Jump to content

atx

Members
  • Posts

    14
  • Joined

  • Last visited

Everything posted by atx

  1. C:\AdwCleaner\Quarantine\C\Program Files\Common Files\spigot\Search Settings\SearchSettings.exe.vir a variant of Win32/Toolbar.Widgi application C:\AdwCleaner\Quarantine\C\Program Files\Common Files\spigot\Search Settings\SearchSettings64.exe.vir a variant of Win64/Toolbar.Widgi.A application C:\AdwCleaner\Quarantine\C\Program Files\IObit Apps Toolbar\FF\components\iobitappsToolbarFF.dll.vir a variant of Win32/Toolbar.Widgi application C:\AdwCleaner\Quarantine\C\Program Files\IObit Apps Toolbar\IE\7.6\iobitappsToolbarIE.dll.vir a variant of Win32/Toolbar.Widgi application C:\Documents and Settings\zach\My Documents\Downloads\Setup-SopCast-3.4.0-2011-6-9.exe a variant of Win32/Bundled.Toolbar.Ask application C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP348\A0091720.rbf a variant of Win32/Toolbar.Widgi application C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP348\A0091723.rbf a variant of Win32/Toolbar.Widgi application C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP348\A0091734.rbf a variant of Win64/Toolbar.Widgi.A application C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP348\A0091737.rbf a variant of Win32/Toolbar.Widgi application C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP349\A0092998.rbf a variant of Win32/Toolbar.Widgi application C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP349\A0093000.rbf a variant of Win32/Toolbar.Widgi application C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP349\A0093011.rbf a variant of Win64/Toolbar.Widgi.A application C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP358\A0095833.exe a variant of Win32/Bundled.Toolbar.Ask.D application C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP368\A0099984.rbf a variant of Win32/Toolbar.Widgi application C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP368\A0099986.rbf a variant of Win32/Toolbar.Widgi application C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP368\A0099997.rbf a variant of Win64/Toolbar.Widgi.A application C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP374\A0101917.dll a variant of Win32/Toolbar.Widgi application C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP376\A0102470.exe a variant of Win32/Toolbar.Widgi application C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP376\A0102479.exe a variant of Win64/Toolbar.Widgi.A application C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP387\A0107685.dll a variant of Win32/Toolbar.Widgi application C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP387\A0107688.dll a variant of Win32/Toolbar.Widgi application C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP387\A0107689.exe a variant of Win32/Toolbar.Widgi application C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP387\A0107690.exe a variant of Win64/Toolbar.Widgi.A application C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP393\A0111712.exe Win32/OpenCandy application
  2. Gringo, Had some computer issues this morning. Anytime I start my ACT! program the computer reboots. Could this be caused by avast antivirus?
  3. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.21.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Zach :: ZACH [administrator] 10/21/2013 11:22:08 AM mbam-log-2013-10-21 (11-22-08).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 300057 Time elapsed: 16 minute(s), 8 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:43:40 AM, on 10/21/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\WINDOWS\system32\CSHelper.exe C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UTSCSI.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRAM FILES\ADOBE\ACROBAT 9.0\ACROBAT\ACROTRAY.EXE C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\zach\Local Settings\Application Data\Opera\Opera\temporary_downloads\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\Documents and Settings\zach\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.digitalmapcentral.com/MemberPages/Login.aspx?ReturnUrl=%2fAccount%2fmcalisterco.aspx R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~4\BROWER~1\ASCPLU~1.DLL O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} (HP Product Detection Control) - https://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab O16 - DPF: {57B16FC0-47A0-475E-8320-C40F375BB72C} (Metrostudy.SecurityMonitor) - http://metrostudy.com/corpwebsite/SecurityMonitor.CAB O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251269172515 O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://mcalister.network-outfitters.com:444/NELX.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mcalisterco.webex.com/client/T27LB/webex/ieatgpc.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networksolutionsemailpopwizard.com/TrueSwitchEC.exe O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = McAlisterCo.local O17 - HKLM\Software\..\Telephony: DomainName = McAlisterCo.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = McAlisterCo.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = McAlisterCo.local O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\acaptuser32.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ACT! Scheduler - Sage Software SB, Inc - c:\program files\act\act for windows\act.scheduler.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE -- End of file - 15004 bytes Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:43:40 AM, on 10/21/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\WINDOWS\system32\CSHelper.exe C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UTSCSI.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRAM FILES\ADOBE\ACROBAT 9.0\ACROBAT\ACROTRAY.EXE C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\zach\Local Settings\Application Data\Opera\Opera\temporary_downloads\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\Documents and Settings\zach\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.digitalmapcentral.com/MemberPages/Login.aspx?ReturnUrl=%2fAccount%2fmcalisterco.aspx R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~4\BROWER~1\ASCPLU~1.DLL O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} (HP Product Detection Control) - https://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab O16 - DPF: {57B16FC0-47A0-475E-8320-C40F375BB72C} (Metrostudy.SecurityMonitor) - http://metrostudy.com/corpwebsite/SecurityMonitor.CAB O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251269172515 O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://mcalister.network-outfitters.com:444/NELX.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mcalisterco.webex.com/client/T27LB/webex/ieatgpc.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networksolutionsemailpopwizard.com/TrueSwitchEC.exe O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = McAlisterCo.local O17 - HKLM\Software\..\Telephony: DomainName = McAlisterCo.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = McAlisterCo.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = McAlisterCo.local O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\acaptuser32.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ACT! Scheduler - Sage Software SB, Inc - c:\program files\act\act for windows\act.scheduler.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE -- End of file - 15004 bytes Computer is running well now.
  4. 32 Bit HP CIO Components Installer ACT! ACT! Premium 2006 Adobe Acrobat 9 Pro Extended - English, Français, Deutsch Adobe Acrobat 9.5.5 - CPSID_83708 Adobe AIR Adobe Color Common Settings Adobe Community Help Adobe ExtendScript Toolkit 2 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Media Player Adobe Photoshop CS5 Adobe Setup Advanced SystemCare 6 Amazon MP3 Downloader 1.0.15 Apple Application Support Apple Mobile Device Support Apple Software Update Audacity 1.2.6 avast! Free Antivirus AviSynth 2.5 Bonjour Browser Defender 2.0.6.15 CameraHelperMsi Cisco WebEx Meetings CompanionLink Compatibility Pack for the 2007 Office system CoreAAC CutePDF Writer 3.0 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dropbox Eraser 5.8.7 erLT File Scavenger 3.2 (English) FileZilla Client 3.7.3 GOM Player GOM Video Converter Google Earth Google Gmail Notifier Hauppauge WinTV2000 High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) iCamSource iExplorer 2.2.1.2 InterActual Player IObit Apps Toolbar v7.6 iTunes Java 7 Update 25 Java Auto Updater LAME v3.98.2 for Audacity LightScribe System Software LightScribe Template Designs - 9 to 5 Pack 1 LightScribe Template Designs - Art Pack 1 LightScribe Template Designs - Grab Bag Pack 1 LightScribe Template Designs - Street Style Pack 1 LightScribe Template Labeler Logitech Legacy USB Camera Driver Package Logitech Webcam Software Logitech Webcam Software Driver Package LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Video Mask Maker LWS VideoEffects LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2833941) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Standard Edition 2003 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 14 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Windows Media Video 9 VCM Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mozilla Firefox 24.0 (x86 en-US) Mozilla Maintenance Service MPEG2 Codec(libmpeg2/mad) MSU Screen Capture Lossless Codec v1.2 (Remove Only) NVIDIA Control Panel 310.90 NVIDIA Drivers NVIDIA Graphics Driver 310.90 NVIDIA Install Application NVIDIA nView 136.53 NVIDIA nView Desktop Manager NVIDIA PhysX NVIDIA PhysX System Software 9.12.1031 NVIDIA Update 1.11.3 NVIDIA Update Components OGA Notifier 2.0.0048.0 Opera 12.16 PDF Settings CS5 PhotoMapper 6.1 QuickTime Realtek High Definition Audio Driver Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2) Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2799329) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB2817183) Security Update for Windows Internet Explorer 8 (KB2829530) Security Update for Windows Internet Explorer 8 (KB2838727) Security Update for Windows Internet Explorer 8 (KB2846071) Security Update for Windows Internet Explorer 8 (KB2847204) Security Update for Windows Internet Explorer 8 (KB2862772) Security Update for Windows Internet Explorer 8 (KB2870699) Security Update for Windows Internet Explorer 8 (KB2879017) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Encoder (KB2447961) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Encoder (KB979332) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB2803821-v2) Security Update for Windows Media Player (KB2803821) Security Update for Windows Media Player (KB2845142) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2808735) Security Update for Windows XP (KB2813170) Security Update for Windows XP (KB2813345) Security Update for Windows XP (KB2820197) Security Update for Windows XP (KB2820917) Security Update for Windows XP (KB2829361) Security Update for Windows XP (KB2834886) Security Update for Windows XP (KB2839229) Security Update for Windows XP (KB2845187) Security Update for Windows XP (KB2847311) Security Update for Windows XP (KB2849470) Security Update for Windows XP (KB2850851) Security Update for Windows XP (KB2850869) Security Update for Windows XP (KB2859537) Security Update for Windows XP (KB2862330) Security Update for Windows XP (KB2862335) Security Update for Windows XP (KB2864063) Security Update for Windows XP (KB2868038) Security Update for Windows XP (KB2876217) Security Update for Windows XP (KB2876315) Security Update for Windows XP (KB2883150) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Skype™ 5.10 Smart Defrag 2 SonicWALL SSL-VPN NetExtender Spotify Spybot - Search & Destroy Spyware Doctor 7.0 StuffIt Expander 2010 System Requirements Lab TurboTax 2011 TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wrapper Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2836939) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition Update for Windows Internet Explorer 8 (KB2598845) Update for Windows Internet Explorer 8 (KB2632503) Update for Windows Internet Explorer 8 (KB973874) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2492386) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB2808679) Update for Windows XP (KB2863058) Update for Windows XP (KB943729) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Veetle TV 0.9.17 WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer Clean Up Windows Internet Explorer 8 Windows Management Framework Core Windows Media Encoder 9 Series Windows Migration Assistant Windows Search 4.0 Windows XP Service Pack 3 WinRAR archiver
  5. 11:45:07.0812 0x0da8 ============================================================ 11:45:07.0812 0x0da8 Scan finished 11:45:07.0812 0x0da8 ============================================================ 11:45:07.0812 0x07ec Detected object count: 0 11:45:07.0812 0x07ec Actual detected object count: 0 12:04:23.0625 0x0edc Deinitialize success RogueKiller V8.7.4 [Oct 16 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Zach [Admin rights] Mode : Remove -- Date : 10/18/2013 12:21:10 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD5000AAKS-65A7B0 +++++ --- User --- [MBR] cb915decc7c060be75074dbc46599547 [bSP] 6ab81512ed7b103b5f7d01d89b81ec91 : Windows XP MBR Code Partition table: 0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 463453 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 949168395 | Size: 13476 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_D_10182013_122110.txt >> RKreport[0]_S_10182013_121228.txt Computer seems good other than slow start up.
  6. Gringo I'm now having some issues when restarting computer. It lets me log on but the computer is extremely slow or is freezing and will not start up. I essentially can't use the computer now.
  7. ComboFix 13-10-16.02 - Zach 10/17/2013 11:08:34.2.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2960 [GMT -5:00] Running from: c:\documents and settings\zach\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\zach\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP . . ((((((((((((((((((((((((( Files Created from 2013-09-17 to 2013-10-17 ))))))))))))))))))))))))))))))) . . 2013-10-16 19:11 . 2013-10-16 19:11 -------- d-----w- c:\documents and settings\zach\Application Data\AVAST Software 2013-10-16 17:45 . 2013-10-16 17:49 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-10-16 17:45 . 2013-10-16 17:49 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-10-16 17:45 . 2013-10-16 17:49 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-10-16 17:12 . 2013-10-16 17:12 -------- d-----w- c:\windows\ERUNT 2013-10-16 16:13 . 2013-10-16 16:30 -------- d-----w- C:\AdwCleaner 2013-10-15 16:19 . 2013-10-16 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2013-10-15 15:14 . 2013-10-15 15:14 -------- d-----w- C:\FRST 2013-10-14 16:34 . 2013-10-14 16:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Threat Expert 2013-10-14 16:34 . 2013-10-14 16:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit Apps 2013-10-14 16:34 . 2013-10-14 16:34 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2013-10-13 20:32 . 2012-07-27 02:02 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2013-10-11 20:37 . 2013-10-11 20:37 17813896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2013-10-10 15:19 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys 2013-10-10 15:17 . 2013-07-17 00:58 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys 2013-10-10 15:17 . 2013-07-17 00:58 46848 -c----w- c:\windows\system32\dllcache\irbus.sys 2013-10-10 15:16 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys 2013-10-10 15:16 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys 2013-10-10 15:16 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-16 17:49 . 2011-06-17 16:52 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-10-16 17:49 . 2010-07-05 00:12 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-10-16 17:49 . 2010-07-05 00:12 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-10-16 17:49 . 2010-07-05 00:12 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-10-16 17:49 . 2010-07-05 00:12 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-10-16 17:49 . 2010-07-05 00:12 43152 ----a-w- c:\windows\avastSS.scr 2013-10-16 17:49 . 2010-07-05 00:12 269216 ----a-w- c:\windows\system32\aswBoot.exe 2013-10-14 18:19 . 2010-06-17 04:38 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2013-10-14 18:19 . 2010-06-17 04:38 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2013-10-11 20:37 . 2012-04-07 16:44 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-10-11 20:37 . 2011-08-09 19:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-09-23 18:33 . 2007-07-27 12:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-09-23 18:33 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-09-23 18:33 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-09-23 18:33 . 2007-07-27 12:00 18944 ----a-w- c:\windows\system32\corpol.dll 2013-09-23 18:06 . 2007-07-27 12:00 385024 ----a-w- c:\windows\system32\html.iec 2013-08-29 01:31 . 2007-07-27 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys 2013-08-09 01:56 . 2007-07-27 12:00 386560 ----a-w- c:\windows\system32\themeui.dll 2013-08-09 00:55 . 2007-07-27 12:00 144128 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-08-09 00:55 . 2009-09-11 01:38 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-08-09 00:55 . 2007-07-27 12:00 5376 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-08-08 14:25 . 2013-08-08 14:26 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-08-08 14:25 . 2010-04-12 16:48 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-08-08 14:25 . 2013-08-08 14:26 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-08-05 13:30 . 2007-07-27 12:00 1289728 ----a-w- c:\windows\system32\ole32.dll 2013-07-31 20:11 . 2007-07-27 12:00 810496 ----a-w- c:\windows\system32\wmvdmod.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-10-16 17:49 321752 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\zach\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\zach\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\zach\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\zach\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-19 491840] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-12-29 15635896] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2012-12-29 1982312] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2013-10-16 3568312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\acaptuser32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2013-05-08 08:17 642664 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act! Preloader] 2006-04-06 00:53 1015808 ----a-w- c:\program files\ACT\ACT for Windows\Act8.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTSchedulerUI] 2009-08-26 19:31 638976 ------w- c:\program files\ACT\ACT for Windows\Act.Scheduler.UI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] 2013-05-08 19:14 44128 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-03-06 08:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] 2010-02-22 09:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-08-28 02:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader] 2010-02-26 23:43 50520 ----a-w- c:\documents and settings\zach\Application Data\mjusbsp\cdloader2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] 2009-06-10 13:22 334224 ----a-w- c:\program files\Eraser\Eraser.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-09-10 04:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2009-08-20 18:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS] 2011-11-11 19:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2012-12-29 10:31 1982312 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2009-08-14 19:08 18702336 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonicWALLNetExtender] 2009-03-25 23:05 710480 ----a-w- c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] 2013-07-09 17:08 1104384 ----a-w- c:\program files\Spotify\Data\SpotifyWebHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] 2010-02-19 18:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] 2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\iCamSource\\iCamSource.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\documents and settings\zach\Application Data\Facebook\facebook.exe"= c:\documents and settings\zach\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Disabled:Facebook "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\zach\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Apple\\Windows Migration Assistant\\MigrationAssistant.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\ACT\\ACT for Windows\\Act8.exe"= "c:\\Documents and Settings\\zach\\Application Data\\mjusbsp\\magicJack.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "3049:TCP"= 3049:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [10/16/2013 12:45 PM 49944] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [10/16/2013 12:45 PM 178304] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/16/2010 11:38 PM 218592] R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [4/3/2013 11:18 AM 14776] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/17/2011 11:52 AM 774392] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/4/2010 7:12 PM 403440] R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [3/12/2013 12:55 PM 574272] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/4/2010 7:12 PM 35656] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [10/16/2013 12:45 PM 70384] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [6/16/2010 11:42 PM 112592] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2/6/2012 4:25 PM 13672] R2 MSSQL$ACT7;MSSQL$ACT7;c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe -sACT7 --> c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe -sACT7 [?] R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 4:26 AM 450848] R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2/23/2009 4:55 PM 20504] S2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\ACT for Windows\Act.Scheduler.exe [8/26/2009 2:32 PM 53248] S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [1/14/2010 8:51 PM 266240] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944] S3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [8/26/2009 11:27 PM 472644] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 12:25 AM 25112] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/16/2010 11:38 PM 366840] S3 SQLAgent$ACT7;SQLAgent$ACT7;c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE -i ACT7 --> c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE -i ACT7 [?] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [8/5/2010 9:36 AM 11520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-08-20 18:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2013-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 20:37] . 2013-10-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57] . 2013-10-17 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-13 17:49] . 2013-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd6012f20be5da.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-24 18:48] . 2013-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce527716cde060.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-24 18:48] . 2013-10-16 c:\windows\Tasks\SmartDefragUpdate.job - c:\program files\IObit\Smart Defrag 2\AutoUpdate.exe [2013-04-03 16:06] . 2013-10-16 c:\windows\Tasks\SmartDefrag_Startup.job - c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2013-04-03 19:37] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default\ FF - ExtSQL: 2013-09-04 10:03; {badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}; c:\documents and settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9} FF - ExtSQL: 2013-09-13 08:11; ascsurfingprotection@iobit.com; c:\documents and settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default\extensions\ascsurfingprotection@iobit.com FF - ExtSQL: !HIDDEN! 2009-09-02 12:26; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-10-17 11:21 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\.cs\PersistentHandler] @DACL=(02 0000) @="{5e941d80-bf96-11cd-b579-08002b30bfeb}" . [HKEY_LOCAL_MACHINE\software\Classes\.xslt\PersistentHandler] @DACL=(02 0000) @="{7E9D8D44-6926-426F-AA2B-217A819A5CCE}" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\mapi\Shell] @DACL=(02 0000) @="" . [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*] "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(932) c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll . - - - - - - - > 'lsass.exe'(988) c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll . - - - - - - - > 'explorer.exe'(5208) c:\windows\system32\WININET.dll c:\program files\NVIDIA Corporation\nView\nview.dll c:\documents and settings\zach\Application Data\Dropbox\bin\DropboxExt.19.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2013-10-17 11:24:42 ComboFix-quarantined-files.txt 2013-10-17 16:24 ComboFix2.txt 2013-10-16 18:56 . Pre-Run: 200,531,632,128 bytes free Post-Run: 200,587,186,176 bytes free . - - End Of File - - 01864A8D6AFC92B4D49CC3203E41766E 8F558EB6672622401DA993E1E865C861 Computer appears to be running perfectly.
  8. Log from Combofix: ComboFix 13-10-15.02 - Zach 10/16/2013 13:36:39.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2478 [GMT -5:00] Running from: c:\documents and settings\zach\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP C:\Documents c:\program files\tcpview\tcpview.exe c:\windows\system32\_000005_.tmp.dll c:\windows\system32\frapsvid.dll c:\windows\system32\SET123.tmp c:\windows\system32\SET124.tmp c:\windows\system32\SET132.tmp c:\windows\system32\SET133.tmp c:\windows\system32\SET134.tmp c:\windows\system32\SET138.tmp c:\windows\system32\SET139.tmp c:\windows\system32\SET13A.tmp c:\windows\system32\SET13E.tmp c:\windows\system32\SET140.tmp c:\windows\system32\SET165.tmp c:\windows\system32\SET17.tmp c:\windows\system32\SET1E.tmp c:\windows\system32\SET207.tmp c:\windows\system32\SET24.tmp c:\windows\system32\SET29.tmp c:\windows\system32\SET2C.tmp c:\windows\system32\SET30.tmp c:\windows\system32\SET3C.tmp c:\windows\system32\SET4.tmp c:\windows\system32\SETA67.tmp c:\windows\system32\SETA68.tmp c:\windows\system32\SETA6C.tmp c:\windows\system32\SETA6D.tmp c:\windows\system32\SETA6E.tmp c:\windows\system32\SETA70.tmp c:\windows\system32\SETA72.tmp c:\windows\system32\SETA74.tmp c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2013-09-16 to 2013-10-16 ))))))))))))))))))))))))))))))) . . 2013-10-16 17:45 . 2013-10-16 17:49 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-10-16 17:45 . 2013-10-16 17:49 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-10-16 17:45 . 2013-10-16 17:49 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-10-16 17:12 . 2013-10-16 17:12 -------- d-----w- c:\windows\ERUNT 2013-10-16 16:13 . 2013-10-16 16:30 -------- d-----w- C:\AdwCleaner 2013-10-15 16:19 . 2013-10-16 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2013-10-15 15:14 . 2013-10-15 15:14 -------- d-----w- C:\FRST 2013-10-14 16:34 . 2013-10-14 16:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Threat Expert 2013-10-14 16:34 . 2013-10-14 16:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit Apps 2013-10-14 16:34 . 2013-10-14 16:34 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2013-10-13 20:32 . 2012-07-27 02:02 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2013-10-11 20:37 . 2013-10-11 20:37 17813896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2013-10-10 15:19 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys 2013-10-10 15:17 . 2013-07-17 00:58 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys 2013-10-10 15:17 . 2013-07-17 00:58 46848 -c----w- c:\windows\system32\dllcache\irbus.sys 2013-10-10 15:16 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys 2013-10-10 15:16 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys 2013-10-10 15:16 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys 2013-09-16 18:57 . 2013-09-16 18:57 -------- d-----w- c:\windows\system32\wbem\Repository . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-16 17:49 . 2011-06-17 16:52 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-10-16 17:49 . 2010-07-05 00:12 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-10-16 17:49 . 2010-07-05 00:12 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-10-16 17:49 . 2010-07-05 00:12 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-10-16 17:49 . 2010-07-05 00:12 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-10-16 17:49 . 2010-07-05 00:12 43152 ----a-w- c:\windows\avastSS.scr 2013-10-16 17:49 . 2010-07-05 00:12 269216 ----a-w- c:\windows\system32\aswBoot.exe 2013-10-14 18:19 . 2010-06-17 04:38 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2013-10-14 18:19 . 2010-06-17 04:38 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2013-10-11 20:37 . 2012-04-07 16:44 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-10-11 20:37 . 2011-08-09 19:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-09-23 18:33 . 2007-07-27 12:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-09-23 18:33 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-09-23 18:33 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-09-23 18:33 . 2007-07-27 12:00 18944 ----a-w- c:\windows\system32\corpol.dll 2013-09-23 18:06 . 2007-07-27 12:00 385024 ----a-w- c:\windows\system32\html.iec 2013-08-29 01:31 . 2007-07-27 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys 2013-08-09 01:56 . 2007-07-27 12:00 386560 ----a-w- c:\windows\system32\themeui.dll 2013-08-09 00:55 . 2007-07-27 12:00 144128 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-08-09 00:55 . 2009-09-11 01:38 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-08-09 00:55 . 2007-07-27 12:00 5376 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-08-08 14:25 . 2013-08-08 14:26 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-08-08 14:25 . 2010-04-12 16:48 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-08-08 14:25 . 2013-08-08 14:26 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-08-05 13:30 . 2007-07-27 12:00 1289728 ----a-w- c:\windows\system32\ole32.dll 2013-07-31 20:11 . 2007-07-27 12:00 810496 ----a-w- c:\windows\system32\wmvdmod.dll 2013-07-19 06:18 . 2013-07-19 06:18 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-08-21 09:12 121528 ------w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\zach\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\zach\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\zach\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\zach\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-19 491840] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-12-29 15635896] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2012-12-29 1982312] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2012-08-21 4282728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "aswAhAScr.dll"="c:\program files\Alwil Software\Avast5\aswRegSvr.exe" [2013-10-14 51880] "aswasOutExt.dll"="c:\program files\Alwil Software\Avast5\aswRegSvr.exe" [2013-10-14 51880] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\acaptuser32.dll HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2013-05-08 08:17 642664 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act! Preloader] 2006-04-06 00:53 1015808 ----a-w- c:\program files\ACT\ACT for Windows\Act8.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTSchedulerUI] 2009-08-26 19:31 638976 ------w- c:\program files\ACT\ACT for Windows\Act.Scheduler.UI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] 2013-05-08 19:14 44128 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-03-06 08:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] 2010-02-22 09:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-08-28 02:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader] 2010-02-26 23:43 50520 ----a-w- c:\documents and settings\zach\Application Data\mjusbsp\cdloader2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] 2009-06-10 13:22 334224 ----a-w- c:\program files\Eraser\Eraser.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-09-10 04:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2009-08-20 18:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS] 2011-11-11 19:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2012-12-29 10:31 1982312 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2009-08-14 19:08 18702336 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonicWALLNetExtender] 2009-03-25 23:05 710480 ----a-w- c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] 2013-07-09 17:08 1104384 ----a-w- c:\program files\Spotify\Data\SpotifyWebHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] 2010-02-19 18:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] 2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\iCamSource\\iCamSource.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\documents and settings\zach\Application Data\Facebook\facebook.exe"= c:\documents and settings\zach\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Disabled:Facebook "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\zach\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Apple\\Windows Migration Assistant\\MigrationAssistant.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\ACT\\ACT for Windows\\Act8.exe"= "c:\\Documents and Settings\\zach\\Application Data\\mjusbsp\\magicJack.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "3049:TCP"= 3049:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/16/2010 11:38 PM 218592] R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [4/3/2013 11:18 AM 14776] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/17/2011 11:52 AM 774392] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/4/2010 7:12 PM 403440] R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [3/12/2013 12:55 PM 574272] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/4/2010 7:12 PM 35656] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [6/16/2010 11:42 PM 112592] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2/6/2012 4:25 PM 13672] R2 MSSQL$ACT7;MSSQL$ACT7;c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe -sACT7 --> c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe -sACT7 [?] R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 4:26 AM 450848] R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2/23/2009 4:55 PM 20504] S0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [10/16/2013 12:45 PM 49944] S0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [10/16/2013 12:45 PM 178304] S2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\ACT for Windows\Act.Scheduler.exe [8/26/2009 2:32 PM 53248] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [10/16/2013 12:45 PM 70384] S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [1/14/2010 8:51 PM 266240] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944] S3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [8/26/2009 11:27 PM 472644] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 12:25 AM 25112] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/16/2010 11:38 PM 366840] S3 SQLAgent$ACT7;SQLAgent$ACT7;c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE -i ACT7 --> c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE -i ACT7 [?] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [8/5/2010 9:36 AM 11520] . --- Other Services/Drivers In Memory --- . *Deregistered* - PROCEXP . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-08-20 18:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-10-15 20:09 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 20:37] . 2013-10-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57] . 2013-10-16 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-13 17:49] . 2013-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd6012f20be5da.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-24 18:48] . 2013-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce527716cde060.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-24 18:48] . 2013-10-16 c:\windows\Tasks\SmartDefragUpdate.job - c:\program files\IObit\Smart Defrag 2\AutoUpdate.exe [2013-04-03 16:06] . 2013-10-16 c:\windows\Tasks\SmartDefrag_Startup.job - c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2013-04-03 19:37] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default\ FF - ExtSQL: 2013-09-04 10:03; {badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}; c:\documents and settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9} FF - ExtSQL: 2013-09-13 08:11; ascsurfingprotection@iobit.com; c:\documents and settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default\extensions\ascsurfingprotection@iobit.com FF - ExtSQL: !HIDDEN! 2009-09-02 12:26; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . ------- File Associations ------- . .txt= . - - - - ORPHANS REMOVED - - - - . Notify-AtiExtEvent - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-10-16 13:51 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\.cs\PersistentHandler] @DACL=(02 0000) @="{5e941d80-bf96-11cd-b579-08002b30bfeb}" . [HKEY_LOCAL_MACHINE\software\Classes\.xslt\PersistentHandler] @DACL=(02 0000) @="{7E9D8D44-6926-426F-AA2B-217A819A5CCE}" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\mapi\Shell] @DACL=(02 0000) @="" . [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*] "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(940) c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll . - - - - - - - > 'lsass.exe'(996) c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll . Completion time: 2013-10-16 13:56:09 ComboFix-quarantined-files.txt 2013-10-16 18:55 . Pre-Run: 198,232,424,448 bytes free Post-Run: 199,277,281,280 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut . - - End Of File - - 2A53AFCBEDE191E674731D6E8956F21C 8F558EB6672622401DA993E1E865C861 The only problems other than not being able to run malwarebytes & my antivirus software were that i would get random redirections using Chrome. I can open malwarebytes & antivirus now. All is running seemingly well.
  9. Gringo, That last JRT report didn't copy completely. Here is the full report: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.7 (10.15.2013:3) OS: Microsoft Windows XP x86 Ran by Zach on Wed 10/16/2013 at 12:12:13.09 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted the following from C:\Documents and Settings\zach\Application Data\mozilla\firefox\profiles\m07w8cxa.default\prefs.js ~~~ Chrome Dumping contents of C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\Default C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadcgddfdfdfdjdbdgdidegedeggdjdb C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadcgddfdfdfdjdbdgdidegedeggdjdb\background.html C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadcgddfdfdfdjdbdgdidegedeggdjdb\ContentScript.js C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadcgddfdfdfdjdbdgdidegedeggdjdb\manifest.json Successfully deleted: [Folder] C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\Default [Default Extension 1.0] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 10/16/2013 at 12:20:50.29 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  10. Gringo, Things seem to be running fine now. Here are the reports. # AdwCleaner v3.007 - Report created 16/10/2013 at 11:16:56 # Updated 09/10/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Zach - ZACH # Running from : C:\Documents and Settings\zach\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** [#] Service Deleted : Application Updater ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon Folder Deleted : C:\Program Files\Application Updater Folder Deleted : C:\Program Files\IObit Apps Toolbar Folder Deleted : C:\Program Files\Common Files\spigot Folder Deleted : C:\Documents and Settings\zach\Local Settings\Application Data\Babylon Folder Deleted : C:\Documents and Settings\zach\Application Data\Babylon Folder Deleted : C:\Documents and Settings\zach\Application Data\Search Settings Folder Deleted : C:\Documents and Settings\zach\Application Data\software4u File Deleted : C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Software4u\iPhone Explorer\Software4u.IPhoneExplorer.exe] Key Deleted : HKCU\Software\Search Settings Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings Key Deleted : HKLM\Software\Application Updater Key Deleted : HKLM\Software\Search Settings Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494 ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v24.0 (en-US) [ File : C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default\prefs.js ] Line Deleted : user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_341.name", "DODGYKEN-200NL-OCT312008"); Line Deleted : user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_343.name", "TICKNER-OCT192008"); Line Deleted : user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_416.name", "THAC-50NL-OCT82009"); Line Deleted : user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_445.name", "AEJONES-400NL-OCT22008"); Line Deleted : user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_455.name", "AEJONES-400NL-OCT142009"); Line Deleted : user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_456.name", "GREG-400NL-OCT192009"); Line Deleted : user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_465.name", "GREG-10000-OCT212008"); Line Deleted : user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_466.name", "GREGMONTAGE-OCT152008"); Line Deleted : user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_467.name", "LUCKYCHEWY-5000NL-OCT242008"); Line Deleted : user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_478.name", "ZUGWAT-20000NL-OCT112009"); Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...] Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*"); Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}"); -\\ Google Chrome v30.0.1599.101 [ File : C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] [ File : C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [9561 octets] - [16/10/2013 11:13:28] AdwCleaner[s0].txt - [9023 octets] - [16/10/2013 11:16:56] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [9083 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.7 (10.15.2013:3) OS: Microsoft Windows XP x86 Ran by Zach on Wed 10/16/2013 at 12:12:13.09 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted the following from C:\Documents and Settings\zach\Application Data\mozilla\firefox\profiles\m07w8cxa.default\prefs.js ~~~ Chrome Dumping contents of C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\Default C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadcgddfdfdfdjdbdgdidegedeggdjdb C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadcgddfdfdfdjdbdgdidegedeggdjdb\background.html C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadcgddfdfdfdjdbdgdidegedeggdjdb\ContentScript.js C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadcgddfdfdfdjdbdgdidegedeggdjdb\manifest.json Successfully deleted: [Folder] C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\Default [Default Extension 1.0] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 10/16/2013 at 12:20:50.29 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  11. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013 Ran by Zach at 2013-10-15 11:09:56 Run:1 Running from C:\Documents and Settings\zach\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION U3 pxtdypow; \??\C:\DOCUME~1\zach\LOCALS~1\Temp\pxtdypow.sys [x] ***************** HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. pxtdypow => Service deleted successfully. ==== End of Fixlog ====
  12. Thanks Gringo. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013 Ran by Zach (administrator) on ZACH on 15-10-2013 10:14:34 Running from C:\Documents and Settings\zach\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Spigot, Inc.) C:\Program Files\Application Updater\ApplicationUpdater.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Threat Expert Ltd.) C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe () C:\WINDOWS\system32\CSHelper.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Apple Inc.) C:\program files\itunes\ituneshelper.exe (Spigot, Inc.) C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spotify Ltd) C:\Program Files\Spotify\Data\SpotifyWebHelper.exe (SonicWALL Inc.) C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe () C:\WINDOWS\system32\UTSCSI.EXE (Adobe Systems Inc.) C:\PROGRAM FILES\ADOBE\ACROBAT 9.0\ACROBAT\ACROTRAY.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () C:\Documents and Settings\zach\Desktop\GMER.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Opera Software) C:\Program Files\Opera\opera.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1982312 2012-12-29] () HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [] - [x] HKLM\...\Run: [avast] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4282728 2012-08-21] (AVAST Software) HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0 HKLM\...\Policies\Explorer: [NoResolveSearch] 1 HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1 HKCU\...\Run: [Advanced SystemCare 6] - C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit) HKCU\...\Policies\Explorer: [_NoDriveTypeAutoRun] 145 HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0 MountPoints2: {0086fb02-9e72-11de-ac63-00225f49b3f8} - N:\magicJack\autorun.exe AppInit_DLLs: acaptuser32.dll [ 2013-05-08] (Adobe Systems Incorporated) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.digitalmapcentral.com/MemberPages/Login.aspx?ReturnUrl=%2fAccount%2fmcalisterco.aspx URLSearchHook: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.6\iobitappsToolbarIE.dll (Spigot, Inc.) SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.6\iobitappsToolbarIE.dll (Spigot, Inc.) BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: PC Tools Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~4\BROWER~1\ASCPLU~1.DLL (IObit) BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) Toolbar: HKLM - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.6\iobitappsToolbarIE.dll (Spigot, Inc.) Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File Toolbar: HKCU -PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab DPF: {57B16FC0-47A0-475E-8320-C40F375BB72C} http://metrostudy.com/corpwebsite/SecurityMonitor.CAB DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251269172515 DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://mcalister.network-outfitters.com:444/NELX.cab DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mcalisterco.webex.com/client/T27LB/webex/ieatgpc.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} http://www.networksolutionsemailpopwizard.com/TrueSwitchEC.exe Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Winsock: Catalog9 01 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [321464] (PC Tools Research Pty Ltd.) Winsock: Catalog9 02 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [321464] (PC Tools Research Pty Ltd.) Winsock: Catalog9 03 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [321464] (PC Tools Research Pty Ltd.) Winsock: Catalog9 09 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [321464] (PC Tools Research Pty Ltd.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default FF user.js: detected! => C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default\user.js FF SelectedSearchEngine: Yahoo FF Homepage: https://login.digitalmapcentral.com/MemberPages/Login.aspx?ReturnUrl=%2faccount%2fmcalisterco.aspx FF NetworkProxy: "no_proxies_on", "*.local" FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @IObit.com/np_Asc_Plugin - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\np_Asc_plugin.dll (IObit) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @veetle.com/vbp;version=0.9.17 - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.17 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.17 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml FF Extension: Advanced SystemCare Surfing Protection - C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default\Extensions\ascsurfingprotection@iobit.com FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: Address Bar Search - C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9} FF Extension: No Name - C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: avast! WebRep - C:\Program Files\Alwil Software\Avast5\WebRep\FF Chrome: ======= CHR DefaultSearchURL: (Yahoo!) - http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=668083&p={searchTerms} CHR DefaultSuggestURL: (Yahoo!) - http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms} CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) CHR Plugin: (Veetle Broadcaster Plugin) - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (TVU Web Player for FireFox) - C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks) CHR Extension: (YouTube) - C:\DOCUME~1\zach\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\DOCUME~1\zach\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: () - C:\DOCUME~1\zach\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0 CHR Extension: (avast! WebRep) - C:\DOCUME~1\zach\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0 CHR Extension: () - C:\DOCUME~1\zach\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0 CHR Extension: () - C:\DOCUME~1\zach\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0 CHR Extension: (Gmail) - C:\DOCUME~1\zach\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR Extension: () - C:\DOCUME~1\zach\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_1780_11668 CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx ========================== Services (Whitelisted) ================= S2 ACT! Scheduler; c:\program files\act\act for windows\act.scheduler.exe [53248 2009-08-26] (Sage Software SB, Inc) R2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit) R2 Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [807800 2013-09-02] (Spigot, Inc.) R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [44808 2012-08-21] (AVAST Software) R2 Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [112592 2010-01-22] (Threat Expert Ltd.) R2 CSHelper; C:\WINDOWS\system32\CSHelper.exe [266240 2010-01-14] () R2 MSSQL$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe [7544916 2003-05-31] (Microsoft Corporation) S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) S3 sdAuxService; C:\Program Files\Spyware Doctor\pctsAuxs.exe [366840 2010-03-11] (PC Tools) S3 sdCoreService; C:\Program Files\Spyware Doctor\pctsSvc.exe [1142224 2010-03-15] (PC Tools) R2 SONICWALL_NetExtender; C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe [304976 2009-03-25] (SonicWALL Inc.) S3 SQLAgent$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.) R2 UTSCSI; C:\WINDOWS\system32\UTSCSI.EXE [45056 2010-04-15] () R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" ==================== Drivers (Whitelisted) ==================== R1 Aavmker4; C:\Windows\System32\Drivers\Aavmker4.sys [25256 2012-08-21] (AVAST Software) R1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-08-21] (AVAST Software) R2 aswMon2; C:\Windows\System32\Drivers\aswMon2.sys [97608 2012-08-21] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [35928 2012-08-21] (AVAST Software) R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [729752 2012-08-21] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355632 2012-08-21] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-08-21] (AVAST Software) S3 FilterService; C:\Windows\System32\DRIVERS\lvuvcflt.sys [23832 2009-10-07] (Logitech Inc.) S3 HCWBT8XX; C:\Windows\System32\drivers\HCWBT8XX.sys [472644 2006-01-25] (Hauppauge Computer Works) S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation) S3 lvselsus; C:\Windows\System32\DRIVERS\lvselsus.sys [66456 2009-10-07] (Logitech Inc.) R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2007-07-18] (Logitech Inc.) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation) R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation) R0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [218592 2013-10-14] (PC Tools) S3 PRISM_A02; C:\Windows\System32\DRIVERS\WUSB20XP.sys [339488 2004-04-15] (Cisco-Linksys, LLC.) R3 RT73; C:\Windows\System32\DRIVERS\rt73.sys [459520 2008-01-15] (Ralink Technology, Corp.) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [14776 2010-11-26] () R3 SSLDrv; C:\Windows\System32\DRIVERS\SSLDrv.sys [20504 2009-02-23] (SonicWALL Inc.) S4 IntelIde; No ImagePath U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-13] (Microsoft Corporation) U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U3 pxtdypow; \??\C:\DOCUME~1\zach\LOCALS~1\Temp\pxtdypow.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-15 10:14 - 2013-10-15 10:14 - 01087213 _____ (Farbar) C:\Documents and Settings\zach\Desktop\FRST.exe 2013-10-15 10:14 - 2013-10-15 10:14 - 00000000 ____D C:\FRST 2013-10-15 10:06 - 2013-10-15 10:06 - 00118781 _____ C:\Documents and Settings\zach\Desktop\ark.txt 2013-10-15 09:51 - 2013-10-15 09:51 - 00118781 _____ C:\Documents and Settings\zach\Desktop\GMER.log 2013-10-14 13:59 - 2013-10-14 13:59 - 00377856 _____ C:\Documents and Settings\zach\Desktop\GMER.exe 2013-10-14 13:48 - 2013-10-14 13:48 - 00029982 _____ C:\Documents and Settings\zach\Desktop\attach.txt 2013-10-14 13:48 - 2013-10-14 13:48 - 00023402 _____ C:\Documents and Settings\zach\Desktop\dds.txt 2013-10-14 13:42 - 2013-10-14 13:42 - 00017007 _____ C:\Documents and Settings\zach\Desktop\hijackthis.log 2013-10-14 12:41 - 2013-10-14 12:41 - 00688992 ____R (Swearware) C:\Documents and Settings\zach\Desktop\dds.scr 2013-10-14 12:38 - 2013-10-14 12:38 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\zach\Desktop\HijackThis.exe 2013-10-14 12:23 - 2013-10-14 12:24 - 00006062 _____ C:\Documents and Settings\zach\Desktop\Rkill.txt 2013-10-14 12:00 - 2013-10-14 12:11 - 07790404 _____ C:\Documents and Settings\zach\Desktop\macroE1.psd 2013-10-14 11:34 - 2013-10-14 11:34 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache 2013-10-14 11:34 - 2013-10-14 11:34 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Threat Expert 2013-10-14 11:34 - 2013-10-14 11:34 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia 2013-10-14 11:34 - 2013-10-14 11:34 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe 2013-10-13 15:59 - 2013-10-13 15:59 - 00769887 _____ C:\Documents and Settings\zach\Local Settings\Application Data\census.cache 2013-10-13 15:59 - 2013-10-13 15:59 - 00223686 _____ C:\Documents and Settings\zach\Local Settings\Application Data\ars.cache 2013-10-13 15:32 - 2012-07-26 21:02 - 00257928 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys 2013-10-13 15:30 - 2013-10-13 15:30 - 00000036 _____ C:\Documents and Settings\zach\Local Settings\Application Data\housecall.guid.cache 2013-10-13 13:49 - 2013-10-14 12:27 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2013-10-11 15:37 - 2013-10-11 15:37 - 17813896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe 2013-10-11 03:48 - 2013-10-15 10:16 - 03030009 _____ C:\WINDOWS\pfirewall.log 2013-10-11 03:48 - 2013-10-14 16:27 - 00000539 _____ C:\WINDOWS\wiadebug.log 2013-10-11 03:48 - 2013-10-14 14:08 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-10-11 03:48 - 2013-10-11 03:48 - 00000000 _____ C:\WINDOWS\Sti_Trace.log 2013-10-11 03:25 - 2013-10-11 03:26 - 00139480 _____ C:\WINDOWS\KB2847311.log 2013-10-11 03:25 - 2013-10-11 03:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$ 2013-10-11 03:24 - 2013-10-11 03:24 - 00139476 _____ C:\WINDOWS\KB2862335.log 2013-10-11 03:24 - 2013-10-11 03:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$ 2013-10-11 03:12 - 2013-10-11 03:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$ 2013-10-11 03:11 - 2013-10-11 03:12 - 00020410 _____ C:\WINDOWS\KB2868038.log 2013-10-11 03:09 - 2013-10-11 03:25 - 00003415 _____ C:\WINDOWS\updspapi.log 2013-10-11 03:08 - 2013-10-13 13:54 - 00046762 _____ C:\WINDOWS\iis6.log 2013-10-11 03:08 - 2013-10-13 13:54 - 00043888 _____ C:\WINDOWS\FaxSetup.log 2013-10-11 03:08 - 2013-10-13 13:54 - 00023422 _____ C:\WINDOWS\ocgen.log 2013-10-11 03:08 - 2013-10-13 13:54 - 00021510 _____ C:\WINDOWS\tsoc.log 2013-10-11 03:08 - 2013-10-13 13:54 - 00014726 _____ C:\WINDOWS\comsetup.log 2013-10-11 03:08 - 2013-10-13 13:54 - 00009221 _____ C:\WINDOWS\ntdtcsetup.log 2013-10-11 03:08 - 2013-10-13 13:54 - 00008090 _____ C:\WINDOWS\netfxocm.log 2013-10-11 03:08 - 2013-10-13 13:54 - 00003269 _____ C:\WINDOWS\MedCtrOC.log 2013-10-11 03:08 - 2013-10-13 13:54 - 00002477 _____ C:\WINDOWS\ocmsn.log 2013-10-11 03:08 - 2013-10-13 13:54 - 00002284 _____ C:\WINDOWS\msgsocm.log 2013-10-11 03:08 - 2013-10-13 13:54 - 00002177 _____ C:\WINDOWS\tabletoc.log 2013-10-11 03:08 - 2013-10-13 13:54 - 00001943 _____ C:\WINDOWS\imsins.log 2013-10-11 03:08 - 2013-10-13 13:53 - 00013230 _____ C:\WINDOWS\msmqinst.log 2013-10-11 03:08 - 2013-10-11 03:26 - 00001393 _____ C:\WINDOWS\imsins.BAK 2013-10-11 03:08 - 2013-10-11 03:09 - 00021156 _____ C:\WINDOWS\KB2879017-IE8.log 2013-10-11 03:08 - 2013-10-11 03:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$ 2013-10-11 03:08 - 2013-10-11 03:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$ 2013-10-11 03:08 - 2013-10-11 03:08 - 00000000 _____ C:\WINDOWS\setuperr.log 2013-10-11 03:08 - 2013-10-11 03:08 - 00000000 _____ C:\WINDOWS\setupact.log 2013-10-11 03:07 - 2013-10-11 03:24 - 00012713 _____ C:\WINDOWS\setupapi.log 2013-10-10 10:19 - 2013-07-02 21:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys 2013-10-10 10:17 - 2013-07-16 19:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys 2013-10-10 10:17 - 2013-07-16 19:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys 2013-10-10 10:16 - 2013-08-08 19:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys 2013-10-10 10:16 - 2013-08-08 19:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys 2013-10-10 10:16 - 2009-03-18 06:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys 2013-09-27 11:50 - 2013-09-27 11:50 - 447604565 _____ C:\Documents and Settings\zach\Desktop\FM969 originals.zip 2013-09-25 11:06 - 2013-09-25 11:06 - 283316212 _____ C:\Documents and Settings\zach\Desktop\FM969.zip 2013-09-24 12:03 - 2013-09-24 12:03 - 23015674 _____ C:\Documents and Settings\zach\Desktop\Bee Cave_Hwy 71 Pad Sites_JP_v2.bmp 2013-09-23 16:10 - 2013-09-23 16:27 - 00000000 ____D C:\Documents and Settings\zach\Desktop\TO UPLOAD TO MCA 2013-09-23 15:07 - 2013-09-23 15:07 - 01667584 _____ C:\Documents and Settings\zach\Desktop\Rockspring Capital - RE 145ac Shepherd Mountain.msg 2013-09-23 15:07 - 2013-09-23 15:07 - 00029184 _____ C:\Documents and Settings\zach\Desktop\Colton.msg 2013-09-23 14:03 - 2013-10-07 15:53 - 00000600 _____ C:\Documents and Settings\zach\Local Settings\Application Data\PUTTY.RND 2013-09-21 11:02 - 2013-09-21 11:04 - 00000000 ____D C:\Documents and Settings\zach\Desktop\Master Contacts Spreadsheet 2011 2013-09-20 15:57 - 2013-09-20 15:57 - 00047616 _____ C:\Documents and Settings\zach\Desktop\Re links to stored documents.msg 2013-09-20 12:38 - 2013-09-20 12:38 - 00036864 _____ C:\Documents and Settings\zach\Desktop\MCA WEBSITE LOGIN .msg 2013-09-18 19:08 - 2013-09-19 16:16 - 00046588 _____ C:\Documents and Settings\zach\Desktop\Zach Deals - Sept 2013.xlsx 2013-09-18 12:14 - 2013-09-19 12:10 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-09-17 16:28 - 2013-09-17 16:40 - 00001456 _____ C:\Documents and Settings\zach\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs 2013-09-17 15:04 - 2013-09-19 11:39 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Arclab MailList Controller 2013-09-16 13:55 - 2013-09-16 13:58 - 00000000 ____D C:\Program Files\Application Updater 2013-09-16 13:55 - 2013-09-16 13:55 - 00000000 ____D C:\Program Files\Common Files\Spigot 2013-09-16 13:55 - 2013-09-16 13:55 - 00000000 ____D C:\Documents and Settings\zach\Local Settings\Application Data\Babylon 2013-09-16 13:55 - 2013-09-16 13:55 - 00000000 ____D C:\Documents and Settings\zach\Application Data\Search Settings 2013-09-16 13:55 - 2013-09-16 13:55 - 00000000 ____D C:\Documents and Settings\zach\Application Data\Babylon 2013-09-16 13:55 - 2013-09-16 13:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Babylon 2013-09-16 13:54 - 2013-09-16 13:55 - 00000000 ____D C:\Documents and Settings\zach\Desktop\MICROSOFT OFFICE 2010 2013-09-16 13:54 - 2013-09-16 13:54 - 00000000 ____D C:\Documents and Settings\zach\Desktop\11.7ac - Aug 2013 2013-09-16 13:15 - 2013-09-16 13:15 - 00000000 ____D C:\Program Files\Constant Contact 2013-09-16 13:15 - 2013-09-16 13:15 - 00000000 ____D C:\CTCTOutlook 2013-09-16 12:48 - 2013-09-16 12:48 - 00016417 _____ C:\Documents and Settings\zach\Desktop\Book1.xlsx ==================== One Month Modified Files and Folders ======= 2013-10-15 10:16 - 2013-10-11 03:48 - 03030009 _____ C:\WINDOWS\pfirewall.log 2013-10-15 10:14 - 2013-10-15 10:14 - 01087213 _____ (Farbar) C:\Documents and Settings\zach\Desktop\FRST.exe 2013-10-15 10:14 - 2013-10-15 10:14 - 00000000 ____D C:\FRST 2013-10-15 10:09 - 2013-05-16 15:51 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1ce527716cde060.job 2013-10-15 10:06 - 2013-10-15 10:06 - 00118781 _____ C:\Documents and Settings\zach\Desktop\ark.txt 2013-10-15 09:51 - 2013-10-15 09:51 - 00118781 _____ C:\Documents and Settings\zach\Desktop\GMER.log 2013-10-15 09:37 - 2013-04-03 10:03 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-10-15 09:01 - 2009-08-26 00:33 - 01849648 _____ C:\WINDOWS\WindowsUpdate.log 2013-10-15 02:03 - 2012-07-13 10:56 - 00000318 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2013-10-14 16:27 - 2013-10-11 03:48 - 00000539 _____ C:\WINDOWS\wiadebug.log 2013-10-14 15:09 - 2012-07-12 04:44 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cd6012f20be5da.job 2013-10-14 14:56 - 2009-08-26 14:29 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2013-10-14 14:18 - 2010-06-16 23:38 - 00000000 ____D C:\Program Files\Spyware Doctor 2013-10-14 14:10 - 2012-06-28 14:58 - 00000000 ___RD C:\Documents and Settings\zach\My Documents\Dropbox 2013-10-14 14:10 - 2012-06-28 14:54 - 00000000 ____D C:\Documents and Settings\zach\Application Data\Dropbox 2013-10-14 14:09 - 2007-07-27 07:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl 2013-10-14 14:08 - 2013-10-11 03:48 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-10-14 14:06 - 2013-04-03 12:35 - 00000278 _____ C:\WINDOWS\Tasks\SmartDefrag_Startup.job 2013-10-14 14:06 - 2013-04-03 12:35 - 00000276 _____ C:\WINDOWS\Tasks\SmartDefragUpdate.job 2013-10-14 14:06 - 2011-01-03 10:32 - 00000374 _____ C:\WINDOWS\Tasks\AWC AutoSweep.job 2013-10-14 14:05 - 2009-08-26 13:43 - 00000000 __SHD C:\WINDOWS\CSC 2013-10-14 14:05 - 2009-08-26 00:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-10-14 13:59 - 2013-10-14 13:59 - 00377856 _____ C:\Documents and Settings\zach\Desktop\GMER.exe 2013-10-14 13:48 - 2013-10-14 13:48 - 00029982 _____ C:\Documents and Settings\zach\Desktop\attach.txt 2013-10-14 13:48 - 2013-10-14 13:48 - 00023402 _____ C:\Documents and Settings\zach\Desktop\dds.txt 2013-10-14 13:42 - 2013-10-14 13:42 - 00017007 _____ C:\Documents and Settings\zach\Desktop\hijackthis.log 2013-10-14 13:42 - 2011-08-09 13:43 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2013-10-14 13:27 - 2011-12-20 17:25 - 00032280 _____ C:\WINDOWS\Tasks\SCHEDLGU.TXT 2013-10-14 13:25 - 2013-08-28 12:47 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt 2013-10-14 13:24 - 2009-08-26 13:44 - 00000278 ___SH C:\Documents and Settings\zach\ntuser.ini 2013-10-14 13:19 - 2010-06-16 23:38 - 00218592 _____ (PC Tools) C:\WINDOWS\system32\Drivers\PCTCore.sys 2013-10-14 13:19 - 2010-06-16 23:38 - 00063360 _____ (PC Tools) C:\WINDOWS\system32\Drivers\pctplsg.sys 2013-10-14 13:10 - 2009-11-13 20:57 - 00000000 ____D C:\Program Files\SourceTec 2013-10-14 13:05 - 2013-05-17 14:05 - 00000000 ____D C:\Program Files\Safari 2013-10-14 13:00 - 2013-02-04 13:02 - 00000000 ____D C:\Program Files\Citrix 2013-10-14 12:54 - 2012-10-01 18:52 - 00000000 ____D C:\Documents and Settings\zach\Application Data\DVDVideoSoft 2013-10-14 12:41 - 2013-10-14 12:41 - 00688992 ____R (Swearware) C:\Documents and Settings\zach\Desktop\dds.scr 2013-10-14 12:38 - 2013-10-14 12:38 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\zach\Desktop\HijackThis.exe 2013-10-14 12:27 - 2013-10-13 13:49 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2013-10-14 12:27 - 2010-07-05 12:15 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-14 12:27 - 2010-07-05 12:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2013-10-14 12:25 - 2009-08-26 13:59 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-10-14 12:24 - 2013-10-14 12:23 - 00006062 _____ C:\Documents and Settings\zach\Desktop\Rkill.txt 2013-10-14 12:11 - 2013-10-14 12:00 - 07790404 _____ C:\Documents and Settings\zach\Desktop\macroE1.psd 2013-10-14 11:34 - 2013-10-14 11:34 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache 2013-10-14 11:34 - 2013-10-14 11:34 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Threat Expert 2013-10-14 11:34 - 2013-10-14 11:34 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia 2013-10-14 11:34 - 2013-10-14 11:34 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe 2013-10-14 11:34 - 2009-08-26 13:59 - 00000000 ____D C:\Documents and Settings\Administrator 2013-10-14 10:39 - 2011-01-03 10:32 - 00000386 _____ C:\WINDOWS\Tasks\AWC Update.job 2013-10-13 15:59 - 2013-10-13 15:59 - 00769887 _____ C:\Documents and Settings\zach\Local Settings\Application Data\census.cache 2013-10-13 15:59 - 2013-10-13 15:59 - 00223686 _____ C:\Documents and Settings\zach\Local Settings\Application Data\ars.cache 2013-10-13 15:30 - 2013-10-13 15:30 - 00000036 _____ C:\Documents and Settings\zach\Local Settings\Application Data\housecall.guid.cache 2013-10-13 15:12 - 2009-08-26 15:53 - 00000000 ____D C:\Program Files\Opera 2013-10-13 13:54 - 2013-10-11 03:08 - 00046762 _____ C:\WINDOWS\iis6.log 2013-10-13 13:54 - 2013-10-11 03:08 - 00043888 _____ C:\WINDOWS\FaxSetup.log 2013-10-13 13:54 - 2013-10-11 03:08 - 00023422 _____ C:\WINDOWS\ocgen.log 2013-10-13 13:54 - 2013-10-11 03:08 - 00021510 _____ C:\WINDOWS\tsoc.log 2013-10-13 13:54 - 2013-10-11 03:08 - 00014726 _____ C:\WINDOWS\comsetup.log 2013-10-13 13:54 - 2013-10-11 03:08 - 00009221 _____ C:\WINDOWS\ntdtcsetup.log 2013-10-13 13:54 - 2013-10-11 03:08 - 00008090 _____ C:\WINDOWS\netfxocm.log 2013-10-13 13:54 - 2013-10-11 03:08 - 00003269 _____ C:\WINDOWS\MedCtrOC.log 2013-10-13 13:54 - 2013-10-11 03:08 - 00002477 _____ C:\WINDOWS\ocmsn.log 2013-10-13 13:54 - 2013-10-11 03:08 - 00002284 _____ C:\WINDOWS\msgsocm.log 2013-10-13 13:54 - 2013-10-11 03:08 - 00002177 _____ C:\WINDOWS\tabletoc.log 2013-10-13 13:54 - 2013-10-11 03:08 - 00001943 _____ C:\WINDOWS\imsins.log 2013-10-13 13:53 - 2013-10-11 03:08 - 00013230 _____ C:\WINDOWS\msmqinst.log 2013-10-13 12:20 - 2009-08-26 00:37 - 00000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini 2013-10-13 12:03 - 2013-01-27 16:06 - 00000178 ___SH C:\Documents and Settings\UpdatusUser\ntuser.ini 2013-10-11 15:48 - 2013-08-20 11:56 - 57487360 _____ C:\WINDOWS\system32\config\software.iobit 2013-10-11 15:48 - 2013-08-20 11:56 - 04509696 _____ C:\WINDOWS\system32\config\default.iobit 2013-10-11 15:48 - 2013-08-20 11:56 - 00069632 _____ C:\WINDOWS\system32\config\SECURITY.iobit 2013-10-11 15:48 - 2013-08-20 11:56 - 00032768 _____ C:\WINDOWS\system32\config\SAM.iobit 2013-10-11 15:48 - 2009-08-26 13:44 - 00000000 ____D C:\Documents and Settings\zach 2013-10-11 15:48 - 2009-08-26 00:37 - 00000000 __SHD C:\Documents and Settings\NetworkService 2013-10-11 15:48 - 2009-08-26 00:37 - 00000000 __SHD C:\Documents and Settings\LocalService 2013-10-11 15:37 - 2013-10-11 15:37 - 17813896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe 2013-10-11 15:37 - 2012-04-07 11:44 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2013-10-11 15:37 - 2011-08-09 14:13 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2013-10-11 03:53 - 2009-08-25 19:24 - 03810648 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-10-11 03:48 - 2013-10-11 03:48 - 00000000 _____ C:\WINDOWS\Sti_Trace.log 2013-10-11 03:48 - 2012-01-04 11:11 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-11 03:31 - 2013-08-28 12:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help 2013-10-11 03:28 - 2009-08-25 19:25 - 00686552 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-10-11 03:26 - 2013-10-11 03:25 - 00139480 _____ C:\WINDOWS\KB2847311.log 2013-10-11 03:26 - 2013-10-11 03:08 - 00001393 _____ C:\WINDOWS\imsins.BAK 2013-10-11 03:25 - 2013-10-11 03:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$ 2013-10-11 03:25 - 2013-10-11 03:09 - 00003415 _____ C:\WINDOWS\updspapi.log 2013-10-11 03:24 - 2013-10-11 03:24 - 00139476 _____ C:\WINDOWS\KB2862335.log 2013-10-11 03:24 - 2013-10-11 03:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$ 2013-10-11 03:24 - 2013-10-11 03:07 - 00012713 _____ C:\WINDOWS\setupapi.log 2013-10-11 03:24 - 2011-12-07 13:08 - 00020881 _____ C:\WINDOWS\system32\lvcoinst.log 2013-10-11 03:21 - 2013-08-14 09:37 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-10-11 03:16 - 2012-01-04 11:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight 2013-10-11 03:16 - 2009-08-26 01:36 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-10-11 03:12 - 2013-10-11 03:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$ 2013-10-11 03:12 - 2013-10-11 03:11 - 00020410 _____ C:\WINDOWS\KB2868038.log 2013-10-11 03:09 - 2013-10-11 03:08 - 00021156 _____ C:\WINDOWS\KB2879017-IE8.log 2013-10-11 03:09 - 2009-08-26 01:39 - 00000000 ____D C:\WINDOWS\ie8updates 2013-10-11 03:08 - 2013-10-11 03:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$ 2013-10-11 03:08 - 2013-10-11 03:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$ 2013-10-11 03:08 - 2013-10-11 03:08 - 00000000 _____ C:\WINDOWS\setuperr.log 2013-10-11 03:08 - 2013-10-11 03:08 - 00000000 _____ C:\WINDOWS\setupact.log 2013-10-09 17:05 - 2011-03-31 15:44 - 00000000 ____D C:\Documents and Settings\zach\Application Data\FileZilla 2013-10-07 15:53 - 2013-09-23 14:03 - 00000600 _____ C:\Documents and Settings\zach\Local Settings\Application Data\PUTTY.RND 2013-10-07 13:57 - 2009-08-27 01:27 - 00004096 _____ C:\Documents and Settings\All Users\Application Data\ScheduledItems 2013-10-07 13:56 - 2009-08-26 15:24 - 00001786 ___SH C:\WINDOWS\system32\KGyGaAvL.sys 2013-10-02 11:30 - 2010-10-06 09:11 - 00000000 ____D C:\Documents and Settings\zach\Application Data\webex 2013-09-30 13:04 - 2011-10-31 13:15 - 00000000 ____D C:\Documents and Settings\zach\My Documents\CHEVY SILVERADO 2013-09-27 11:50 - 2013-09-27 11:50 - 447604565 _____ C:\Documents and Settings\zach\Desktop\FM969 originals.zip 2013-09-25 11:06 - 2013-09-25 11:06 - 283316212 _____ C:\Documents and Settings\zach\Desktop\FM969.zip 2013-09-24 12:03 - 2013-09-24 12:03 - 23015674 _____ C:\Documents and Settings\zach\Desktop\Bee Cave_Hwy 71 Pad Sites_JP_v2.bmp 2013-09-23 23:36 - 2009-03-08 04:32 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe 2013-09-23 23:36 - 2007-07-27 07:00 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2013-09-23 16:27 - 2013-09-23 16:10 - 00000000 ____D C:\Documents and Settings\zach\Desktop\TO UPLOAD TO MCA 2013-09-23 15:13 - 2013-09-03 14:43 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-09-23 15:07 - 2013-09-23 15:07 - 01667584 _____ C:\Documents and Settings\zach\Desktop\Rockspring Capital - RE 145ac Shepherd Mountain.msg 2013-09-23 15:07 - 2013-09-23 15:07 - 00029184 _____ C:\Documents and Settings\zach\Desktop\Colton.msg 2013-09-23 13:33 - 2012-06-13 12:14 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll 2013-09-23 13:33 - 2010-06-11 14:48 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll 2013-09-23 13:33 - 2009-08-26 01:39 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll 2013-09-23 13:33 - 2009-08-26 01:39 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll 2013-09-23 13:33 - 2009-08-26 01:39 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll 2013-09-23 13:33 - 2009-08-26 01:39 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll 2013-09-23 13:33 - 2009-08-26 01:39 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2013-09-23 13:33 - 2009-08-26 01:39 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll 2013-09-23 13:33 - 2009-07-18 11:05 - 06017536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll 2013-09-23 13:33 - 2009-06-26 11:50 - 01215488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll 2013-09-23 13:33 - 2009-06-26 11:50 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll 2013-09-23 13:33 - 2009-03-08 14:09 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll 2013-09-23 13:33 - 2009-03-08 04:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2013-09-23 13:33 - 2009-03-08 04:34 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl 2013-09-23 13:33 - 2009-03-08 04:34 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll 2013-09-23 13:33 - 2009-03-08 04:34 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll 2013-09-23 13:33 - 2009-03-08 04:34 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll 2013-09-23 13:33 - 2009-03-08 04:33 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll 2013-09-23 13:33 - 2009-03-08 04:33 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll 2013-09-23 13:33 - 2009-03-08 04:33 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll 2013-09-23 13:33 - 2009-03-08 04:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2013-09-23 13:33 - 2009-03-08 04:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2013-09-23 13:33 - 2009-03-08 04:32 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll 2013-09-23 13:33 - 2009-03-08 04:31 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll 2013-09-23 13:33 - 2009-03-08 04:31 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll 2013-09-23 13:33 - 2009-03-08 04:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll 2013-09-23 13:33 - 2007-07-27 07:00 - 06017536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2013-09-23 13:33 - 2007-07-27 07:00 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2013-09-23 13:33 - 2007-07-27 07:00 - 01215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2013-09-23 13:33 - 2007-07-27 07:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2013-09-23 13:33 - 2007-07-27 07:00 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll 2013-09-23 13:33 - 2007-07-27 07:00 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2013-09-23 13:33 - 2007-07-27 07:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll 2013-09-23 13:33 - 2007-07-27 07:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2013-09-23 13:33 - 2007-07-27 07:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll 2013-09-23 13:33 - 2007-07-27 07:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2013-09-23 13:33 - 2007-07-27 07:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll 2013-09-23 13:33 - 2007-07-27 07:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2013-09-23 13:33 - 2007-07-27 07:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll 2013-09-23 13:06 - 2007-07-27 07:00 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2013-09-21 11:04 - 2013-09-21 11:02 - 00000000 ____D C:\Documents and Settings\zach\Desktop\Master Contacts Spreadsheet 2011 2013-09-20 16:07 - 2009-08-27 00:28 - 00000000 ____D C:\Documents and Settings\zach\My Documents\McALISTER REAL ESTATE 2013-09-20 16:01 - 2011-03-31 15:43 - 00000000 ____D C:\Program Files\FileZilla FTP Client 2013-09-20 16:01 - 2011-03-31 15:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client 2013-09-20 15:57 - 2013-09-20 15:57 - 00047616 _____ C:\Documents and Settings\zach\Desktop\Re links to stored documents.msg 2013-09-20 12:38 - 2013-09-20 12:38 - 00036864 _____ C:\Documents and Settings\zach\Desktop\MCA WEBSITE LOGIN .msg 2013-09-19 16:16 - 2013-09-18 19:08 - 00046588 _____ C:\Documents and Settings\zach\Desktop\Zach Deals - Sept 2013.xlsx 2013-09-19 12:10 - 2013-09-18 12:14 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-09-19 11:39 - 2013-09-17 15:04 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Arclab MailList Controller 2013-09-17 16:40 - 2013-09-17 16:28 - 00001456 _____ C:\Documents and Settings\zach\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs 2013-09-16 14:06 - 2011-12-07 14:53 - 00084088 _____ C:\Documents and Settings\zach\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2013-09-16 14:03 - 2009-08-26 00:34 - 00002626 _____ C:\WINDOWS\system32\CONFIG.NT 2013-09-16 13:58 - 2013-09-16 13:55 - 00000000 ____D C:\Program Files\Application Updater 2013-09-16 13:57 - 2009-11-14 21:46 - 00000000 ____D C:\Documents and Settings\postgres 2013-09-16 13:57 - 2009-08-26 00:38 - 00000000 ____D C:\Documents and Settings\Zach Jones 2013-09-16 13:57 - 2009-08-26 00:31 - 00000000 ____D C:\WINDOWS\Registration 2013-09-16 13:56 - 2009-08-25 19:25 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-09-16 13:55 - 2013-09-16 13:55 - 00000000 ____D C:\Program Files\Common Files\Spigot 2013-09-16 13:55 - 2013-09-16 13:55 - 00000000 ____D C:\Documents and Settings\zach\Local Settings\Application Data\Babylon 2013-09-16 13:55 - 2013-09-16 13:55 - 00000000 ____D C:\Documents and Settings\zach\Application Data\Search Settings 2013-09-16 13:55 - 2013-09-16 13:55 - 00000000 ____D C:\Documents and Settings\zach\Application Data\Babylon 2013-09-16 13:55 - 2013-09-16 13:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Babylon 2013-09-16 13:55 - 2013-09-16 13:54 - 00000000 ____D C:\Documents and Settings\zach\Desktop\MICROSOFT OFFICE 2010 2013-09-16 13:55 - 2009-08-26 01:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2013-09-16 13:54 - 2013-09-16 13:54 - 00000000 ____D C:\Documents and Settings\zach\Desktop\11.7ac - Aug 2013 2013-09-16 13:15 - 2013-09-16 13:15 - 00000000 ____D C:\Program Files\Constant Contact 2013-09-16 13:15 - 2013-09-16 13:15 - 00000000 ____D C:\CTCTOutlook 2013-09-16 13:11 - 2013-08-12 08:32 - 00068096 _____ C:\Documents and Settings\zach\Desktop\BCC email blast list - o Bar & River Oaks.msg 2013-09-16 12:48 - 2013-09-16 12:48 - 00016417 _____ C:\Documents and Settings\zach\Desktop\Book1.xlsx Some content of TEMP: ==================== C:\Documents and Settings\Zach Jones\Local Settings\Temp\keystone.exe C:\Documents and Settings\Zach Jones\Local Settings\Temp\nvAppBar.exe C:\Documents and Settings\Zach Jones\Local Settings\Temp\nvDspSch.exe C:\Documents and Settings\Zach Jones\Local Settings\Temp\nView.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\nViewSetup.exe C:\Documents and Settings\Zach Jones\Local Settings\Temp\nvnt4cpl.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\nvShell.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\nvTaskBar.exe C:\Documents and Settings\Zach Jones\Local Settings\Temp\nvwdmcpl.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\nvwimg.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSAR.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSCS.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSDA.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSDE.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSEL.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSENG.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSENU.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSES.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSESM.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSFI.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSFR.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSHE.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSHU.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSIT.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSJA.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSKO.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSNL.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSNO.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSPL.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSPT.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSPTB.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSRU.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSSK.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSSL.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSSV.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSTH.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSTR.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSZHC.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSZHT.dll C:\Documents and Settings\Zach Jones\Local Settings\Temp\nwiz.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013 Ran by Zach at 2013-10-15 10:18:50 Running from C:\Documents and Settings\zach\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D} ==================== Installed Programs ====================== 32 Bit HP CIO Components Installer (Version: 3.1.1) ACT! (Version: 8.0.2.0000) ACT! Premium 2006 (Version: 8.0.2.0000) Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (Version: 9.5.5) Adobe Acrobat 9.5.5 - CPSID_83708 Adobe AIR (Version: 2.5.1.17730) Adobe Color Common Settings (Version: 1.0.1) Adobe Community Help (Version: 3.0.0) Adobe Community Help (Version: 3.0.0.400) Adobe ExtendScript Toolkit 2 (Version: 2.0.2) Adobe Flash Player 11 ActiveX (Version: 11.9.900.117) Adobe Flash Player 11 Plugin (Version: 11.9.900.117) Adobe Media Player (Version: 1.8) Adobe Photoshop CS5 (Version: 12.0) Adobe Setup (Version: 1.0) Advanced SystemCare 6 (Version: 6.4) Amazon MP3 Downloader 1.0.15 (Version: 1.0.15) Apple Application Support (Version: 2.2.2) Apple Mobile Device Support (Version: 6.0.0.59) Apple Software Update (Version: 2.1.3.127) Audacity 1.2.6 AviSynth 2.5 Bonjour (Version: 3.0.0.10) Browser Defender 2.0.6.15 (Version: 2.0.6.15) CameraHelperMsi (Version: 13.31.1038.0) Cisco WebEx Meetings CompanionLink (Version: 3.00.0000) Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000) CoreAAC CutePDF Writer 3.0 (Version: 3.0) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dropbox (HKCU Version: 2.0.22) Eraser 5.8.7 (Version: Eraser 5.8.7) erLT (Version: 1.20.138.34) File Scavenger 3.2 (English) (Version: 3.2.18.0) FileZilla Client 3.7.3 (Version: 3.7.3) GOM Player (Version: 2.1.21.4846) GOM Video Converter (Version: 1.1.0.54) Google Chrome (Version: 30.0.1599.69) Google Earth (Version: 7.1.1.1888) Google Gmail Notifier Google Update Helper (Version: 1.3.21.165) Hauppauge WinTV2000 High Definition Audio Driver Package - KB888111 (Version: 20040219.000000) iCamSource (Version: 1.4.1) iExplorer 2.2.1.2 InterActual Player IObit Apps Toolbar v7.6 (Version: 7.6) iTunes (Version: 10.7.0.21) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) LAME v3.98.2 for Audacity LightScribe System Software (Version: 1.18.8.1) LightScribe Template Designs - 9 to 5 Pack 1 (Version: 1.15.0.0) LightScribe Template Designs - Art Pack 1 (Version: 1.10.16.1) LightScribe Template Designs - Grab Bag Pack 1 (Version: 1.17.0.0) LightScribe Template Designs - Street Style Pack 1 (Version: 1.17.0.0) LightScribe Template Labeler (Version: 1.18.5.1) Logitech Legacy USB Camera Driver Package (Version: 11.10.2016) Logitech Webcam Software (Version: 2.30) Logitech Webcam Software Driver Package (Version: 12.10.1110) LWS Facebook (Version: 13.31.1038.0) LWS Gallery (Version: 13.31.1038.0) LWS Help_main (Version: 13.31.1044.0) LWS Launcher (Version: 13.31.1038.0) LWS Motion Detection (Version: 13.30.1395.0) LWS Pictures And Video (Version: 13.31.1038.0) LWS Twitter (Version: 13.30.1346.0) LWS Video Mask Maker (Version: 13.30.1379.0) LWS VideoEffects (Version: 13.30.1379.0) LWS Webcam Software (Version: 13.31.1038.0) LWS WLM Plugin (Version: 1.30.1201.0) LWS YouTube Plugin (Version: 13.31.1038.0) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2833941) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729) Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (Version: 14.0.6029.1000) Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0) Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Windows Media Video 9 VCM Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053) Microsoft_VC90_ATL_x86 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (Version: 1.00.0000) Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0) Mozilla Maintenance Service (Version: 24.0) MPEG2 Codec(libmpeg2/mad) MSU Screen Capture Lossless Codec v1.2 (Remove Only) NVIDIA Control Panel 310.90 (Version: 310.90) NVIDIA Drivers (Version: 1.3) NVIDIA Graphics Driver 310.90 (Version: 310.90) NVIDIA Install Application (Version: 2.1002.95.599) NVIDIA nView 136.53 (Version: 136.53) NVIDIA nView Desktop Manager (Version: 136.53) NVIDIA PhysX (Version: 9.12.1031) NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031) NVIDIA Update 1.11.3 (Version: 1.11.3) NVIDIA Update Components (Version: 1.11.3) OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0) Opera 12.16 (Version: 12.16.1860) PDF Settings CS5 (Version: 10.0) PhotoMapper 6.1 QuickTime (Version: 7.71.80.42) Realtek High Definition Audio Driver (Version: 5.10.0.5919) Skype Toolbars (Version: 5.0.4137) Skype™ 5.10 (Version: 5.10.116) Smart Defrag 2 (Version: 2.7) SonicWALL SSL-VPN NetExtender (Version: 3.5.107) Spotify (HKCU Version: 0.8.3.222.g317ab79d) Spotify (Version: 0.5.2) Spybot - Search & Destroy (Version: 1.6.2) Spyware Doctor 7.0 (Version: 7.0) StuffIt Expander 2010 (Version: 14.0.0) System Requirements Lab TurboTax 2011 TurboTax 2011 WinPerFedFormset (Version: 011.000.3351) TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0496) TurboTax 2011 WinPerTaxSupport (Version: 011.000.0222) TurboTax 2011 wrapper (Version: 011.000.0121) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition Update for Windows Internet Explorer 8 (KB2598845) (Version: 1) Update for Windows Internet Explorer 8 (KB2632503) (Version: 1) Update for Windows Internet Explorer 8 (KB973874) (Version: 1) Update for Windows Internet Explorer 8 (KB976662) (Version: 1) Update for Windows Internet Explorer 8 (KB976749) (Version: 1) Update for Windows Internet Explorer 8 (KB980182) (Version: 1) Update for Windows XP (KB2141007) (Version: 1) Update for Windows XP (KB2345886) (Version: 1) Update for Windows XP (KB2467659) (Version: 1) Update for Windows XP (KB2492386) (Version: 1) Update for Windows XP (KB2541763) (Version: 1) Update for Windows XP (KB2607712) (Version: 1) Update for Windows XP (KB2616676-v2) (Version: 2) Update for Windows XP (KB2641690) (Version: 1) Update for Windows XP (KB2661254-v2) (Version: 2) Update for Windows XP (KB2718704) (Version: 1) Update for Windows XP (KB2736233) (Version: 1) Update for Windows XP (KB2749655) (Version: 1) Update for Windows XP (KB2808679) (Version: 1) Update for Windows XP (KB2863058) (Version: 1) Update for Windows XP (KB943729) Update for Windows XP (KB951978) (Version: 1) Update for Windows XP (KB955759) (Version: 1) Update for Windows XP (KB967715) (Version: 1) Update for Windows XP (KB968389) (Version: 1) Update for Windows XP (KB971029) (Version: 1) Update for Windows XP (KB971737) (Version: 1) Update for Windows XP (KB973687) (Version: 1) Update for Windows XP (KB973815) (Version: 1) Veetle TV 0.9.17 (Version: 0.9.17) WebFldrs XP (Version: 9.50.7523) Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2) Windows Installer Clean Up (Version: 3.00.00.0000) Windows Internet Explorer 8 (Version: 20090308.140743) Windows Management Framework Core Windows Media Encoder 9 Series Windows Media Encoder 9 Series (Version: 9.00.2980) Windows Migration Assistant (Version: 1.0.1.3) Windows Search 4.0 (Version: 04.00.6001.503) Windows XP Service Pack 3 (Version: 20080414.031525) WinRAR archiver ==================== Restore Points ========================= 29-07-2013 15:26:36 System Checkpoint 08-08-2013 14:25:22 Installed Java 7 Update 25 13-08-2013 22:58:34 Installed Windows XP KB2849470. 13-08-2013 22:59:42 Installed Windows XP KB2859537. 13-08-2013 23:01:02 Installed Windows XP KB2862772. 13-08-2013 23:02:20 Installed Windows XP KB2863058. 13-08-2013 23:03:25 Installed Windows XP KB2850869. 14-08-2013 14:26:38 Software Distribution Service 3.0 15-08-2013 14:47:25 Software Distribution Service 3.0 26-08-2013 01:23:28 Printer Driver CutePDF Writer Installed 27-08-2013 18:32:26 Software Distribution Service 3.0 28-08-2013 17:39:06 Installed Microsoft Office Home and Student 2010 28-08-2013 17:48:00 Printer Driver Send To Microsoft OneNote 2010 Driver Installed 28-08-2013 19:36:25 Software Distribution Service 3.0 28-08-2013 22:56:13 Installed Microsoft Office Professional Plus 2010 28-08-2013 23:06:52 Printer Driver Send To Microsoft OneNote 2010 Driver Installed 28-08-2013 23:45:10 Software Distribution Service 3.0 29-08-2013 14:54:53 Software Distribution Service 3.0 29-08-2013 17:14:32 Installed Windows XP KB915800-v4. 29-08-2013 17:15:03 Installed Windows XP Windows Search 4.0. 30-08-2013 08:00:20 Software Distribution Service 3.0 11-09-2013 08:01:15 Software Distribution Service 3.0 11-09-2013 19:09:28 Configured Microsoft Office Home and Student 2010 12-09-2013 08:00:39 Software Distribution Service 3.0 12-09-2013 18:45:11 Software Distribution Service 3.0 12-09-2013 20:55:05 Software Distribution Service 3.0 13-09-2013 18:24:31 Software Distribution Service 3.0 14-09-2013 11:41:53 Removed Microsoft Office Standard Edition 2003 14-09-2013 11:44:46 Removed Microsoft Office Home and Student 2010 14-09-2013 13:19:05 Configured Microsoft Office Professional Plus 2010 14-09-2013 14:12:38 Configured Microsoft Office Professional Plus 2010 16-09-2013 18:15:05 Installed Constant Contact QuickImport v2 for Outlook 16-09-2013 18:53:06 Restore Operation 17-09-2013 20:20:38 Installed Microsoft Visual C++ 2005 Redistributable 11-10-2013 08:00:39 Software Distribution Service 3.0 13-10-2013 19:03:01 Oct13,2013-Registry Backup 14-10-2013 18:01:47 Removed KODAK Gallery Upload Software 14-10-2013 18:05:21 Removed Safari 14-10-2013 18:24:38 Software Distribution Service 3.0 ==================== Hosts content: ========================== 2007-07-27 07:00 - 2013-09-14 07:07 - 00451028 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 www.123fporn.info 127.0.0.1 123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe Task: C:\WINDOWS\Tasks\AWC AutoSweep.job => C:\Program Files\IObit\Advanced SystemCare 3\AutoSweep.exe Task: C:\WINDOWS\Tasks\AWC Update.job => C:\Program Files\IObit\Advanced SystemCare 3\IObitUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cd6012f20be5da.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1ce527716cde060.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\SmartDefragUpdate.job => C:\Program Files\IObit\Smart Defrag 2\AutoUpdate.exe Task: C:\WINDOWS\Tasks\SmartDefrag_Startup.job => C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe ==================== Loaded Modules (whitelisted) ============= 2013-03-12 12:55 - 2013-01-15 18:47 - 00517440 _____ () C:\Program Files\IObit\Advanced SystemCare 6\sqlite3.dll 2013-10-14 13:42 - 2013-10-14 03:46 - 02105856 _____ () C:\Program Files\Alwil Software\Avast5\defs\13101400\algo.dll 2013-08-25 20:23 - 2012-10-04 19:50 - 00088688 _____ () C:\WINDOWS\system32\cpwmon2k.dll 2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2010-06-16 23:42 - 2010-01-22 09:55 - 00767952 _____ () C:\WINDOWS\BDTSupport.dll 2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2009-08-26 02:50 - 2012-12-29 05:31 - 01564008 _____ () C:\Program Files\NVIDIA Corporation\nView\nview.dll 2010-10-04 13:58 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll 2013-03-12 12:55 - 2013-01-15 18:47 - 00143168 _____ () C:\Program Files\IObit\Advanced SystemCare 6\ASCExtMenu.dll 2013-08-07 14:25 - 2013-08-07 14:25 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll 2009-08-26 02:50 - 2012-12-29 05:31 - 00357224 _____ () C:\Program Files\NVIDIA Corporation\nView\nvshell.dll 2013-01-23 14:25 - 2009-02-27 16:39 - 00019968 _____ () C:\PROGRAM FILES\ADOBE\ACROBAT 9.0\ACROBAT\AcroTray.DEU 2013-01-23 14:25 - 2009-02-27 16:32 - 00020480 _____ () C:\PROGRAM FILES\ADOBE\ACROBAT 9.0\ACROBAT\AcroTray.FRA 2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf 2012-03-28 10:35 - 2012-03-06 17:46 - 00603648 _____ () C:\Program Files\Alwil Software\Avast5\aswOtl.dll 2010-12-21 01:15 - 2010-12-21 01:15 - 01041248 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll 2007-07-27 07:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll 2007-07-27 07:00 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2011-01-28 17:42 - 2013-09-03 17:25 - 00835584 _____ () C:\Program Files\Opera\gstreamer\gstreamer.dll 2011-01-28 17:42 - 2013-09-03 17:25 - 00093696 _____ () C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll 2011-01-28 17:42 - 2013-09-03 17:25 - 00094208 _____ () C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll 2011-01-28 17:42 - 2013-09-03 17:25 - 00057344 _____ () C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll 2011-12-07 14:57 - 2013-09-03 17:25 - 00096256 _____ () C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll 2011-01-28 17:42 - 2013-09-03 17:25 - 00062976 _____ () C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll 2011-01-28 17:42 - 2013-09-03 17:25 - 00067072 _____ () C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll 2011-01-28 17:42 - 2013-09-03 17:25 - 00158208 _____ () C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll 2011-01-28 17:42 - 2013-09-03 17:25 - 00312832 _____ () C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll 2011-01-28 17:42 - 2013-09-03 17:25 - 00038912 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll 2011-01-28 17:42 - 2013-09-03 17:25 - 00073728 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll 2011-01-28 17:42 - 2013-09-03 17:25 - 00101888 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll 2013-10-11 15:37 - 2013-10-11 15:37 - 16233864 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 AlternateDataStreams: C:\Documents and Settings\zach\My Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38} ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""="" ==================== Faulty Device Manager Devices ============= Name: NVIDIA nForce 10/100 Mbps Ethernet #2 Description: NVIDIA nForce Networking Controller Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: NVIDIA Service: NVENETFD Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (10/15/2013 06:04:21 AM) (Source: AutoEnrollment) (User: ) Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. Error: (10/14/2013 10:05:28 PM) (Source: AutoEnrollment) (User: ) Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. Error: (10/14/2013 02:05:22 PM) (Source: Userenv) (User: NT AUTHORITY) Description: Windows cannot obtain the domain controller name for your computer network. (The network location cannot be reached. For information about network troubleshooting, see Windows Help. ). Group Policy processing aborted. Error: (10/14/2013 01:38:18 PM) (Source: Application Error) (User: ) Description: Faulting application dropbox.exe, version 2.0.22.0, faulting module libcef.dll, version 1.1364.1123.0, fault address 0x0005fba7. Processing media-specific event for [dropbox.exe!ws!] Error: (10/14/2013 01:27:38 PM) (Source: Userenv) (User: NT AUTHORITY) Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. Error: (10/14/2013 01:27:30 PM) (Source: ACT! Scheduler) (User: ) Description: Service cannot be started. System.Exception: Unable to get scheduler configuration. Object reference not set to an instance of an object. at Act.Scheduler.SchedulerService.GetSchedulerConfiguration() at Act.Scheduler.SchedulerService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (10/14/2013 01:27:30 PM) (Source: AutoEnrollment) (User: ) Description: Automatic certificate enrollment for local system failed to contact the active directory (0x800704cf). The network location cannot be reached. For information about network troubleshooting, see Windows Help. Enrollment will not be performed. Error: (10/14/2013 01:27:30 PM) (Source: Userenv) (User: NT AUTHORITY) Description: Windows cannot obtain the domain controller name for your computer network. (The network location cannot be reached. For information about network troubleshooting, see Windows Help. ). Group Policy processing aborted. Error: (10/14/2013 00:21:28 PM) (Source: AutoEnrollment) (User: ) Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. Error: (10/14/2013 04:21:28 AM) (Source: AutoEnrollment) (User: ) Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. System errors: ============= Error: (10/14/2013 03:15:55 PM) (Source: 0) (User: ) Description: \Device\Ide\IdePort2 Error: (10/14/2013 03:14:35 PM) (Source: 0) (User: ) Description: \Device\Ide\IdePort2 Error: (10/14/2013 03:08:38 PM) (Source: 0) (User: ) Description: \Device\Ide\IdePort2 Error: (10/14/2013 03:08:34 PM) (Source: 0) (User: ) Description: \Device\Ide\IdePort2 Error: (10/14/2013 03:08:32 PM) (Source: 0) (User: ) Description: \Device\Ide\IdePort2 Error: (10/14/2013 03:08:28 PM) (Source: 0) (User: ) Description: \Device\Ide\IdePort2 Error: (10/14/2013 03:08:27 PM) (Source: 0) (User: ) Description: \Device\Ide\IdePort2 Error: (10/14/2013 03:08:22 PM) (Source: 0) (User: ) Description: \Device\Ide\IdePort2 Error: (10/14/2013 03:08:21 PM) (Source: 0) (User: ) Description: \Device\Ide\IdePort2 Error: (10/14/2013 03:08:16 PM) (Source: 0) (User: ) Description: \Device\Ide\IdePort2 Microsoft Office Sessions: ========================= Error: (10/15/2013 06:04:21 AM) (Source: AutoEnrollment)(User: ) Description: local system0x8007054bThe specified domain either does not exist or could not be contacted. Error: (10/14/2013 10:05:28 PM) (Source: AutoEnrollment)(User: ) Description: local system0x8007054bThe specified domain either does not exist or could not be contacted. Error: (10/14/2013 02:05:22 PM) (Source: Userenv)(User: NT AUTHORITY) Description: The network location cannot be reached. For information about network troubleshooting, see Windows Help. Error: (10/14/2013 01:38:18 PM) (Source: Application Error)(User: ) Description: dropbox.exe2.0.22.0libcef.dll1.1364.1123.00005fba7 Error: (10/14/2013 01:27:38 PM) (Source: Userenv)(User: NT AUTHORITY) Description: The specified domain either does not exist or could not be contacted. Error: (10/14/2013 01:27:30 PM) (Source: ACT! Scheduler)(User: ) Description: Service cannot be started. System.Exception: Unable to get scheduler configuration. Object reference not set to an instance of an object. at Act.Scheduler.SchedulerService.GetSchedulerConfiguration() at Act.Scheduler.SchedulerService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (10/14/2013 01:27:30 PM) (Source: AutoEnrollment)(User: ) Description: local system0x800704cfThe network location cannot be reached. For information about network troubleshooting, see Windows Help. Error: (10/14/2013 01:27:30 PM) (Source: Userenv)(User: NT AUTHORITY) Description: The network location cannot be reached. For information about network troubleshooting, see Windows Help. Error: (10/14/2013 00:21:28 PM) (Source: AutoEnrollment)(User: ) Description: local system0x8007054bThe specified domain either does not exist or could not be contacted. Error: (10/14/2013 04:21:28 AM) (Source: AutoEnrollment)(User: ) Description: local system0x8007054bThe specified domain either does not exist or could not be contacted. ==================== Memory info =========================== Percentage of memory in use: 40% Total physical RAM: 3582.28 MB Available physical RAM: 2137.88 MB Total Pagefile: 5464.16 MB Available Pagefile: 4085.88 MB Total Virtual: 2047.88 MB Available Virtual: 1947.98 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:452.59 GB) (Free:185.7 GB) NTFS Drive h: (FACTORY_IMAGE) (Fixed) (Total:13.16 GB) (Free:1.71 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 1549F232) Partition 1: (Not Active) - (Size=453 GB) - (Type=OF Extended) Partition 2: (Active) - (Size=13 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  13. Hi, I am unable to run Malwarebytes Anti-Malware (or avast! anti-virus). I get a pop up telling me that "Windows cannot open this program because it has been prevented by a software restriction policy." Computer is XP Pro SP3 I have admin permissions, should not have any permission issues. Not sure how to proceed, any help would be greatly appreciated. dds.txt: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.7.0_25 Run by Zach at 10:27:09 on 2013-10-14 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2106 [GMT -5:00] . AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes ================ . C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Application Updater\ApplicationUpdater.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\WINDOWS\system32\CSHelper.exe C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe C:\WINDOWS\system32\UTSCSI.EXE C:\WINDOWS\System32\alg.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\WINDOWS\Explorer.EXE C:\program files\itunes\ituneshelper.exe C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe C:\Program Files\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\Opera\opera.exe C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Microsoft Office\Office14\EXCEL.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k LocalService . ============== Pseudo HJT Report =============== . uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\7.6\iobitappsToolbarIE.dll BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\7.6\iobitappsToolbarIE.dll BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned> BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - <orphaned> BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced systemcare 6\browerprotect\ASCPlugin_Protection.dll BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {D5233FCD-D258-4903-89B8-FB1568E7413D} - BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\7.6\iobitappsToolbarIE.dll EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart uRun: [spotify Web Helper] "c:\program files\spotify\data\SpotifyWebHelper.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [iTunesHelper] c:\program files\itunes\ituneshelper.exe mRun: [Adobe Acrobat Speed Launcher] c:\program files\adobe\acrobat 9.0\acrobat\acrobat_sl.exe mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [searchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe" mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui StartupFolder: c:\docume~1\zach\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\zach\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\docume~1\zach\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:255 uPolicies-Explorer: _NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoWelcomeScreen = dword:1 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - c:\program files\smartwhois\swmsie.exe IE: {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - c:\program files\smartwhois\swmsie.exe LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.1.254 TCP: Interfaces\{AB598B63-2B22-4972-9186-CE0D108A0D23} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{C092A89C-E2E2-4B52-97CC-C30899752BAA} : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: AtiExtEvent - <no file> AppInit_DLLs= acaptuser32.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\zach\application data\mozilla\firefox\profiles\m07w8cxa.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - component: c:\program files\iobit apps toolbar\ff\components\iobitappsFF.dll FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll FF - plugin: c:\program files\iobit\advanced systemcare 6\browerprotect\np_Asc_plugin.dll FF - plugin: c:\program files\iobit\advanced systemcare 6\browerprotect\NPASCSafariPluginProtect.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll FF - ExtSQL: 2013-09-04 10:03; {badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}; c:\documents and settings\zach\application data\mozilla\firefox\profiles\m07w8cxa.default\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9} FF - ExtSQL: 2013-09-13 08:11; ascsurfingprotection@iobit.com; c:\documents and settings\zach\application data\mozilla\firefox\profiles\m07w8cxa.default\extensions\ascsurfingprotection@iobit.com FF - ExtSQL: !HIDDEN! 2009-09-02 12:26; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: browser.xul.error_pages.enabled - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.maxtextrun - 8191 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: content.max.tokenizing.time - 2250000 . ============= SERVICES / DRIVERS =============== . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-16 217032] R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2013-4-3 14776] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-17 729752] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-4 355632] R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2013-3-12 574272] R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2013-9-2 807800] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-4 21256] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-6-16 112592] R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-1-14 266240] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-2-6 13672] R2 MSSQL$ACT7;MSSQL$ACT7;c:\program files\microsoft sql server\mssql$act7\binn\sqlservr.exe -sact7 --> c:\program files\microsoft sql server\mssql$act7\binn\sqlservr.exe -sACT7 [?] R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848] R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2009-2-23 20504] S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2009-8-26 53248] S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-4 44808] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] S3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [2009-8-26 472644] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-6-16 366840] S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-6-16 1142224] S3 SQLAgent$ACT7;SQLAgent$ACT7;c:\program files\microsoft sql server\mssql$act7\binn\sqlagent.exe -i act7 --> c:\program files\microsoft sql server\mssql$act7\binn\sqlagent.EXE -i ACT7 [?] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-8-5 11520] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2007-7-27 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856] . =============== File Associations =============== . .txt: <filetype is not registered> .js: <filetype is not registered> . =============== Created Last 30 ================ . 2013-10-13 20:32:09 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2013-10-11 20:37:25 17813896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2013-10-10 15:19:59 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys 2013-10-10 15:17:54 46848 -c----w- c:\windows\system32\dllcache\irbus.sys 2013-10-10 15:17:54 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys 2013-10-10 15:16:26 5376 -c----w- c:\windows\system32\dllcache\usbd.sys 2013-10-10 15:16:26 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys 2013-10-10 15:16:26 144128 -c----w- c:\windows\system32\dllcache\usbport.sys 2013-09-16 18:57:02 -------- d-----w- c:\windows\system32\wbem\repository\FS 2013-09-16 18:57:02 -------- d-----w- c:\windows\system32\wbem\Repository 2013-09-16 18:55:32 -------- d-----w- c:\program files\Application Updater 2013-09-16 18:55:32 -------- d-----w- c:\documents and settings\zach\local settings\application data\Babylon 2013-09-16 18:55:32 -------- d-----w- c:\documents and settings\zach\application data\Search Settings 2013-09-16 18:55:32 -------- d-----w- c:\documents and settings\zach\application data\Babylon 2013-09-16 18:55:32 -------- d-----w- c:\documents and settings\all users\application data\Babylon 2013-09-16 18:55:31 -------- d-----w- c:\program files\common files\Spigot 2013-09-16 18:15:54 -------- d-----w- C:\CTCTOutlook 2013-09-16 18:15:06 -------- d-----w- c:\program files\Constant Contact . ==================== Find3M ==================== . 2013-10-11 20:37:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-10-11 20:37:29 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-10-07 18:56:36 1786 --sha-w- c:\windows\system32\KGyGaAvL.sys 2013-09-23 18:33:58 920064 ----a-w- c:\windows\system32\wininet.dll 2013-09-23 18:33:57 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-09-23 18:33:57 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-09-23 18:33:56 18944 ----a-w- c:\windows\system32\corpol.dll 2013-09-23 18:06:48 385024 ----a-w- c:\windows\system32\html.iec 2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys 2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll 2013-08-09 00:55:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-08-09 00:55:07 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-08-09 00:55:06 5376 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-08-08 14:25:37 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-08-08 14:25:31 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-08-08 14:25:29 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll 2013-07-31 20:11:22 810496 ----a-w- c:\windows\system32\wmvdmod.dll 2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\SET132.tmp 2013-07-26 02:47:17 1215488 ----a-w- c:\windows\system32\SET133.tmp 2013-07-26 02:47:17 105984 ----a-w- c:\windows\system32\SET134.tmp 2013-07-26 02:47:16 6017536 ----a-w- c:\windows\system32\SET138.tmp 2013-07-26 02:47:14 630272 ----a-w- c:\windows\system32\SET13A.tmp 2013-07-26 02:47:14 55296 ----a-w- c:\windows\system32\SET139.tmp 2013-07-26 02:47:12 2005504 ----a-w- c:\windows\system32\SET13E.tmp 2013-07-26 02:47:10 11113472 ----a-w- c:\windows\system32\SET140.tmp 2013-07-19 06:18:04 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-07-17 00:58:17 123008 ------w- c:\windows\system32\drivers\usbvideo.sys 2013-07-17 00:58:06 46848 ------w- c:\windows\system32\drivers\irbus.sys 2013-07-17 00:58:03 60160 ----a-w- c:\windows\system32\drivers\usbaudio.sys . ============= FINISH: 10:28:15.87 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.