04-16 11:25 . 2012-11-07 07:16 14160 -c--a-w- c:\windows\system32\drivers\asdws.sys
2013-04-16 11:25 . 2012-11-07 07:16 16208 -c--a-w- c:\windows\system32\drivers\asdrm.sys
2013-04-16 11:25 . 2013-04-16 11:25 -------- dc----w- c:\documents and settings\All Users\Application Data\Anvisoft
2013-04-16 11:25 . 2013-04-16 11:25 -------- dc----w- c:\program files\Anvisoft
2013-04-14 22:21 . 2013-04-14 22:21 -------- dc----w- c:\documents and settings\Clare Colthup\Application Data\Xilisoft
2013-04-14 21:13 . 2013-04-14 21:13 -------- dc----w- c:\documents and settings\Clare Colthup\Local Settings\Application Data\CRE
2013-04-14 20:46 . 2013-04-14 20:46 -------- dc----w- C:\Multimedia Files
2013-04-14 20:45 . 2013-04-14 20:46 -------- dc----w- c:\program files\Microsoft Image Composer
2013-04-14 17:51 . 2013-04-14 17:51 -------- dc----w- c:\documents and settings\Clare Colthup\Local Settings\Application Data\IAC
2013-04-14 16:20 . 2012-08-21 17:01 26840 -c--a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-04-14 16:19 . 2013-04-14 16:19 -------- dc----w- c:\program files\iPod
2013-04-13 18:55 . 2013-04-13 18:57 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple
2013-04-13 18:14 . 2013-04-13 18:14 -------- dc----w- c:\documents and settings\All Users\Application Data\NCH Software
2013-04-13 18:14 . 2013-04-13 18:18 -------- dc----w- c:\program files\NCH Software
2013-04-13 18:14 . 2013-04-13 18:14 -------- dc----w- c:\documents and settings\Clare Colthup\Application Data\NCH Software
2013-04-12 19:20 . 2013-04-12 19:20 -------- dc----w- c:\documents and settings\Clare Colthup\Application Data\Microsoft Web Folders
2013-04-11 11:57 . 2013-04-14 16:40 -------- dc----w- c:\program files\Microsoft Games
2013-04-10 14:41 . 2013-04-10 14:58 -------- dc----w- c:\documents and settings\Clare Colthup\Application Data\FixCleaner
2013-03-29 15:55 . 2013-03-29 15:55 -------- dc----w- c:\documents and settings\Clare Colthup\Application Data\1&1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-16 23:31 . 2012-12-17 19:42 866720 -c--a-w- c:\windows\system32\npDeployJava1.dll
2013-04-16 23:31 . 2012-12-17 19:42 788896 -c--a-w- c:\windows\system32\deployJava1.dll
2013-04-11 20:59 . 2012-12-17 19:45 691592 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-11 20:59 . 2011-08-04 21:45 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-04 18:50 . 2012-12-14 15:28 22856 -c--a-w- c:\windows\system32\drivers\mbam.sys
2013-03-08 08:36 . 2002-08-29 11:00 293376 -c--a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:28 . 1980-01-01 06:00 2193408 -c--a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 1980-01-01 06:00 2070016 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-06 22:33 . 2013-03-18 15:52 164736 -c--a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-06 22:33 . 2013-03-18 15:52 49248 -c--a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 22:33 . 2012-06-06 22:18 368176 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 22:33 . 2012-06-06 22:18 62376 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 22:33 . 2012-06-06 22:18 49760 -c--a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 22:33 . 2012-06-06 22:18 765736 -c--a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 22:33 . 2013-03-18 15:52 66336 -c--a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 22:33 . 2012-06-06 22:18 29816 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 22:32 . 2012-06-06 22:17 41664 -c--a-w- c:\windows\avastSS.scr
2013-03-06 22:32 . 2012-06-06 22:17 228600 -c--a-w- c:\windows\system32\aswBoot.exe
2013-03-02 02:06 . 2004-08-24 01:32 916480 -c--a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2002-08-29 11:00 43520 -c----w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2002-08-29 11:00 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2002-08-29 11:00 1867264 -c--a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-04 05:59 385024 -c----w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2002-08-29 11:00 2067456 -c--a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2004-08-04 06:04 12928 -c----w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2002-08-29 11:00 12928 -c--a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2002-08-29 11:00 552448 -c--a-w- c:\windows\system32\oleaut32.dll
2013-01-15 09:27 . 2013-01-15 09:27 2174976 -c--a-w- c:\program files\Common Files\atimpenc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-24 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"ADBlocker"="c:\program files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe" [2012-12-21 979816]
"Anvi Smart Defender"="c:\program files\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-12-21 1434984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-12-19 18:37 92072 -c--a-w- c:\windows\SYSTEM32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-01-24 02:30 68856 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
2003-03-31 23:28 155648 -c--a-w- c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"LVPrcSrv"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 aswRvrt;aswRvrt;c:\windows\SYSTEM32\DRIVERS\aswRvrt.sys [3/18/2013 11:52 AM 49248]
R1 asdnet;asdnet;c:\program files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\x86\asdnet.sys [4/16/2013 7:25 AM 15696]
R1 asdrm;asdrm;c:\windows\SYSTEM32\DRIVERS\asdrm.sys [4/16/2013 7:25 AM 16208]
R1 aswKbd;aswKbd;c:\windows\SYSTEM32\DRIVERS\aswKbd.sys [10/12/2012 11:43 AM 20624]
R1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.sys [6/6/2012 6:18 PM 765736]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [6/6/2012 6:18 PM 368176]
R2 ADBlockerSrv;AD Blocker Service;c:\program files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [4/16/2013 7:25 AM 279368]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\SYSTEM32\DRIVERS\asdrs.sys [4/16/2013 7:25 AM 22864]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [12/20/2012 10:43 PM 735592]
R2 asdws;AnviSmartDefender Web Guard;c:\windows\SYSTEM32\DRIVERS\asdws.sys [4/16/2013 7:25 AM 14160]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [6/6/2012 6:18 PM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\SYSTEM32\DRIVERS\aswMonFlt.sys [3/18/2013 11:52 AM 66336]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/29/2010 9:34 PM 374704]
S0 Lbd;Lbd; [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/16/2011 3:10 PM 12856]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/14/2012 11:28 AM 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/14/2012 11:28 AM 701512]
S3 aswVmm;aswVmm;c:\windows\SYSTEM32\DRIVERS\aswVmm.sys [3/18/2013 11:52 AM 164736]
S3 esgiguard;esgiguard; [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; [x]
S3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [12/14/2012 11:28 AM 22856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-19 14:10 1629648 -c--a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-17 20:59]
.
2013-04-17 c:\windows\Tasks\AnviQuickScan.job
- c:\program files\Anvisoft\Anvi Smart Defender\PopupScan.exe [2012-12-21 02:43]
.
2013-03-18 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-15 22:32]
.
2013-04-13 c:\windows\Tasks\SwitchReminder.job
- c:\program files\NCH Software\Switch\switch.exe [2013-04-13 20:41]
.
2012-12-20 c:\windows\Tasks\User_Feed_Synchronization-{79105A1A-C2D8-48BC-B1E9-CD0FE252C4C6}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.claresworld.us/
mStart Page = hxxp://www.claresworld.us
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 192.168.254.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-18 19:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3200)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-04-18 19:50:27
ComboFix-quarantined-files.txt 2013-04-18 23:50
ComboFix2.txt 2013-04-17 10:55
ComboFix3.txt 2011-10-20 18:02
.
Pre-Run: 58,926,587,904 bytes free
Post-Run: 58,929,471,488 bytes free
.
- - End Of File - - 6678EBF19F007F25DB5412A28A64DC06
-
Gringo, computer takes a while to boot up, as if a scan is running? Browser also took a while to open completely, but mixiDJ and Bing seem to be gone. Manage add-ons opened by itself. I deleted "Live Search" which was listed as 'unavailable'.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@radialpoint.com/SPA,version=1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}\ not found.
Registry key HKEY_USERS\S-1-5-21-1819532754-2096334853-3671780774-1007\Software\Microsoft\Internet Explorer\SearchScopes\{57A6DD8A-5BB6-4FD0-A136-9045C35B994D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57A6DD8A-5BB6-4FD0-A136-9045C35B994D}\ not found.
Registry key HKEY_USERS\S-1-5-21-1819532754-2096334853-3671780774-1007\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1819532754-2096334853-3671780774-1007\Software\Microsoft\Internet Explorer\SearchScopes\{57A6DD8A-5BB6-4FD0-A136-9045C35B994D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57A6DD8A-5BB6-4FD0-A136-9045C35B994D}\ not found.
Registry key HKEY_USERS\S-1-5-21-1819532754-2096334853-3671780774-1007\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Clare Colthup\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Clare Colthup\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYJAVA]
User: Administrator
User: All Users
User: BB443B11-7D12-450c-9F85-2D32804655F9
User: Clare Colthup
->Java cache emptied: 0 bytes
User: Default User
User: LocalService
User: LogMeInRemoteUser
User: LogMeInRemoteUser.CLARE
User: NetworkService
User: Rosie for Grandpa
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: BB443B11-7D12-450c-9F85-2D32804655F9
User: Clare Colthup
->Flash cache emptied: 57983 bytes
User: Default User
->Flash cache emptied: 57472 bytes
User: LocalService
User: LogMeInRemoteUser
User: LogMeInRemoteUser.CLARE
->Flash cache emptied: 56502 bytes
User: NetworkService
User: Rosie for Grandpa
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04182013_152247
-
Hi Gringo, OTL run successfully. OTL.txt:
OTL logfile created on: 4/18/2013 7:19:59 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Clare Colthup\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.50 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 52.50% Memory free
2.29 Gb Paging File | 1.71 Gb Available in Paging File | 74.64% Paging File free
Paging file location(s): C:\pagefile.sys 957 957 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 54.85 Gb Free Space | 73.65% Space Free | Partition Type: NTFS
Computer Name: CLARE | User Name: Clare Colthup | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Clare Colthup\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe ()
PRC - C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
PRC - C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe (Anvisoft)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe ()
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\AVAST Software\Avast\defs\13041701\algo.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe ()
MOD - C:\Program Files\Anvisoft\Anvi Smart Defender\sqlite3.dll ()
MOD - C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe ()
MOD - C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sqlite3.dll ()
MOD - C:\WINDOWS\SYSTEM32\HPBHEALR.DLL ()
========== Services (SafeList) ==========
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (asdsrv) -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe (Anvisoft)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (ADBlockerSrv) -- C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe ()
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\SYSTEM32\hpzipm12.exe (HP)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (wanatw) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MRESP50a64) -- File not found
DRV - (MRESP50) -- File not found
DRV - (MRENDIS5) -- File not found
DRV - (MREMPR5) -- File not found
DRV - (MREMP50a64) -- File not found
DRV - (MREMP50) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- File not found
DRV - (Lavasoft Kernexplorer) -- File not found
DRV - (iAimTV2) -- File not found
DRV - (FilterService) -- File not found
DRV - (esgiguard) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\CLAREC~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (LVUVC) -- C:\WINDOWS\System32\drivers\lvuvc.hs ()
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (asdrs) -- C:\WINDOWS\SYSTEM32\DRIVERS\asdrs.sys (Anvisoft)
DRV - (asdws) -- C:\WINDOWS\SYSTEM32\DRIVERS\asdws.sys ()
DRV - (asdrm) -- C:\WINDOWS\SYSTEM32\DRIVERS\asdrm.sys (Anvisoft)
DRV - (aswKbd) -- C:\WINDOWS\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (asdnet) -- C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\x86\asdnet.sys ()
DRV - (LMIRfsDriver) -- C:\WINDOWS\SYSTEM32\DRIVERS\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (hamachi) -- C:\WINDOWS\SYSTEM32\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (BCMModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys (Broadcom Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.claresworld.us
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^HJ^xdm017^YY^us&si=pconverter&ptb=9BB61B67-7936-48B6-9827-039A2621A2DC&ind=2013041413&n=77fc9305&psa=&st=sb&searchfor={searchTerms}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.claresworld.us/
IE - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\..\SearchScopes,DefaultScope = {57A6DD8A-5BB6-4FD0-A136-9045C35B994D}
IE - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\..\SearchScopes\{57A6DD8A-5BB6-4FD0-A136-9045C35B994D}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3287822&CUI=UN23365699186637288&UM=2
IE - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\..\SearchScopes\{A81D283D-CA62-4A34-BBBC-B8302125AD5E}: "URL" =
IE - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
========== Chrome ==========
CHR - Extension: No name found = C:\Documents and Settings\Clare Colthup\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Documents and Settings\Clare Colthup\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/04/17 06:49:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [ADBlocker] C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe ()
O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1819532754-2096334853-3671780774-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA1DC0A0-681F-42D6-A7E9-CCF8B4727FD2}: DhcpNameServer = 192.168.254.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Clare Colthup\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Clare Colthup\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 10:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/04/18 07:18:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Clare Colthup\Desktop\OTL.exe
[2013/04/17 08:45:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/04/16 20:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Desktop\RK_Quarantine
[2013/04/16 19:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/04/16 19:32:49 | 000,144,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/04/16 19:32:48 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/04/16 19:32:34 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/04/16 19:32:34 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/04/16 19:32:34 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/04/16 07:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Application Data\Anvisoft
[2013/04/16 07:25:41 | 000,022,864 | ---- | C] (Anvisoft) -- C:\WINDOWS\System32\drivers\asdrs.sys
[2013/04/16 07:25:41 | 000,016,208 | ---- | C] (Anvisoft) -- C:\WINDOWS\System32\drivers\asdrm.sys
[2013/04/16 07:25:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\anvisoft
[2013/04/16 07:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Anvisoft
[2013/04/16 07:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft
[2013/04/14 18:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Application Data\Xilisoft
[2013/04/14 17:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Local Settings\Application Data\CRE
[2013/04/14 16:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Start Menu\Programs\Microsoft Image Composer
[2013/04/14 16:46:10 | 000,000,000 | ---D | C] -- C:\Multimedia Files
[2013/04/14 16:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Image Composer
[2013/04/14 13:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Local Settings\Application Data\IAC
[2013/04/14 12:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/04/14 12:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/04/14 12:18:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/04/14 12:18:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/04/14 12:17:43 | 006,112,864 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2013/04/14 09:18:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Clare Colthup\Recent
[2013/04/13 19:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2013/04/13 15:00:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Local Settings\Application Data\Apple Computer
[2013/04/13 15:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Application Data\Apple Computer
[2013/04/13 14:58:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/04/13 14:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Local Settings\Application Data\Apple
[2013/04/13 14:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2013/04/13 14:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/04/13 14:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/04/13 14:55:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2013/04/13 14:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Start Menu\Programs\NCH Software Suite
[2013/04/13 14:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Start Menu\Programs\Audio Related Programs
[2013/04/13 14:14:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2013/04/13 14:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite
[2013/04/13 14:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Audio Related Programs
[2013/04/13 14:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2013/04/13 14:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Application Data\NCH Software
[2013/04/12 15:31:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\My Documents\My Webs
[2013/04/12 15:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
[2013/04/12 15:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft Web Folders
[2013/04/11 08:10:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games
[2013/04/11 07:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2013/04/10 10:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Application Data\FixCleaner
[2013/04/10 10:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2013/04/10 09:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\My Documents\Pete
[2013/04/10 09:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\My Documents\Clare's Book
[2013/04/01 12:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\1&1
[2013/03/29 11:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clare Colthup\Application Data\1&1
[2013/03/19 10:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2013/01/15 05:27:04 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files\Common Files\atimpenc.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/04/18 07:19:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Clare Colthup\Desktop\OTL.exe
[2013/04/18 07:06:35 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2013/04/17 11:50:16 | 000,000,560 | ---- | M] () -- C:\WINDOWS\tasks\AnviUpdate.job
[2013/04/17 11:50:16 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\AnviQuickScan.job
[2013/04/17 11:09:33 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Clare Colthup\Desktop\email.lnk
[2013/04/17 10:11:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2013/04/17 09:38:49 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns
[2013/04/17 09:38:49 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns
[2013/04/17 06:49:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2013/04/16 19:38:02 | 000,001,109 | ---- | M] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Anvi AD Blocker.lnk
[2013/04/16 19:38:02 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Anvi Smart Defender.lnk
[2013/04/16 19:32:05 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/04/16 19:31:56 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/04/16 19:31:56 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/04/16 19:31:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/04/16 19:31:55 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/04/16 19:31:53 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/04/16 19:31:52 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/04/15 11:37:53 | 000,002,467 | ---- | M] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft FrontPage.lnk
[2013/04/15 08:03:29 | 000,001,701 | ---- | M] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\avast! Free Antivirus.lnk
[2013/04/14 17:35:51 | 000,395,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/14 12:45:22 | 000,001,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Conquerors.lnk
[2013/04/14 12:20:16 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/04/14 06:47:22 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Switch Sound File Converter.lnk
[2013/04/13 17:21:52 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\SwitchReminder.job
[2013/04/12 15:30:08 | 000,000,377 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2013/04/12 15:23:47 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2013/04/11 16:59:03 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/11 16:59:00 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/04/11 16:59:00 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/04/11 08:10:07 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Train Simulator.lnk
[2013/04/10 11:36:43 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2013/04/10 10:07:52 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware (2).lnk
[2013/04/10 10:03:07 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2013/04/10 09:03:30 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Clare Colthup\Desktop\Microsoft Office Excel 2003.lnk
[2013/04/10 08:55:26 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Clare Colthup\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/10 08:50:43 | 000,437,068 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2013/04/10 08:50:43 | 000,069,294 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2013/04/10 07:23:01 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/01 12:48:28 | 000,001,722 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\1&1 WebMail.lnk
[2013/03/20 08:47:33 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/19 10:15:33 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/04/17 11:44:37 | 000,000,560 | ---- | C] () -- C:\WINDOWS\tasks\AnviUpdate.job
[2013/04/16 19:38:02 | 000,001,109 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Anvi AD Blocker.lnk
[2013/04/16 19:38:02 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Anvi Smart Defender.lnk
[2013/04/16 14:30:56 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\AnviQuickScan.job
[2013/04/16 07:25:41 | 000,014,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\asdws.sys
[2013/04/15 08:03:29 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\avast! Free Antivirus.lnk
[2013/04/14 12:45:22 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Conquerors.lnk
[2013/04/14 12:20:16 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/04/14 06:47:22 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Switch Sound File Converter.lnk
[2013/04/14 06:47:09 | 000,002,467 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft FrontPage.lnk
[2013/04/13 17:21:52 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\SwitchReminder.job
[2013/04/13 14:57:40 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2013/04/13 14:15:26 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\WavePad Sound Editor.lnk
[2013/04/13 14:14:25 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Switch Sound File Converter.lnk
[2013/04/12 15:23:47 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2013/04/12 15:23:46 | 000,001,998 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft FrontPage.lnk
[2013/04/11 08:32:05 | 000,000,000 | ---- | C] () -- C:\FileOut.Cns
[2013/04/11 08:32:05 | 000,000,000 | ---- | C] () -- C:\FileIn.Cns
[2013/04/11 08:10:03 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Train Simulator.lnk
[2013/04/10 12:48:54 | 000,002,513 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2013/04/10 11:36:43 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2013/04/10 10:07:52 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware (2).lnk
[2013/04/10 08:55:26 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/01 12:48:28 | 000,001,722 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\1&1 WebMail.lnk
[2013/03/19 10:15:34 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/19 10:15:29 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/03/18 11:52:03 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/18 11:52:01 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2012/03/19 14:21:54 | 000,016,954 | ---- | C] () -- C:\WINDOWS\hplj1010.ini
[2011/10/20 13:43:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/20 13:43:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/20 13:43:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/20 13:43:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/04 20:33:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Brother
[2011/08/04 20:33:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Bass
[2010/04/08 18:59:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\Application Data\Bubble Noise
[2010/04/08 18:59:31 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2007/01/31 23:20:24 | 000,003,622 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\resetlog.txp
[2004/03/19 12:45:34 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\Application Data\PFP110JPR.{PB
[2004/03/19 12:45:34 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Clare Colthup\Application Data\PFP110JCM.{PB
========== ZeroAccess Check ==========
[2004/03/06 02:37:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
< End of report >
-
No problems running ComboFix. Computer seems to be running well...perhaps a bit faster. Bing continues to dominate search instead of Google. "MixiDJ V8 Customized Web Search" shows in search box top right of browser. I never asked for Bing or mixiDJ. I previously tried deleting MixiDJ in search provider management, but there's no option to remove, only for Google. Now I don't see search engine manager under browser tools at all?
Here's the log - thanks Gringo for your help:
ComboFix 13-04-17.01 - Clare Colthup 04/17/2013 6:33.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.962 [GMT -4:00]
Running from: c:\documents and settings\Clare Colthup\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Trend Micro Firewall Booster *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\fad.sys
c:\windows\system32\SET104.tmp
c:\windows\system32\SET109.tmp
c:\windows\system32\setb4.tmp
c:\windows\system32\SETB5.tmp
c:\windows\system32\SETC1.tmp
c:\windows\system32\SETCE.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-03-17 to 2013-04-17 )))))))))))))))))))))))))))))))
.
.
2013-04-16 23:37 . 2013-04-16 23:37 -------- dc----w- c:\program files\Common Files\Java
2013-04-16 23:32 . 2013-04-16 23:31 144896 -c--a-w- c:\windows\system32\javacpl.cpl
2013-04-16 23:32 . 2013-04-16 23:32 94112 -c--a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-16 11:28 . 2013-04-16 11:28 -------- dc----w- c:\documents and settings\Clare Colthup\Application Data\Anvisoft
2013-04-16 11:25 . 2012-11-07 07:16 22864 -c--a-w- c:\windows\system32\drivers\asdrs.sys
2013-04-16 11:25 . 2012-11-07 07:16 14160 -c--a-w- c:\windows\system32\drivers\asdws.sys
2013-04-16 11:25 . 2012-11-07 07:16 16208 -c--a-w- c:\windows\system32\drivers\asdrm.sys
2013-04-16 11:25 . 2013-04-16 11:25 -------- dc----w- c:\documents and settings\All Users\Application Data\Anvisoft
2013-04-16 11:25 . 2013-04-16 11:25 -------- dc----w- c:\program files\Anvisoft
2013-04-14 22:21 . 2013-04-14 22:21 -------- dc----w- c:\documents and settings\Clare Colthup\Application Data\Xilisoft
2013-04-14 21:13 . 2013-04-14 21:13 -------- dc----w- c:\documents and settings\Clare Colthup\Local Settings\Application Data\CRE
2013-04-14 20:46 . 2013-04-14 20:46 -------- dc----w- C:\Multimedia Files
2013-04-14 20:45 . 2013-04-14 20:46 -------- dc----w- c:\program files\Microsoft Image Composer
2013-04-14 17:51 . 2013-04-14 17:51 -------- dc----w- c:\documents and settings\Clare Colthup\Local Settings\Application Data\IAC
2013-04-14 16:20 . 2012-08-21 17:01 26840 -c--a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-04-14 16:19 . 2013-04-14 16:19 -------- dc----w- c:\program files\iPod
2013-04-13 18:55 . 2013-04-13 18:57 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple
2013-04-13 18:14 . 2013-04-13 18:14 -------- dc----w- c:\documents and settings\All Users\Application Data\NCH Software
2013-04-13 18:14 . 2013-04-13 18:18 -------- dc----w- c:\program files\NCH Software
2013-04-13 18:14 . 2013-04-13 18:14 -------- dc----w- c:\documents and settings\Clare Colthup\Application Data\NCH Software
2013-04-12 19:20 . 2013-04-12 19:20 -------- dc----w- c:\documents and settings\Clare Colthup\Application Data\Microsoft Web Folders
2013-04-11 11:57 . 2013-04-14 16:40 -------- dc----w- c:\program files\Microsoft Games
2013-04-10 14:41 . 2013-04-10 14:58 -------- dc----w- c:\documents and settings\Clare Colthup\Application Data\FixCleaner
2013-03-29 15:55 . 2013-03-29 15:55 -------- dc----w- c:\documents and settings\Clare Colthup\Application Data\1&1
2013-03-18 15:52 . 2013-03-06 22:33 164736 -c--a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-18 15:52 . 2013-03-06 22:33 49248 -c--a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-18 15:52 . 2013-03-06 22:33 66336 -c--a-w- c:\windows\system32\drivers\aswMonFlt.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-16 23:31 . 2012-12-17 19:42 866720 -c--a-w- c:\windows\system32\npDeployJava1.dll
2013-04-16 23:31 . 2012-12-17 19:42 788896 -c--a-w- c:\windows\system32\deployJava1.dll
2013-04-11 20:59 . 2012-12-17 19:45 691592 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-11 20:59 . 2011-08-04 21:45 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-04 18:50 . 2012-12-14 15:28 22856 -c--a-w- c:\windows\system32\drivers\mbam.sys
2013-03-08 08:36 . 2002-08-29 11:00 293376 -c--a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:28 . 1980-01-01 06:00 2193408 -c--a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 1980-01-01 06:00 2070016 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-06 22:33 . 2012-06-06 22:18 368176 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 22:33 . 2012-06-06 22:18 62376 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 22:33 . 2012-06-06 22:18 49760 -c--a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 22:33 . 2012-06-06 22:18 765736 -c--a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 22:33 . 2012-06-06 22:18 29816 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 22:32 . 2012-06-06 22:17 41664 -c--a-w- c:\windows\avastSS.scr
2013-03-06 22:32 . 2012-06-06 22:17 228600 -c--a-w- c:\windows\system32\aswBoot.exe
2013-03-02 02:06 . 2004-08-24 01:32 916480 -c--a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2002-08-29 11:00 43520 -c----w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2002-08-29 11:00 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2002-08-29 11:00 1867264 -c--a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-04 05:59 385024 -c----w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2002-08-29 11:00 2067456 -c--a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2004-08-04 06:04 12928 -c----w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2002-08-29 11:00 12928 -c--a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2002-08-29 11:00 552448 -c--a-w- c:\windows\system32\oleaut32.dll
2013-01-15 09:27 . 2013-01-15 09:27 2174976 -c--a-w- c:\program files\Common Files\atimpenc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-24 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"ADBlocker"="c:\program files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe" [2012-12-21 979816]
"Anvi Smart Defender"="c:\program files\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-12-21 1434984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-12-19 18:37 92072 -c--a-w- c:\windows\SYSTEM32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-01-24 02:30 68856 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
2003-03-31 23:28 155648 -c--a-w- c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"LVPrcSrv"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 aswRvrt;aswRvrt;c:\windows\SYSTEM32\DRIVERS\aswRvrt.sys [3/18/2013 11:52 AM 49248]
R1 asdnet;asdnet;c:\program files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\x86\asdnet.sys [4/16/2013 7:25 AM 15696]
R1 asdrm;asdrm;c:\windows\SYSTEM32\DRIVERS\asdrm.sys [4/16/2013 7:25 AM 16208]
R1 aswKbd;aswKbd;c:\windows\SYSTEM32\DRIVERS\aswKbd.sys [10/12/2012 11:43 AM 20624]
R1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.sys [6/6/2012 6:18 PM 765736]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [6/6/2012 6:18 PM 368176]
R2 ADBlockerSrv;AD Blocker Service;c:\program files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [4/16/2013 7:25 AM 279368]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\SYSTEM32\DRIVERS\asdrs.sys [4/16/2013 7:25 AM 22864]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [12/20/2012 10:43 PM 735592]
R2 asdws;AnviSmartDefender Web Guard;c:\windows\SYSTEM32\DRIVERS\asdws.sys [4/16/2013 7:25 AM 14160]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [6/6/2012 6:18 PM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\SYSTEM32\DRIVERS\aswMonFlt.sys [3/18/2013 11:52 AM 66336]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/29/2010 9:34 PM 374704]
S0 Lbd;Lbd; [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/16/2011 3:10 PM 12856]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/14/2012 11:28 AM 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/14/2012 11:28 AM 701512]
S3 aswVmm;aswVmm;c:\windows\SYSTEM32\DRIVERS\aswVmm.sys [3/18/2013 11:52 AM 164736]
S3 esgiguard;esgiguard; [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; [x]
S3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [12/14/2012 11:28 AM 22856]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-19 14:10 1629648 -c--a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-17 20:59]
.
2013-04-16 c:\windows\Tasks\AnviQuickScan.job
- c:\program files\Anvisoft\Anvi Smart Defender\PopupScan.exe [2012-12-21 02:43]
.
2013-03-18 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-15 22:32]
.
2013-04-13 c:\windows\Tasks\SwitchReminder.job
- c:\program files\NCH Software\Switch\switch.exe [2013-04-13 20:41]
.
2012-12-20 c:\windows\Tasks\User_Feed_Synchronization-{79105A1A-C2D8-48BC-B1E9-CD0FE252C4C6}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.claresworld.us/
mStart Page = hxxp://www.claresworld.us
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 192.168.254.254
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Google Update - c:\documents and settings\Clare Colthup\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-17 06:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2013-04-17 06:55:09
ComboFix-quarantined-files.txt 2013-04-17 10:55
ComboFix2.txt 2011-10-20 18:02
.
Pre-Run: 58,981,756,928 bytes free
Post-Run: 59,045,793,792 bytes free
.
- - End Of File - - F8E0BF6B095B9F3D996466D195F7964C
-
Gringo, I'm not sure if my ComboFix log got posted?
-
Results of screen317's Security Check version 0.99.62
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Free Antivirus
AVG 2011
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 9
Java version out of Date!
Adobe Reader XI
Google Chrome 25.0.1364.172
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Anvisoft Anvi Smart Defender toolbox adblocker\ADBlockerSrv.exe
Anvisoft Anvi Smart Defender ASDSrv.exe
Anvisoft Anvi Smart Defender ASDTray.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````
# AdwCleaner v2.200 - Logfile created 04/16/2013 at 19:54:53
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Clare Colthup - CLARE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Clare Colthup\Desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Clare Colthup\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Clare Colthup\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Clare Colthup\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Clare Colthup\Local Settings\Application Data\PackageAware
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\e55d6d8b63fbf41
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287822
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Google Chrome v25.0.1364.172
File : C:\Documents and Settings\Clare Colthup\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
Deleted [l.1] : icon_url ={"browser":{"last_known_google_url":"hxxps://www.google.com/","last_prompted_google_url":"hxxps://ww[...]
*************************
AdwCleaner[s1].txt - [4714 octets] - [16/04/2013 19:54:53]
########## EOF - C:\AdwCleaner[s1].txt - [4774 octets] ##########
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Clare Colthup [Admin rights]
Mode : Scan -- Date : 04/16/2013 20:24:52
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[APPINIT][sUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (c:\docume~1\alluse~1\applic~1\browse~1\25986~1.67\{c16c1~1\browse~1.dll) [x] -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]
¤¤¤ MBR Check: ¤¤¤
-
DDS Notepad and Attach Notepad copied below as instructed:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Clare Colthup at 10:08:55 on 2013-04-15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.726 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled*
FW: Trend Micro Firewall Booster *Disabled*
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.claresworld.us/
uSearch Bar = hxxp://www.bing.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.claresworld.us
uProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [statusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{FA1DC0A0-681F-42D6-A7E9-CCF8B4727FD2} : DHCPNameServer = 192.168.254.254
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs= c:\docume~1\alluse~1\applic~1\browse~1\25986~1.67\{c16c1~1\browse~1.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.172\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-18 49248]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-10-12 20624]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-6 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-6 368176]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-6 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-18 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-6-6 45248]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-29 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-12-19 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-14 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-12-14 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 22856]
S0 Lbd;Lbd; [x]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-18 164736]
S3 esgiguard;esgiguard; [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; [x]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~4\office\FRONTPG.EXE
ShellExec: switch.exe: open="c:\program files\nch software\switch\switch" "%L"
.
=============== Created Last 30 ================
.
2013-04-14 22:21:09 -------- dc----w- c:\documents and settings\clare colthup\application data\Xilisoft
2013-04-14 21:16:12 -------- dc----w- c:\program files\Conduit
2013-04-14 21:13:16 -------- dc----w- c:\documents and settings\clare colthup\local settings\application data\CRE
2013-04-14 20:46:10 -------- dc----w- C:\Multimedia Files
2013-04-14 20:45:48 -------- dc----w- c:\program files\Microsoft Image Composer
2013-04-14 17:51:46 -------- dc----w- c:\documents and settings\clare colthup\local settings\application data\IAC
2013-04-14 16:20:09 26840 -c--a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-04-14 16:19:00 -------- dc----w- c:\program files\iPod
2013-04-14 16:18:51 -------- dc----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-04-14 16:18:50 -------- dc----w- c:\program files\iTunes
2013-04-14 16:17:43 6112864 -c--a-w- c:\windows\system32\usbaaplrc.dll
2013-04-14 16:17:43 45056 -c--a-w- c:\windows\system32\drivers\usbaapl.sys
2013-04-13 19:00:52 -------- dc----w- c:\documents and settings\clare colthup\local settings\application data\Apple Computer
2013-04-13 18:57:47 -------- dc----w- c:\documents and settings\clare colthup\local settings\application data\Apple
2013-04-13 18:56:09 -------- dc----w- c:\program files\Bonjour
2013-04-13 18:14:24 -------- dc----w- c:\program files\NCH Software
2013-04-13 18:14:21 -------- dc----w- c:\documents and settings\clare colthup\application data\NCH Software
2013-04-11 11:57:08 -------- dc----w- c:\program files\Microsoft Games
2013-04-10 14:41:36 -------- dc----w- c:\documents and settings\clare colthup\application data\FixCleaner
2013-03-29 15:55:34 -------- dc----w- c:\documents and settings\clare colthup\application data\1&1
2013-03-18 15:52:03 164736 -c--a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-18 15:52:01 49248 -c--a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-18 15:52:00 66336 -c--a-w- c:\windows\system32\drivers\aswMonFlt.sys
.
==================== Find3M ====================
.
2013-04-11 20:59:00 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-11 20:59:00 691592 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-04 18:50:32 22856 -c--a-w- c:\windows\system32\drivers\mbam.sys
2013-03-08 08:36:22 293376 -c--a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:28:24 2193408 -c--a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:28 2070016 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-06 22:33:24 765736 -c--a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 22:32:51 41664 -c--a-w- c:\windows\avastSS.scr
2013-03-02 02:06:31 916480 -c--a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06:30 43520 -c----w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06:30 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25:02 1867264 -c--a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08:47 385024 -c----w- c:\windows\system32\html.iec
2013-02-27 07:56:51 2067456 -c--a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32:23 12928 -c--a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 -c----w- c:\windows\system32\drivers\usb8023x.sys
2013-01-26 03:55:44 552448 -c--a-w- c:\windows\system32\oleaut32.dll
2013-01-15 09:27:04 2174976 -c--a-w- c:\program files\common files\atimpenc.dll
.
============= FINISH: 10:10:37.07 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/11/2004 7:47:29 PM
System Uptime: 4/14/2013 5:31:00 PM (17 hours ago)
.
Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel® Celeron® CPU 2.40GHz | Microprocessor | 2393/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 53.837 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_SASKUTIL\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
Service:
.
==== System Restore Points ===================
.
RP1438: 1/4/2013 3:00:19 AM - Software Distribution Service 3.0
RP1439: 2/17/2013 3:00:56 AM - Software Distribution Service 3.0
RP1440: 3/13/2013 3:00:34 AM - Software Distribution Service 3.0
RP1441: 3/22/2013 3:00:19 AM - Software Distribution Service 3.0
RP1442: 4/9/2013 8:54:07 PM - Software Distribution Service 3.0
RP1443: 4/10/2013 11:14:09 AM - Removed FixCleaner
RP1444: 4/10/2013 11:26:26 AM - Created by Wise Care 365
RP1445: 4/11/2013 9:42:26 AM - Software Distribution Service 3.0
RP1446: 4/12/2013 3:20:19 PM - Installed Microsoft FrontPage 2000
RP1447: 4/13/2013 2:58:15 PM - Installed iTunes
RP1448: 4/13/2013 5:44:51 PM - Installed QuickTime
RP1449: 4/14/2013 7:51:55 AM - Removed QuickTime
RP1450: 4/14/2013 7:56:40 AM - Removed Apple Application Support
RP1451: 4/14/2013 8:05:12 AM - Removed Apple Mobile Device Support
RP1452: 4/14/2013 8:53:31 AM - Removed iTunes
RP1453: 4/14/2013 12:18:24 PM - Installed iTunes
RP1454: 4/14/2013 5:35:49 PM - Removed Modem Helper
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
AVG 2011
Banctec Service Agreement
BCM V.92 56K Modem
Bonjour
Broadcom Management Programs
CCleaner
Compatibility Pack for the 2007 Office system
Defraggler
Dell Digital Jukebox Driver
Dell Networking Guide
Dell Support
EarthLink MDAC
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Help and Support Customization
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB954550-v5)
hp LaserJet 1010 Series
Intel® Extreme Graphics Driver
Internet Explorer Default Page
iTunes
Java 7 Update 9
Java Auto Updater
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2004
Microsoft FrontPage 2000
Microsoft Image Composer 1.5
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Train Simulator
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XML Parser
MSSoap
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB923789)
Shockwave
Switch Sound File Converter
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WavePad Sound Editor
WebFldrs XP
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Office 11
.
==== Event Viewer Messages From Past Week ========
.
4/9/2013 5:54:18 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
4/9/2013 12:35:49 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
4/8/2013 10:25:32 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/8/2013 10:25:31 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
4/8/2013 10:22:57 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
4/14/2013 2:06:32 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/14/2013 2:06:31 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
4/14/2013 2:06:14 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
4/14/2013 2:04:55 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LogMeIn service to connect.
.
==== End Of File ===========================
-
Will you please tell me how to remove this browser highjacker?
Chrome Hijacked by http://www1.delta-search.com/
in Resolved Malware Removal Logs
Posted
OK. That did it. Thanks very much!