Jump to content

nray53

Honorary Members
 View Profile  See their activity

  • Posts

    21

  • Joined

  • Last visited

 Content Type 

Everything posted by nray53

  1. nray53
    Thanks....I sent you a small gift of my appreciation.
  2. nray53
    Thank you! Do you work for Malwarebytes? One more question...what were those files found in System restore? I so appreciate your help. Thanks.
  3. nray53
    Also...what about the files ESET found?
  4. nray53
    SecurityCheck results: Results of screen317's Security Check version 0.99.64 Windows XP Service Pack 3 x86 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! avast! Free Antivirus ESET Online Scanner v3 PC Tools Firewall Plus 7.0 `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Java 6 Update 33 Java 7 Update 21 Adobe Flash Player 11.7.700.202 Adobe Reader XI Mozilla Firefox (21.0) Mozilla Thunderbird (17.0.6) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe PC Tools Firewall Plus FWService.exe PC Tools Firewall Plus FirewallGUI.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast avastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 3% ````````````````````End of Log``````````````````````
  5. nray53
    I have been using AdwCleaner: # AdwCleaner v2.303 - Logfile created 06/10/2013 at 13:21:13 # Updated 08/06/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Norm - UPSTAIRS # Boot Mode : Normal # Running from : C:\Downloads\adwcleaner(4).exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v21.0 (en-US) ************************* AdwCleaner[R1].txt - [907 octets] - [09/05/2013 08:18:54] AdwCleaner[R2].txt - [966 octets] - [10/05/2013 06:46:49] AdwCleaner[R3].txt - [1025 octets] - [11/05/2013 12:08:06] AdwCleaner[R4].txt - [1086 octets] - [11/05/2013 19:14:53] AdwCleaner[R5].txt - [1277 octets] - [24/05/2013 19:57:23] AdwCleaner[R6].txt - [1337 octets] - [24/05/2013 19:57:47] AdwCleaner[R7].txt - [1325 octets] - [27/05/2013 20:22:36] AdwCleaner[R8].txt - [1505 octets] - [31/05/2013 21:36:27] AdwCleaner[s10].txt - [1020 octets] - [10/06/2013 13:21:13] AdwCleaner[s1].txt - [2507 octets] - [07/05/2013 18:27:42] AdwCleaner[s2].txt - [305 octets] - [08/05/2013 19:20:09] AdwCleaner[s3].txt - [308 octets] - [08/05/2013 19:23:12] AdwCleaner[s4].txt - [848 octets] - [08/05/2013 19:25:44] AdwCleaner[s5].txt - [1402 octets] - [24/05/2013 19:58:11] AdwCleaner[s6].txt - [1386 octets] - [27/05/2013 20:22:54] AdwCleaner[s7].txt - [1446 octets] - [28/05/2013 13:26:49] AdwCleaner[s8].txt - [1566 octets] - [09/06/2013 18:09:19] AdwCleaner[s9].txt - [1686 octets] - [09/06/2013 20:39:39] ########## EOF - C:\AdwCleaner[s10].txt - [1618 octets] ########## Now running SecurityCheck.
  6. nray53
    Thank you so much. So...what was the problem that I had ? What about the files ESET found? I am using Avast free antivirus. What is recommended? Thanks again.
  7. nray53
    Nothing was found after a quick scan: Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.06.10.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Norm :: UPSTAIRS [administrator] Protection: Disabled 6/10/2013 12:38:00 PM mbam-log-2013-06-10 (12-38-00).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 414114 Time elapsed: 4 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  8. nray53
    It found 15 threats. Yikes. C:\Documents and Settings\Norm\Desktop\kmp.exe a variant of Win32/Bundled.Toolbar.Ask application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP514\A0286564.exe a variant of Win32/RegistryNuke application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP515\A0286710.exe a variant of Win32/RegistryNuke application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP566\A0308767.dll a variant of Win32/Adware.Yontoo.B application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0308956.exe Win32/Adware.1ClickDownload.AI application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0308959.exe Win32/OpenCandy application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0308960.exe Win32/Adware.RK.AO.Gen application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0308961.exe probably a variant of Win32/CNETInstaller.A application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0308962.exe Win32/OpenCandy application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0308963.exe Win32/DownloadAdmin.G application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0308986.exe Win32/OpenCandy application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0308987.exe Win32/DownloadAdmin.G application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0309000.exe Win32/OpenCandy application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP572\A0313611.exe a variant of Win32/SmartInline.A application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP572\A0313613.dll a variant of Win32/SmartInline.A application
  9. nray53
    I found where the logs are stored.
  10. nray53
    It found 3: Protection: Enabled 6/10/2013 8:48:04 AM mbam-log-2013-06-10 (08-48-04).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 413208 Time elapsed: 3 minute(s), 29 second(s) Memory Processes Detected: 1 C:\Program Files\Mozilla Firefox\firefox.exe (Trojan.Agent) -> 328 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Firefox (Trojan.Agent) -> Data: C:\Program Files\Mozilla Firefox\firefox.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Program Files\Mozilla Firefox\firefox.exe (Trojan.Agent) -> Delete on reboot. (end)
  11. nray53
    Here is attached Gmer.txt: Gmer.txt
  12. nray53
    I am so sorry....I have to go for a bit. Gmer is running....I will post when I can.
  13. nray53
    I am using XP.
  14. nray53
    Here is screen shot:
  15. nray53
    It is under the Quarantine tab in Malwarebytes.
  16. nray53
    This is weird....in the logs folder the last log recorded log there is from 3/20/2011??
  17. nray53
    Here are the results of the Farbar Recovery Scan Tool: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-06-2013 Ran by Norm (administrator) on 10-06-2013 08:08:38 Running from C:\Downloads Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (PC Tools) C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastUI.exe (Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ASUSTeK COMPUTER INC.) C:\WINDOWS\ATKKBService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe (PC Tools) C:\Program Files\PC Tools Firewall Plus\FWService.exe () C:\WINDOWS\system32\PSIService.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s [2676696 2010-11-29] (PC Tools) HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software) HKLM\...\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2637784 2012-04-27] (Acronis) HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x] HKU\Administrator.UPSTAIRS\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x] HKU\Administrator.UPSTAIRS.000\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x] HKU\Default User.WINDOWS\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x] HKU\LocalService\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x] HKU\NetworkService\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x] HKU\Norm\...\Run: [AdobeBridge] [x] HKU\Norm\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x] HKU\TEMP\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x] Startup: C:\Documents and Settings\Norm.UPSTAIRS\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forecast.weather.gov/MapClick.php?CityName=Green+Bay&state=WI&site=GRB&textField1=44.5216&textField2=-87.9898&e=0 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: ipp - No CLSID Value - Handler: msdaipp - No CLSID Value - ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Mozilla\Firefox\Profiles\knv15azm.default FF Homepage: hxxp://forecast.weather.gov/MapClick.php?CityName=Green+Bay&state=WI&site=GRB&textField1=44.5216&textField2=-87.9898&e=0 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @virtools.com/3DviaPlayer - C:\Program Files\Virtools\3D Life Player\npvirtools.dll No File FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: TinEye Reverse Image Search - C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Mozilla\Firefox\Profiles\knv15azm.default\Extensions\tineye@ideeinc.com FF Extension: Garmin Communicator - C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Mozilla\Firefox\Profiles\knv15azm.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} FF Extension: Flashblock - C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Mozilla\Firefox\Profiles\knv15azm.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} FF Extension: DownloadHelper - C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Mozilla\Firefox\Profiles\knv15azm.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: artur.dubovoy - C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Mozilla\Firefox\Profiles\knv15azm.default\Extensions\artur.dubovoy@gmail.com.xpi FF Extension: No Name - C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Mozilla\Firefox\Profiles\knv15azm.default\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi FF Extension: No Name - C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Mozilla\Firefox\Profiles\knv15azm.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi FF Extension: No Name - C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Mozilla\Firefox\Profiles\knv15azm.default\Extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}.xpi FF Extension: No Name - C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Mozilla\Firefox\Profiles\knv15azm.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi FF Extension: No Name - C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Mozilla\Firefox\Profiles\knv15azm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: No Name - C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Mozilla\Firefox\Profiles\knv15azm.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi ========================== Services (Whitelisted) ================= R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [846048 2012-04-27] (Acronis) R2 ATKKeyboardService; C:\WINDOWS\ATKKBService.exe [262144 2008-05-28] (ASUSTeK COMPUTER INC.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2214504 2011-05-21] (NVIDIA Corporation) R2 PCToolsFirewallPlus; C:\Program Files\PC Tools Firewall Plus\FWService.exe [287024 2010-11-17] (PC Tools) S3 Pml Driver HPH11; C:\WINDOWS\system32\HPHipm11.exe [77824 2002-11-22] (HP) R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [177704 2007-06-05] () R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [520576 2012-10-29] (Wacom Technology, Corp.) S2 AODService; C:\Program Files\AMD\OverDrive\AODAssist [x] S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x] R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x] S3 SwitchBoard; ==================== Drivers (Whitelisted) ==================== R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices) S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [16640 2010-12-30] (Wondershare) R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] () R2 Aspi32; C:\Windows\System32\Drivers\Aspi32.sys [16877 2002-07-16] (Adaptec) R3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [12416 2008-05-28] (ASUSTeK Computer Inc.) R1 asuskbnt; C:\Windows\System32\drivers\atkkbnt.sys [11136 2008-05-28] (ASUSTeK COMPUTER INC.) R3 ASUSVRC; C:\Windows\System32\DRIVERS\AsusVRC.sys [18432 2007-01-29] (ASUSTeK COMPUTER INC.) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software) R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [24408 2012-03-06] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [49760 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [765736 2013-05-09] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [368944 2013-05-09] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [174664 2013-05-09] () S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R3 Dot4 HPH11; C:\Windows\System32\DRIVERS\hphid411.sys [50896 2002-11-22] (HP) R3 Dot4Print HPH11; C:\Windows\System32\DRIVERS\hphipr11.sys [16112 2002-11-22] (HP) R3 Dot4Usb HPH11; C:\Windows\System32\drivers\hphius11.sys [18928 2002-11-22] (HP) R1 EIO_XP; C:\WINDOWS\system32\drivers\EIO_XP.sys [12288 2006-06-14] (ASUSTeK Computer Inc.) R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider) R3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [11680 2012-10-12] (Windows ® Win 7 DDK provider) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-06-10] (Malwarebytes Corporation) S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] () S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R2 PCTAppEvent; C:\WINDOWS\system32\drivers\PCTAppEvent.sys [160448 2010-11-25] (PC Tools) R3 PCTFW-PacketFilter; C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys [89192 2010-11-24] (PC Tools) R1 pctgntdi; C:\WINDOWS\system32\drivers\pctgntdi.sys [249616 2010-11-17] (PC Tools) S3 pctNdis; C:\Windows\System32\DRIVERS\pctNdis.sys [57536 2010-07-08] (PC Tools) R3 pctNdisMP; C:\Windows\System32\DRIVERS\pctNdis.sys [57536 2010-07-08] (PC Tools) R3 pctplfw; C:\WINDOWS\system32\drivers\pctplfw.sys [124992 2010-11-25] (PC Tools) S3 RT2500; C:\Windows\System32\DRIVERS\RT2500.sys [243328 2005-10-20] (Ralink Technology Inc.) R3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [234392 2010-07-06] (Realtek Semiconductor Corporation ) S3 scsiscan; C:\Windows\System32\DRIVERS\scsiscan.sys [11520 2008-04-13] (Microsoft Corporation) S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation) R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx86.sys [37656 2012-07-03] () S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation) R3 ULCDRHlp; C:\Windows\System32\Drivers\ULCDRHlp.sys [27392 2004-12-23] (Ulead Systems, Inc.) S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [609920 2011-06-24] (eMPIA Technology, Inc.) S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [970496 2011-06-24] (eMPIA Technology, Inc.) R3 Video3D; C:\Windows\System32\Drivers\Video3D32.sys [10752 2008-05-28] (ASUSTeK COMPUTER INC.) R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [125472 2012-11-20] (Acronis) R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [83392 2012-11-20] (Acronis) R3 WacHidRouter; C:\Windows\System32\DRIVERS\wachidrouter.sys [69024 2012-10-12] (Wacom Technology) R3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13728 2012-10-12] (Wacom Technology) S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation) S4 Abiosdsk; No ImagePath S4 abp480n5; No ImagePath S4 adpu160m; No ImagePath S4 Aha154x; No ImagePath S4 aic78u2; No ImagePath S4 aic78xx; No ImagePath S4 AliIde; No ImagePath S4 amsint; No ImagePath S3 anvsnddrv; system32\drivers\anvsnddrv.sys [x] S4 asc; No ImagePath S4 asc3350p; No ImagePath S4 asc3550; No ImagePath S4 Atdisk; No ImagePath S4 cd20xrnt; No ImagePath S1 Changer; No ImagePath S4 CmdIde; No ImagePath S4 Cpqarray; No ImagePath U4 dac2w2k; No ImagePath S4 dac960nt; No ImagePath S4 dpti2o; No ImagePath S4 hpn; No ImagePath S1 i2omgmt; No ImagePath S4 i2omp; No ImagePath S4 ini910u; No ImagePath S4 IntelIde; No ImagePath S1 lbrtfdc; No ImagePath S4 mraid35x; No ImagePath S1 PCIDump; No ImagePath S3 PDCOMP; No ImagePath S3 PDFRAME; No ImagePath S3 PDRELI; No ImagePath S3 PDRFRAME; No ImagePath S4 perc2; No ImagePath S4 perc2hib; No ImagePath S4 ql1080; No ImagePath S4 Ql10wnt; No ImagePath S4 ql12160; No ImagePath S4 ql1240; No ImagePath S4 ql1280; No ImagePath S4 Simbad; No ImagePath S4 Sparrow; No ImagePath S4 symc810; No ImagePath S4 symc8xx; No ImagePath S4 sym_hi; No ImagePath S4 sym_u3; No ImagePath S4 TosIde; No ImagePath S4 ultra; No ImagePath S4 ViaIde; No ImagePath S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [x] S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [x] S3 WDICA; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-10 08:07 - 2013-06-10 08:07 - 00000000 ____D C:\FRST 2013-06-10 08:02 - 2013-06-10 08:02 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys 2013-06-09 20:39 - 2013-06-09 20:39 - 00001686 ____A C:\AdwCleaner[s9].txt 2013-06-09 18:09 - 2013-06-09 18:09 - 00001566 ____A C:\AdwCleaner[s8].txt 2013-06-04 14:17 - 2013-06-04 14:19 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\My Documents\Any Video Recorder 2013-06-02 06:53 - 2013-06-02 06:53 - 01040384 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\image3.jpeg 2013-06-02 06:53 - 2013-06-02 06:53 - 00884736 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\image2.jpeg 2013-06-02 06:53 - 2013-06-02 06:53 - 00782336 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\image5.jpeg 2013-06-02 06:53 - 2013-06-02 06:53 - 00765952 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\image4.jpeg 2013-06-02 06:51 - 2013-06-02 06:52 - 00901120 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\image.jpeg 2013-06-01 20:09 - 2013-06-02 06:52 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\Desktop\2 2013-05-31 21:36 - 2013-05-31 21:36 - 00001505 ____A C:\AdwCleaner[R8].txt 2013-05-29 04:22 - 2013-05-29 04:22 - 00011432 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\cc_20130529_042253.reg 2013-05-28 13:26 - 2013-06-09 20:39 - 00000524 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\Shortcut to adwcleaner(4).exe.lnk 2013-05-28 13:26 - 2013-05-28 13:26 - 00001446 ____A C:\AdwCleaner[s7].txt 2013-05-27 20:22 - 2013-05-27 20:23 - 00001386 ____A C:\AdwCleaner[s6].txt 2013-05-27 20:22 - 2013-05-27 20:22 - 00001325 ____A C:\AdwCleaner[R7].txt 2013-05-24 19:58 - 2013-05-24 19:58 - 00001402 ____A C:\AdwCleaner[s5].txt 2013-05-24 19:57 - 2013-05-24 19:57 - 00001337 ____A C:\AdwCleaner[R6].txt 2013-05-24 19:57 - 2013-05-24 19:57 - 00001277 ____A C:\AdwCleaner[R5].txt 2013-05-21 08:25 - 2013-06-10 06:50 - 00000310 ____A C:\Windows\Tasks\GlaryInitialize.job 2013-05-21 08:24 - 2013-05-21 08:24 - 00000745 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\Glary Utilities.lnk 2013-05-21 08:24 - 2013-05-21 08:24 - 00000000 ____D C:\Program Files\Glary Utilities 2013-05-21 08:04 - 2013-05-21 08:04 - 00000000 ____D C:\Program Files\Macrovision Corporation 2013-05-21 07:12 - 2013-05-21 08:29 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\Application Data\GlarySoft 2013-05-21 07:12 - 2013-05-21 07:12 - 00000714 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\Quick Startup.lnk 2013-05-21 07:12 - 2013-05-21 07:12 - 00000000 ____D C:\Program Files\Quick Startup 2013-05-16 08:46 - 2013-05-16 08:46 - 00001738 ____A C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader XI.lnk 2013-05-16 08:09 - 2013-06-02 07:05 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-16 08:04 - 2013-05-16 08:06 - 00000000 ____D C:\Program Files\Mozilla Thunderbird 2013-05-16 07:58 - 2013-06-01 11:12 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-05-15 06:56 - 2013-05-15 06:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$ 2013-05-15 06:54 - 2013-05-15 06:54 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$ 2013-05-14 09:00 - 2013-06-06 17:52 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\Application Data\vlc 2013-05-14 08:59 - 2013-05-14 08:59 - 00000723 ____A C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk 2013-05-11 19:14 - 2013-05-11 19:14 - 00001086 ____A C:\AdwCleaner[R4].txt 2013-05-11 12:08 - 2013-05-11 12:08 - 00001025 ____A C:\AdwCleaner[R3].txt ==================== One Month Modified Files and Folders ======== 2013-06-10 08:07 - 2013-06-10 08:07 - 00000000 ____D C:\FRST 2013-06-10 08:02 - 2013-06-10 08:02 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys 2013-06-10 07:42 - 2013-04-28 06:44 - 00000254 ____A C:\Windows\wiadebug.log 2013-06-10 07:06 - 2011-03-30 11:25 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Macromedia 2013-06-10 06:53 - 2011-03-30 09:40 - 01504318 ____A C:\Windows\WindowsUpdate.log 2013-06-10 06:52 - 2012-07-04 21:22 - 00000316 ___AH C:\Windows\Tasks\avast! Emergency Update.job 2013-06-10 06:51 - 2013-04-28 06:44 - 00000049 ____A C:\Windows\wiaservc.log 2013-06-10 06:51 - 2011-10-01 11:18 - 00000062 __ASH C:\Documents and Settings\UpdatusUser\Local Settings\desktop.ini 2013-06-10 06:50 - 2013-05-21 08:25 - 00000310 ____A C:\Windows\Tasks\GlaryInitialize.job 2013-06-10 06:50 - 2011-03-29 18:50 - 00000062 __ASH C:\Documents and Settings\Norm.UPSTAIRS\Local Settings\desktop.ini 2013-06-10 06:50 - 2011-03-29 18:49 - 00000062 __ASH C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\desktop.ini 2013-06-10 06:50 - 2011-03-29 18:49 - 00000062 __ASH C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\desktop.ini 2013-06-10 06:50 - 2011-03-29 18:44 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-10 06:50 - 2003-03-31 07:00 - 00013646 ____A C:\Windows\System32\wpa.dbl 2013-06-09 21:27 - 2011-03-29 18:50 - 00000178 ___SH C:\Documents and Settings\Norm.UPSTAIRS\ntuser.ini 2013-06-09 21:27 - 2011-03-29 18:49 - 00032458 ____A C:\Windows\SchedLgU.Txt 2013-06-09 20:39 - 2013-06-09 20:39 - 00001686 ____A C:\AdwCleaner[s9].txt 2013-06-09 20:39 - 2013-05-28 13:26 - 00000524 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\Shortcut to adwcleaner(4).exe.lnk 2013-06-09 18:20 - 2011-03-30 10:02 - 00000000 __SHD C:\Documents and Settings\Norm.UPSTAIRS\UserData 2013-06-09 18:09 - 2013-06-09 18:09 - 00001566 ____A C:\AdwCleaner[s8].txt 2013-06-08 09:23 - 2011-03-30 13:55 - 00000020 ____H C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLdu.DAT 2013-06-07 21:48 - 2008-08-27 17:08 - 00000563 ____A C:\hpfr5550.xml 2013-06-06 17:52 - 2013-05-14 09:00 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\Application Data\vlc 2013-06-06 17:43 - 2011-03-30 10:13 - 00196608 ____A C:\Windows\System32\Drivers\nStandard.bin 2013-06-06 10:36 - 2012-12-16 08:25 - 00088576 __ASH C:\Documents and Settings\Norm.UPSTAIRS\My Documents\Thumbs.db 2013-06-05 15:13 - 2011-04-20 07:51 - 01755648 __ASH C:\Documents and Settings\Norm.UPSTAIRS\Desktop\Thumbs.db 2013-06-04 14:23 - 2012-10-06 13:06 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\Application Data\AnvSoft 2013-06-04 14:19 - 2013-06-04 14:17 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\My Documents\Any Video Recorder 2013-06-04 13:54 - 2008-09-16 04:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-06-02 07:05 - 2013-05-16 08:09 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-02 06:53 - 2013-06-02 06:53 - 01040384 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\image3.jpeg 2013-06-02 06:53 - 2013-06-02 06:53 - 00884736 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\image2.jpeg 2013-06-02 06:53 - 2013-06-02 06:53 - 00782336 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\image5.jpeg 2013-06-02 06:53 - 2013-06-02 06:53 - 00765952 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\image4.jpeg 2013-06-02 06:52 - 2013-06-02 06:51 - 00901120 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\image.jpeg 2013-06-02 06:52 - 2013-06-01 20:09 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\Desktop\2 2013-06-02 06:45 - 2012-05-18 10:09 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-06-01 11:12 - 2013-05-16 07:58 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-06-01 11:12 - 2012-11-17 12:29 - 00000728 ____A C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk 2013-06-01 10:24 - 2010-04-14 15:15 - 00000000 __HDC C:\Windows\$NtUninstallKB979683$ 2013-06-01 08:00 - 2011-03-31 07:44 - 00000340 ____A C:\Windows\Tasks\AdobeAAMUpdater-1.0-UPSTAIRS-Norm.job 2013-05-31 21:36 - 2013-05-31 21:36 - 00001505 ____A C:\AdwCleaner[R8].txt 2013-05-29 20:29 - 2013-03-04 17:44 - 00000000 ____D C:\Program Files\Recuva 2013-05-29 04:22 - 2013-05-29 04:22 - 00011432 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\cc_20130529_042253.reg 2013-05-28 13:26 - 2013-05-28 13:26 - 00001446 ____A C:\AdwCleaner[s7].txt 2013-05-27 20:23 - 2013-05-27 20:22 - 00001386 ____A C:\AdwCleaner[s6].txt 2013-05-27 20:22 - 2013-05-27 20:22 - 00001325 ____A C:\AdwCleaner[R7].txt 2013-05-24 19:58 - 2013-05-24 19:58 - 00001402 ____A C:\AdwCleaner[s5].txt 2013-05-24 19:57 - 2013-05-24 19:57 - 00001337 ____A C:\AdwCleaner[R6].txt 2013-05-24 19:57 - 2013-05-24 19:57 - 00001277 ____A C:\AdwCleaner[R5].txt 2013-05-23 13:14 - 2013-02-18 20:16 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\Desktop\Misc 2013-05-21 08:37 - 2011-11-11 22:09 - 00049152 ____A C:\Windows\System32\config\SECURITY.gbck 2013-05-21 08:37 - 2011-03-29 12:34 - 00262144 ____A C:\Windows\System32\config\SAM.gbck 2013-05-21 08:37 - 2011-03-29 11:18 - 34340864 ____A C:\Windows\System32\config\software.gbck 2013-05-21 08:37 - 2011-03-29 11:18 - 14680064 ____A C:\Windows\System32\config\system.gbck 2013-05-21 08:37 - 2011-03-29 11:18 - 00524288 ____A C:\Windows\System32\config\default.gbck 2013-05-21 08:29 - 2013-05-21 07:12 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\Application Data\GlarySoft 2013-05-21 08:24 - 2013-05-21 08:24 - 00000745 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\Glary Utilities.lnk 2013-05-21 08:24 - 2013-05-21 08:24 - 00000000 ____D C:\Program Files\Glary Utilities 2013-05-21 08:04 - 2013-05-21 08:04 - 00000000 ____D C:\Program Files\Macrovision Corporation 2013-05-21 07:38 - 2011-03-31 07:43 - 00000852 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\Adobe Photoshop CS5.lnk 2013-05-21 07:12 - 2013-05-21 07:12 - 00000714 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\Quick Startup.lnk 2013-05-21 07:12 - 2013-05-21 07:12 - 00000000 ____D C:\Program Files\Quick Startup 2013-05-19 16:48 - 2011-11-15 16:28 - 00000132 ____A C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Adobe AIFF Format CS5 Prefs 2013-05-16 13:19 - 2011-03-29 18:44 - 00002577 ____A C:\Windows\System32\CONFIG.NT 2013-05-16 08:56 - 2011-12-22 15:08 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\My Documents\VHS to DVD 2013-05-16 08:54 - 2013-01-25 15:17 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\My Documents\Adobe 2013-05-16 08:46 - 2013-05-16 08:46 - 00001738 ____A C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader XI.lnk 2013-05-16 08:46 - 2011-03-30 09:58 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe 2013-05-16 08:45 - 2008-08-06 11:59 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-05-16 08:45 - 2008-08-06 11:58 - 00000000 ____D C:\Program Files\Adobe 2013-05-16 08:44 - 2012-12-12 07:47 - 16948616 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe 2013-05-16 08:44 - 2012-04-05 06:13 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-05-16 08:44 - 2011-05-20 06:11 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-05-16 08:23 - 2008-08-14 13:28 - 00000000 ____D C:\Windows\System32\Adobe 2013-05-16 08:06 - 2013-05-16 08:04 - 00000000 ____D C:\Program Files\Mozilla Thunderbird 2013-05-15 08:02 - 2008-08-18 09:32 - 00000000 ____D C:\Windows\Microsoft.NET 2013-05-15 07:08 - 2011-03-29 12:34 - 03456456 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-15 07:02 - 2011-03-29 12:35 - 00655170 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-15 07:02 - 2009-06-16 20:16 - 00000000 ____D C:\Windows\ie8updates 2013-05-15 06:56 - 2013-05-15 06:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$ 2013-05-15 06:56 - 2008-08-11 18:21 - 00000000 ___HD C:\Windows\$hf_mig$ 2013-05-15 06:54 - 2013-05-15 06:54 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$ 2013-05-15 06:54 - 2011-03-30 11:58 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-14 08:59 - 2013-05-14 08:59 - 00000723 ____A C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk 2013-05-11 19:14 - 2013-05-11 19:14 - 00001086 ____A C:\AdwCleaner[R4].txt 2013-05-11 12:28 - 2013-03-22 18:20 - 00000000 ____D C:\Program Files\DOSBox-0.74 2013-05-11 12:08 - 2013-05-11 12:08 - 00001025 ____A C:\AdwCleaner[R3].txt 2013-05-11 11:51 - 2011-03-31 12:28 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\Application Data\FileZilla 2013-05-11 11:17 - 2011-03-31 12:28 - 00001667 ____A C:\Documents and Settings\All Users.WINDOWS\Desktop\FileZilla Client.lnk 2013-05-11 11:17 - 2008-08-16 07:12 - 00000000 ____D C:\Program Files\FileZilla FTP Client 2013-05-11 10:46 - 2011-04-28 14:01 - 00002421 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\Adobe GoLive 5.0.lnk ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-06-2013 Ran by Norm at 2013-06-10 08:09:15 Run: Running from C:\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 3DVIA player 5.0.0.20 (Version: 5.0.20) Acronis True Image WD Edition (Version: 13.0.14184) Adobe AIR (Version: 3.1.0.4880) Adobe Common File Installer (Version: 1.00.0000) Adobe Flash Player 11 ActiveX (Version: 11.7.700.202) Adobe Flash Player 11 Plugin (Version: 11.7.700.202) Adobe GoLive 5.0 Educational (Version: 5.0) Adobe GoLive CS2 (Version: 8.0.1) Adobe GoLive CS2 English (Version: 8.0.1) Adobe Photoshop CS5 (Version: 12.0) Adobe Reader XI (11.0.03) (Version: 11.0.03) Adobe Shockwave Player 12.0 (Version: 12.0.2.122) Adobe SVG Viewer 3.0 (Version: 3.0) AI Suite (Version: 1.05.06) AMD OverDrive (Version: 2.1.5.0218) AMD Processor Driver (Version: 1.3.2.0053) Any Video Converter 5 5.0.3 Apple Application Support (Version: 2.3) Apple Mobile Device Support (Version: 6.0.0.59) Apple Software Update (Version: 2.1.3.127) ASUS Gamer OSD (Version: 2.06.0528) ASUS nVidia Driver (Version: 5.00.0000) ASUS Smart Doctor (Version: 5.21) ASUS Utilities (Version: 1.00.0000) ASUS VideoSecurity Online (Version: 3.5.1.3) ASUSUpdate Auslogics Disk Defrag (Version: version 3.1) avast! Free Antivirus (Version: 8.0.1489.0) Battlestations: Midway (Version: 1.00.0000) Bonjour (Version: 3.0.0.10) CCleaner (Version: 4.01) Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001) Cool & Quiet Data Lifeguard Diagnostic for Windows 1.24 Data Lifeguard Tools EPSON Copy Utility 3 (Version: 3.1.0.0) EPSON Scan Epson-SE TWAIN EPU (Version: 1.00.07) FileZilla Client 3.7.0.1 (Version: 3.7.0.1) Garmin Communicator Plugin (Version: 4.0.3) Garmin Lifetime Updater (Version: 2.1.11) Glary Utilities 2.55.0.1790 (Version: 2.55.0.1790) GoPro CineForm Studio 1.3.2 (Version: 1.3.2) High Definition Audio Driver Package - KB888111 (Version: 20040219.000000) honestech VHS to DVD 5.0 Deluxe (Version: 5.0) IrfanView (remove only) (Version: 4.35) iTunes (Version: 10.7.0.21) Java 7 Update 21 (Version: 7.0.210) Java Auto Updater (Version: 2.1.9.0) Java 6 Update 33 (Version: 6.0.330) LightScribe Diagnostic Utility (Version: 1.18.24.1) LightScribe System Software (Version: 1.18.24.1) LightScribe Template Labeler (Version: 1.18.24.1) Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100) Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729) Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1) Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Office 2000 Professional (Version: 9.00.2720) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053) Microsoft_VC90_ATL_x86 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (Version: 1.00.0000) Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0) Mozilla Maintenance Service (Version: 21.0) Mozilla Thunderbird 17.0.6 (x86 en-US) (Version: 17.0.6) mscomctlfix (Version: 1.00.0000) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) neroxml (Version: 1.0.0) nik Color Efex Pro 2.0 IE Nikon Message Center (Version: 0.92.000) Nikon RAW Codec (Version: 1.00.0000) Nikon Transfer (Version: 1.1.1) NVIDIA Control Panel 275.33 (Version: 275.33) NVIDIA Install Application (Version: 2.275.78.0) NVIDIA nView 135.85 (Version: 135.85) NVIDIA nView Desktop Manager (Version: 6.14.10.13585) NVIDIA PhysX (Version: 9.10.0224) NVIDIA Update 1.3.5 (Version: 1.3.5) NVIDIA Update Components (Version: 1.3.5) Octoshape add-in for Adobe Flash Player PC Probe II (Version: 1.04.62) PC Tools Firewall Plus 7.0 (Version: 7.0) PDF Settings CS5 (Version: 10.0) Photosmart 130,230,7150,7345,7350,7550 (Remove only) Picture Control Utility (Version: 1.1.2) ProPreferred Basic ProPreferred Plus Quick Startup 2.9.0.823 QuickTime (Version: 7.73.80.64) REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.17.0000) Realtek High Definition Audio Driver (Version: 5.10.0.5657) Recuva (Version: 1.45) SilverFast Epson-SE SoundTap Streaming Audio Recorder SWF & FLV Player 3.0 (build 3.0.33.5106) (Version: 3.0.33.5106) swMSM (Version: 12.0.0.1) Trainz (Version: 1.00.000) Trainz Paint Shed (Version: RC1) Ulead Burn.Now 4.5 (Version: 4.5.0) Ulead Burn.Now 4.5 SE (Version: 4.5.0) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft Windows (KB971513) Update for Windows Internet Explorer 8 (KB2447568) (Version: 1) Update for Windows Internet Explorer 8 (KB976662) (Version: 1) Update for Windows XP (KB2141007) (Version: 1) Update for Windows XP (KB2345886) (Version: 1) Update for Windows XP (KB2467659) (Version: 1) Update for Windows XP (KB2492386) (Version: 1) Update for Windows XP (KB2541763) (Version: 1) Update for Windows XP (KB2607712) (Version: 1) Update for Windows XP (KB2616676) (Version: 1) Update for Windows XP (KB2661254-v2) (Version: 2) Update for Windows XP (KB2718704) (Version: 1) Update for Windows XP (KB2736233) (Version: 1) Update for Windows XP (KB2749655) (Version: 1) Update for Windows XP (KB951978) (Version: 1) Update for Windows XP (KB955759) (Version: 1) Update for Windows XP (KB967715) (Version: 1) Update for Windows XP (KB968389) (Version: 1) Update for Windows XP (KB971029) (Version: 1) Update for Windows XP (KB971737) (Version: 1) Update for Windows XP (KB973687) (Version: 1) Update for Windows XP (KB973815) (Version: 1) USB2.0 VIDBOX NW03, NW06 (Version: 3.0.6) ViewNX (Version: 1.1.1) VLC media player 2.0.6 (Version: 2.0.6) Wacom Tablet (Version: 6.3.4-3) WAV to MP3 Encoder (Version: 1.0.0) WebFldrs XP (Version: 9.50.6513) WebTablet FB Plugin 32 bit (Version: 2.1.0.2) Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (Version: 03/07/2012 ) Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 (Version: 20090308.140743) Windows Media Format 11 runtime Windows Media Player 11 Windows Search 4.0 (Version: 04.00.6001.503) Windows XP Service Pack 3 (Version: 20080414.031525) ==================== Restore Points ========================= 22-02-2013 18:02:12 System Checkpoint 25-02-2013 14:40:23 System Checkpoint 26-02-2013 16:56:42 System Checkpoint 27-02-2013 23:03:20 System Checkpoint 28-02-2013 23:23:16 System Checkpoint 01-03-2013 02:45:04 Removed Java 7 Update 7 01-03-2013 02:45:38 Installed Java 7 Update 15 01-03-2013 03:08:05 Installed Microsoft Visual C++ 2005 Redistributable 01-03-2013 13:32:08 Restore Operation 01-03-2013 15:21:41 Restore Operation 01-03-2013 15:36:20 Installed Microsoft Visual C++ 2005 Redistributable 01-03-2013 16:47:38 Installed Strongvault Online Backup 01-03-2013 16:52:06 Removed Strongvault Online Backup 01-03-2013 16:52:20 Removed Strongvault Online Backup 02-03-2013 00:33:54 Removed My Photo Creations (Mpix Press Edition) 03-03-2013 01:59:55 Installed Windows XP -- Software Updates KB952011. 04-03-2013 13:56:42 Removed QuickTime 04-03-2013 14:08:13 Installed QuickTime 05-03-2013 14:55:13 System Checkpoint 07-03-2013 18:34:16 System Checkpoint 12-03-2013 19:48:50 System Checkpoint 14-03-2013 12:06:30 Software Distribution Service 3.0 16-03-2013 21:46:24 Software Distribution Service 3.0 19-03-2013 20:05:53 System Checkpoint 21-03-2013 18:41:40 System Checkpoint 22-03-2013 02:02:38 Software Distribution Service 3.0 25-03-2013 19:32:03 System Checkpoint 27-03-2013 14:18:02 System Checkpoint 29-03-2013 15:37:34 System Checkpoint 30-03-2013 18:58:43 System Checkpoint 02-04-2013 17:20:53 System Checkpoint 03-04-2013 21:54:09 System Checkpoint 05-04-2013 23:14:48 Installed Trainz 05-04-2013 23:18:12 Installed Trainz Paint Shed 05-04-2013 23:21:51 Installed Battlestations: Midway 05-04-2013 23:31:23 Installed DirectX 06-04-2013 18:06:57 Removed Trainz 06-04-2013 18:10:09 Installed Trainz 06-04-2013 19:02:56 Removed NetZero For Cosmi 08-04-2013 14:44:09 System Checkpoint 09-04-2013 16:13:30 Installed HP Officejet Pro K850 Series Toolbox 09-04-2013 16:14:47 Removed HP Officejet Pro K850 Series Toolbox 10-04-2013 13:42:09 Software Distribution Service 3.0 11-04-2013 21:30:39 System Checkpoint 14-04-2013 12:53:32 System Checkpoint 16-04-2013 00:47:46 System Checkpoint 17-04-2013 02:52:22 System Checkpoint 19-04-2013 01:29:54 System Checkpoint 20-04-2013 15:11:24 Installed Microsoft Office Word Viewer 2003 20-04-2013 15:26:11 Installed Compatibility Pack for the 2007 Office system 21-04-2013 12:01:34 Removed Microsoft Office Word Viewer 2003 21-04-2013 17:21:52 Software Distribution Service 3.0 23-04-2013 20:21:34 System Checkpoint 25-04-2013 00:53:42 System Checkpoint 27-04-2013 18:09:57 System Checkpoint 28-04-2013 19:29:30 System Checkpoint 30-04-2013 15:13:45 System Checkpoint 04-05-2013 15:01:21 System Checkpoint 05-05-2013 17:41:04 System Checkpoint 06-05-2013 23:49:23 Removed Java 7 Update 7 06-05-2013 23:49:56 Installed Java 7 Update 21 08-05-2013 01:43:07 System Checkpoint 09-05-2013 17:16:28 System Checkpoint 15-05-2013 11:54:01 Software Distribution Service 3.0 16-05-2013 14:04:17 Removed Microsoft Combat Flight Simulator 3 Mission Pack 16-05-2013 14:06:04 Removed Microsoft Silverlight 18-05-2013 01:20:22 System Checkpoint 22-05-2013 21:05:34 System Checkpoint 28-05-2013 23:21:43 System Checkpoint 30-05-2013 15:42:11 System Checkpoint ==================== Faulty Device Manager Devices ============= Name: Linksys Wireless-G PCI Adapter Description: Linksys Wireless-G PCI Adapter Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Linksys, A Division of Cisco Systems, Inc. Service: RT2500 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (06/09/2013 09:24:51 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 890313 Error: (06/09/2013 09:24:51 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 890313 Error: (06/09/2013 09:24:51 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/09/2013 08:14:17 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2095266 Error: (06/09/2013 08:14:17 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2095266 Error: (06/09/2013 08:14:17 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/09/2013 02:19:16 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1969 Error: (06/09/2013 02:19:16 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1969 Error: (06/09/2013 02:19:16 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/09/2013 01:52:36 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1953 System errors: ============= Error: (05/20/2013 07:05:05 PM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. Error: (05/20/2013 07:04:35 PM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. Error: (05/20/2013 07:03:51 PM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. Error: (05/20/2013 06:06:32 PM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. Error: (05/20/2013 05:42:01 PM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. Error: (05/20/2013 05:41:31 PM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. Error: (05/20/2013 05:40:47 PM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. Error: (05/20/2013 05:12:43 PM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. Error: (05/20/2013 05:08:40 PM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. Error: (05/20/2013 05:08:10 PM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. Microsoft Office Sessions: ========================= Error: (06/09/2013 09:24:51 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 890313 Error: (06/09/2013 09:24:51 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 890313 Error: (06/09/2013 09:24:51 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/09/2013 08:14:17 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2095266 Error: (06/09/2013 08:14:17 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2095266 Error: (06/09/2013 08:14:17 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/09/2013 02:19:16 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1969 Error: (06/09/2013 02:19:16 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1969 Error: (06/09/2013 02:19:16 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/09/2013 01:52:36 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1953 ==================== Memory info =========================== Percentage of memory in use: 43% Total physical RAM: 3327.11 MB Available physical RAM: 1870.86 MB Total Pagefile: 5210.36 MB Available Pagefile: 3899.63 MB Total Virtual: 2047.88 MB Available Virtual: 1951.44 MB ==================== Drives ================================ Drive c: (Main) (Fixed) (Total:465.76 GB) (Free:307.34 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (Backup) (Fixed) (Total:465.76 GB) (Free:119.38 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive f: (Work) (Fixed) (Total:465.76 GB) (Free:133.93 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 1D0A1820) Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 17CD1BAF) Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 466 GB) (Disk ID: B78BBFA3) Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  18. nray53
    I'm sorry, where would I find that? I am using the Pro version.
  19. nray53
    The log files....locate under the log tab? The Protection Log for that date?
  20. nray53
    https://www.virustotal.com/en/file/57a6c516e2a06c5e4e9134d8c230a385254a21fba8bde0e6e30ec086812f1f0b/analysis/1370868965/
  21. nray53
    I did a scan and it told me that Firefox.exe was a trojan.agent and also a registry of Firefox: C:\Program Files\Mozilla Firefox\firefox.exe HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\RunFirefox Is this a false positive? I am using Firefox 21.0 Thank you.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.