kahnark89

we use avg free edition on our computers here. I had to uninstall it so we could run most of these malware removal programs. I reinstalled it after we ran the last combofix and the person that uses this computer told me that AVG said that it blocked 2 potential threats this morning and she hasn't seen any of the pesky pop up windows. I didnt see the notification but is there i way i can go back and look at the avg logs or something to get a clue to what it is detecting?

The computer has Internet explorer and google chrome. these random download windows pop up at the desktop without any programs running and no user input. its not happening in the browser itself unless its somehow running undetected in the background

It seems like everything is running fine but then we keep getting download windows that pop up from random video advertising sites.(liverail.com) when we hit cancel they would reappear instantly. then they just went off by themselves here is the report that combofix produced: Adobe Flash Player 10 PluginAdobe Flash Player 11 ActiveXAdobe Reader X (10.1.9)ArcSoft PhotoStudio 6AVG 2011Canon D460-490Canon MF Toolbox 4.9.1.1.mf07Compatibility Pack for the 2007 Office systemDell C3765dnf Color MFP Address Book Editor Ver.1.0.0.1Dell C3765dnf Color MFP ScanButton Manager Ver.1.0.0.1Dell C3765dnf Multifunction Color Laser Printer Scanner DriverDell Printer SoftwareFunambol Outlook Sync Client 8.2.7Google ChromeHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB2756822)Hotfix for Windows XP (KB2779562)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)HP Photo CreationsHP Software UpdateLogMeInMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Office Professional Edition 2003Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Works 6-9 ConverterMicrosoft Works 7.0MSNNuance Cloud ConnectorNuance PaperPort 14Nuance PDF Create 7Nuance PDF Viewer PlusNVIDIA DriversPaperPort Image PrinterPlatformPrintScreenRealtek High Definition Audio DriverScansoft PDF CreateSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)Security Update for Microsoft Windows (KB2564958)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2699988)Security Update for Windows Internet Explorer 8 (KB2722913)Security Update for Windows Internet Explorer 8 (KB2744842)Security Update for Windows Internet Explorer 8 (KB2761465)Security Update for Windows Internet Explorer 8 (KB2792100)Security Update for Windows Internet Explorer 8 (KB2797052)Security Update for Windows Internet Explorer 8 (KB2799329)Security Update for Windows Internet Explorer 8 (KB2809289)Security Update for Windows Internet Explorer 8 (KB2817183)Security Update for Windows Internet Explorer 8 (KB2829530)Security Update for Windows Internet Explorer 8 (KB2838727)Security Update for Windows Internet Explorer 8 (KB2846071)Security Update for Windows Internet Explorer 8 (KB2847204)Security Update for Windows Internet Explorer 8 (KB2862772)Security Update for Windows Internet Explorer 8 (KB2870699)Security Update for Windows Internet Explorer 8 (KB2879017)Security Update for Windows Internet Explorer 8 (KB2888505)Security Update for Windows Internet Explorer 8 (KB2898785)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB2834904-v2)Security Update for Windows Media Player (KB2834904)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2655992)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2685939)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2691442)Security Update for Windows XP (KB2695962)Security Update for Windows XP (KB2698365)Security Update for Windows XP (KB2705219)Security Update for Windows XP (KB2707511)Security Update for Windows XP (KB2709162)Security Update for Windows XP (KB2712808)Security Update for Windows XP (KB2718523)Security Update for Windows XP (KB2719985)Security Update for Windows XP (KB2723135)Security Update for Windows XP (KB2724197)Security Update for Windows XP (KB2727528)Security Update for Windows XP (KB2731847)Security Update for Windows XP (KB2753842-v2)Security Update for Windows XP (KB2753842)Security Update for Windows XP (KB2757638)Security Update for Windows XP (KB2758857)Security Update for Windows XP (KB2761226)Security Update for Windows XP (KB2770660)Security Update for Windows XP (KB2778344)Security Update for Windows XP (KB2779030)Security Update for Windows XP (KB2780091)Security Update for Windows XP (KB2799494)Security Update for Windows XP (KB2802968)Security Update for Windows XP (KB2807986)Security Update for Windows XP (KB2808735)Security Update for Windows XP (KB2813170)Security Update for Windows XP (KB2813345)Security Update for Windows XP (KB2820197)Security Update for Windows XP (KB2820917)Security Update for Windows XP (KB2829361)Security Update for Windows XP (KB2834886)Security Update for Windows XP (KB2839229)Security Update for Windows XP (KB2845187)Security Update for Windows XP (KB2847311)Security Update for Windows XP (KB2849470)Security Update for Windows XP (KB2850851)Security Update for Windows XP (KB2850869)Security Update for Windows XP (KB2859537)Security Update for Windows XP (KB2862152)Security Update for Windows XP (KB2862330)Security Update for Windows XP (KB2862335)Security Update for Windows XP (KB2864063)Security Update for Windows XP (KB2868038)Security Update for Windows XP (KB2868626)Security Update for Windows XP (KB2876217)Security Update for Windows XP (KB2876315)Security Update for Windows XP (KB2876331)Security Update for Windows XP (KB2883150)Security Update for Windows XP (KB2892075)Security Update for Windows XP (KB2893294)Security Update for Windows XP (KB2893984)Security Update for Windows XP (KB2898715)Security Update for Windows XP (KB2900986)Security Update for Windows XP (KB2914368)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982665)System Requirements LabUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Windows XP (KB2345886)Update for Windows XP (KB2661254-v2)Update for Windows XP (KB2718704)Update for Windows XP (KB2736233)Update for Windows XP (KB2749655)Update for Windows XP (KB2863058)Update for Windows XP (KB2904266)Update for Windows XP (KB898461)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB973687)Update for Windows XP (KB973815)VIA Platform Device ManagerWebFldrs XPWindows Internet Explorer 8Windows Media Format 11 runtimeWindows XP Service Pack 3

The computer seems to be running fine with no sign of the issues arising all day. i ran mbar and it came back with a message that said "No malware found." there was no log report when i closed the program. I ran rougue killer and it found 1 bad process. here is the log: RogueKiller V8.8.4 [Jan 27 2014] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser : user [Admin rights]Mode : DNSFix -- Date : 01/28/2014 15:19:27| ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤[sUSP PATH] agent.exe -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ Finished : << RKreport[0]_DN_01282014_151927.txt >>RKreport[0]_D_01282014_151920.txt;RKreport[0]_H_01282014_151926.txt;RKreport[0]_S_01282014_151650.txt

this morning i noticed a warning message saying: "explorer.exe has referenced instruction ------------ at memory location --------. the instruction is no longer there." Or something along those lines. I have not seen any other pop ups so far this morning but as i pointed out before, they seem to happen at random times so i will inform you of any updates. I ran combofix again as you instructed. Here is the log: ComboFix 14-01-27.02 - user 01/28/2014 8:13.4.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2430.1774 [GMT -6:00]Running from: c:\documents and settings\user\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\user\Desktop\CFScript.txt..((((((((((((((((((((((((( Files Created from 2013-12-28 to 2014-01-28 )))))))))))))))))))))))))))))))..2014-01-27 15:40 . 2014-01-27 15:40 -------- d-----w- C:\FRST2014-01-23 21:57 . 2014-01-27 20:29 -------- d-----w- C:\AdwCleaner2014-01-17 16:44 . 2014-01-17 16:44 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes2014-01-17 16:43 . 2014-01-17 18:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2014-01-17 16:43 . 2014-01-17 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2014-01-17 16:43 . 2013-04-04 20:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-01-21 21:59 . 2011-01-11 17:56 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll2014-01-21 21:59 . 2011-01-11 17:56 53064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll2014-01-21 21:59 . 2011-01-11 17:56 31560 ----a-w- c:\windows\system32\LMIport.dll2014-01-21 21:59 . 2011-01-11 17:55 85832 ----a-w- c:\windows\system32\LMIinit.dll2014-01-17 18:27 . 2004-08-04 06:56 33280 ----a-w- c:\windows\system32\rundll32.exe2013-12-12 18:31 . 2011-01-11 17:56 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak2013-12-12 18:31 . 2011-01-11 17:55 85832 ----a-w- c:\windows\system32\LMIinit.dll.000.bak2013-12-11 16:34 . 2012-07-19 21:42 692616 -c--a-w- c:\windows\system32\FlashPlayerApp.exe2013-12-11 16:34 . 2011-06-07 14:08 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-12-11 16:34 . 2013-09-11 00:34 8699272 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe2013-11-27 20:21 . 2001-08-23 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys2013-11-13 02:59 . 2004-08-04 06:56 150528 ----a-w- c:\windows\system32\imagehlp.dll2013-11-07 05:38 . 2004-08-04 06:56 591360 ----a-w- c:\windows\system32\rpcrt4.dll2013-11-06 01:03 . 2012-06-27 08:01 7168 ----a-w- c:\windows\system32\xpsp4res.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]2011-09-30 03:27 198512 ----a-w- c:\program files\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]2011-09-30 03:30 194416 ----a-w- c:\program files\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2011-01-11 29896704]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976]"PaperPort PTD"="c:\program files\Dell Printers\paperport\PaperPort\pptd40nt.exe" [2011-11-17 38848]"IndexSearch"="c:\program files\Dell Printers\paperport\PaperPort\IndexSearch.exe" [2011-11-17 51136]"PDFProHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro7hook.exe" [2011-07-01 607592]"PDFCreHook"="c:\program files\Dell Printers\paperport\PDFCreate\pdfcreate7hook.exe" [2011-06-28 605032]"PDF7 Registry Controller"="c:\program files\Dell Printers\paperport\PDFCreate\RegistryController.exe" [2011-06-28 140136]"DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2012-04-11 902536]"DLUPDR"="c:\program files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE" [2012-04-11 1099072]"DLQLU"="c:\program files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE" [2012-04-11 1082688].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360].c:\documents and settings\All Users\Start Menu\Programs\Startup\Nuance Cloud Connector.lnk - c:\program files\Nuance\Nuance Cloud Connector\GladLauncher.exe [2011-9-29 87920].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]2014-01-21 21:59 85832 ----a-w- c:\windows\system32\LMIinit.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv13F4]@="service".[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]c:\windows\system32\dumprep 0 -u [X].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Nuance\\Nuance Cloud Connector\\GladinetClient.exe"="c:\\Program Files\\Nuance\\Nuance Cloud Connector\\WOSVSSSvr.exe"="c:\\Program Files\\Nuance\\Nuance Cloud Connector\\WOSVSSSvr2003.exe"="c:\\Program Files\\Nuance\\Nuance Cloud Connector\\WOSVSSSvrXP32.exe"=.R2 ADExchange;ArcSoft Exchange Service;c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2/16/2012 10:46 AM 43112]R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [10/23/2013 4:15 PM 226696]R2 GladFileMonSvc;GladFileMonSvc;c:\program files\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [9/29/2011 9:35 PM 29552]R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/8/2010 1:11 PM 375120]R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 3:40 PM 13624]R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Dell Printers\paperport\PaperPort\PDFProFiltSrvPP.exe [1/3/2012 11:58 AM 219496]R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [7/12/2008 4:20 PM 279680]S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]S4 srv13F4;srv13F4;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336].HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcssrv13F4.Contents of the 'Scheduled Tasks' folder.2014-01-28 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-19 16:34].2014-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-179605362-839522115-1003Core.job- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-31 04:35].2014-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-179605362-839522115-1003UA.job- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-31 04:35].2014-01-28 c:\windows\Tasks\HP Photo Creations Communicator.job- c:\documents and settings\All Users\Application Data\HP Photo Creations\Communicator.exe [2013-10-25 13:22].2014-01-27 c:\windows\Tasks\User_Feed_Synchronization-{E7F8C04E-25CA-4973-A8ED-8A0F032B93A4}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]..------- Supplementary Scan -------.uInternet Connection Wizard,ShellNext = iexploreIE: Append the content of the link to existing PDF file - c:\program files\Dell Printers\paperport\PDFCreate\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTMLIE: Append the content of the selected links to existing PDF file - c:\program files\Dell Printers\paperport\PDFCreate\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTMLIE: Append to existing PDF file - c:\program files\Dell Printers\paperport\PDFCreate\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTMLIE: Create PDF file - c:\program files\Dell Printers\paperport\PDFCreate\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTMLIE: Create PDF file from the content of the link - c:\program files\Dell Printers\paperport\PDFCreate\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTMLIE: Create PDF files from the selected links - c:\program files\Dell Printers\paperport\PDFCreate\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTMLIE: Open with PDF Viewer 7 - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htmTCP: DhcpNameServer = 192.168.2.1..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2014-01-28 08:16Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srv13F4]"servicedll"="\\?\globalroot\Device\HarddiskVolume1\DOCUME~1\user\LOCALS~1\Temp\srv13F4.tmp".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(452)c:\windows\system32\LMIinit.dllc:\windows\system32\LMIRfsClientNP.dll.- - - - - - - > 'explorer.exe'(552)c:\windows\system32\WININET.dllc:\program files\Nuance\Nuance Cloud Connector\GlOverlayIcon.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dllc:\program files\Nuance\Nuance Cloud Connector\GlOverlayIconU.dllc:\windows\system32\webcheck.dllc:\windows\system32\IEFRAME.dllc:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLLc:\windows\system32\mshtml.dllc:\windows\system32\msls31.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.- - - - - - - > 'explorer.exe'(844)c:\windows\system32\WININET.dllc:\windows\system32\ieframe.dllc:\windows\system32\mshtml.dllc:\windows\system32\msls31.dll.Completion time: 2014-01-28 08:17:17ComboFix-quarantined-files.txt 2014-01-28 14:17ComboFix2.txt 2014-01-27 22:52ComboFix3.txt 2014-01-17 20:48.Pre-Run: 42,789,658,624 bytes freePost-Run: 42,852,691,968 bytes free.- - End Of File - - 4EC2B4A1FD95EB77B17B5E737F49710E8F558EB6672622401DA993E1E865C861

I ran combofix at the last minute this afternoon. I will post the log file now and check on how the computer is running in the morning Here is the log from combofix: ComboFix 14-01-27.02 - user 01/27/2014 16:41:47.3.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2430.1798 [GMT -6:00]Running from: c:\documents and settings\user\Desktop\ComboFix.exe..((((((((((((((((((((((((( Files Created from 2013-12-27 to 2014-01-27 )))))))))))))))))))))))))))))))..2014-01-27 15:40 . 2014-01-27 15:40 -------- d-----w- C:\FRST2014-01-23 21:57 . 2014-01-27 20:29 -------- d-----w- C:\AdwCleaner2014-01-17 16:44 . 2014-01-17 16:44 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes2014-01-17 16:43 . 2014-01-17 18:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2014-01-17 16:43 . 2014-01-17 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2014-01-17 16:43 . 2013-04-04 20:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-01-21 21:59 . 2011-01-11 17:56 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll2014-01-21 21:59 . 2011-01-11 17:56 53064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll2014-01-21 21:59 . 2011-01-11 17:56 31560 ----a-w- c:\windows\system32\LMIport.dll2014-01-21 21:59 . 2011-01-11 17:55 85832 ----a-w- c:\windows\system32\LMIinit.dll2014-01-17 18:27 . 2004-08-04 06:56 33280 ----a-w- c:\windows\system32\rundll32.exe2013-12-12 18:31 . 2011-01-11 17:56 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak2013-12-12 18:31 . 2011-01-11 17:55 85832 ----a-w- c:\windows\system32\LMIinit.dll.000.bak2013-12-11 16:34 . 2012-07-19 21:42 692616 -c--a-w- c:\windows\system32\FlashPlayerApp.exe2013-12-11 16:34 . 2011-06-07 14:08 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-12-11 16:34 . 2013-09-11 00:34 8699272 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe2013-11-27 20:21 . 2001-08-23 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys2013-11-13 02:59 . 2004-08-04 06:56 150528 ----a-w- c:\windows\system32\imagehlp.dll2013-11-07 05:38 . 2004-08-04 06:56 591360 ----a-w- c:\windows\system32\rpcrt4.dll2013-11-06 01:03 . 2012-06-27 08:01 7168 ----a-w- c:\windows\system32\xpsp4res.dll2013-10-30 02:26 . 2004-08-04 05:17 1879040 ----a-w- c:\windows\system32\win32k.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]2011-09-30 03:27 198512 ----a-w- c:\program files\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]2011-09-30 03:30 194416 ----a-w- c:\program files\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2011-01-11 29896704]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976]"PaperPort PTD"="c:\program files\Dell Printers\paperport\PaperPort\pptd40nt.exe" [2011-11-17 38848]"IndexSearch"="c:\program files\Dell Printers\paperport\PaperPort\IndexSearch.exe" [2011-11-17 51136]"PDFProHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro7hook.exe" [2011-07-01 607592]"PDFCreHook"="c:\program files\Dell Printers\paperport\PDFCreate\pdfcreate7hook.exe" [2011-06-28 605032]"PDF7 Registry Controller"="c:\program files\Dell Printers\paperport\PDFCreate\RegistryController.exe" [2011-06-28 140136]"DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2012-04-11 902536]"DLUPDR"="c:\program files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE" [2012-04-11 1099072]"DLQLU"="c:\program files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE" [2012-04-11 1082688].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360].c:\documents and settings\All Users\Start Menu\Programs\Startup\Nuance Cloud Connector.lnk - c:\program files\Nuance\Nuance Cloud Connector\GladLauncher.exe [2011-9-29 87920].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]2014-01-21 21:59 85832 ----a-w- c:\windows\system32\LMIinit.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv13F4]@="service".[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]c:\windows\system32\dumprep 0 -u [X].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Nuance\\Nuance Cloud Connector\\GladinetClient.exe"="c:\\Program Files\\Nuance\\Nuance Cloud Connector\\WOSVSSSvr.exe"="c:\\Program Files\\Nuance\\Nuance Cloud Connector\\WOSVSSSvr2003.exe"="c:\\Program Files\\Nuance\\Nuance Cloud Connector\\WOSVSSSvrXP32.exe"=.R2 ADExchange;ArcSoft Exchange Service;c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2/16/2012 10:46 AM 43112]R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [10/23/2013 4:15 PM 226696]R2 GladFileMonSvc;GladFileMonSvc;c:\program files\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [9/29/2011 9:35 PM 29552]R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/8/2010 1:11 PM 375120]R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 3:40 PM 13624]R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Dell Printers\paperport\PaperPort\PDFProFiltSrvPP.exe [1/3/2012 11:58 AM 219496]R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [7/12/2008 4:20 PM 279680]S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]S4 srv13F4;srv13F4;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336].HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcssrv13F4.Contents of the 'Scheduled Tasks' folder.2014-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-19 16:34].2014-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-179605362-839522115-1003Core.job- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-31 04:35].2014-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-179605362-839522115-1003UA.job- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-31 04:35].2014-01-27 c:\windows\Tasks\HP Photo Creations Communicator.job- c:\documents and settings\All Users\Application Data\HP Photo Creations\Communicator.exe [2013-10-25 13:22].2014-01-27 c:\windows\Tasks\User_Feed_Synchronization-{E7F8C04E-25CA-4973-A8ED-8A0F032B93A4}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]..------- Supplementary Scan -------.uInternet Connection Wizard,ShellNext = iexploreIE: Append the content of the link to existing PDF file - c:\program files\Dell Printers\paperport\PDFCreate\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTMLIE: Append the content of the selected links to existing PDF file - c:\program files\Dell Printers\paperport\PDFCreate\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTMLIE: Append to existing PDF file - c:\program files\Dell Printers\paperport\PDFCreate\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTMLIE: Create PDF file - c:\program files\Dell Printers\paperport\PDFCreate\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTMLIE: Create PDF file from the content of the link - c:\program files\Dell Printers\paperport\PDFCreate\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTMLIE: Create PDF files from the selected links - c:\program files\Dell Printers\paperport\PDFCreate\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTMLIE: Open with PDF Viewer 7 - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htmTCP: DhcpNameServer = 192.168.2.1.- - - - ORPHANS REMOVED - - - -.Notify-NavLogon - (no file)MSConfigStartUp-AOL Fast Start - c:\program files\AOL Desktop 9.6\AOL.EXEMSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1295022866\ee\AOLSoftware.exeMSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exeAddRemove-{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{52357~1\Setup.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2014-01-27 16:51Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srv13F4]"servicedll"="\\?\globalroot\Device\HarddiskVolume1\DOCUME~1\user\LOCALS~1\Temp\srv13F4.tmp".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(452)c:\windows\system32\LMIinit.dllc:\windows\system32\LMIRfsClientNP.dll.- - - - - - - > 'explorer.exe'(2444)c:\windows\system32\WININET.dllc:\program files\Nuance\Nuance Cloud Connector\GlOverlayIcon.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dllc:\program files\Nuance\Nuance Cloud Connector\GlOverlayIconU.dllc:\windows\system32\ieframe.dllc:\windows\system32\mshtml.dllc:\windows\system32\msls31.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.- - - - - - - > 'explorer.exe'(3436)c:\windows\system32\WININET.dllc:\windows\system32\ieframe.dllc:\windows\system32\mshtml.dllc:\windows\system32\msls31.dll.Completion time: 2014-01-27 16:52:48ComboFix-quarantined-files.txt 2014-01-27 22:52ComboFix2.txt 2014-01-17 20:48.Pre-Run: 42,570,137,600 bytes freePost-Run: 42,886,291,456 bytes free.- - End Of File - - A231165C3F00E3B14B29A9CDBF3D2D088F558EB6672622401DA993E1E865C861

i ran adwcleaner but the junkware removal tool would not run. After adw finished the computer rebooted and seemed to be running fine. But then about an hour later the same issues popped up again. here is the log from adwcleaner. # AdwCleaner v3.017 - Report created 23/01/2014 at 15:59:46 # Updated 12/01/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : user - BECKY # Running from : C:\Documents and Settings\user\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** [#] Service Deleted : Browser Manager ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint Folder Deleted : C:\Program Files\Free Offers from Freeze.com Folder Deleted : C:\Program Files\Viewpoint Folder Deleted : C:\Documents and Settings\user\Local Settings\Application Data\apn Folder Deleted : C:\Documents and Settings\user\Local Settings\Application Data\Conduit Folder Deleted : C:\Documents and Settings\user\Local Settings\Application Data\PackageAware Folder Deleted : C:\Documents and Settings\user\Application Data\imeshbandmltbpi Folder Deleted : C:\Documents and Settings\user\Application Data\wincoreimband File Deleted : C:\Program Files\Mozilla Firefox\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\iMesh Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller.1 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll Value Deleted : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Deleted : HKCU\Software\5928cdce26dea17 Key Deleted : HKLM\SOFTWARE\5928cdce26dea17 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3209604 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C3B01BC-53A5-48A0-A43B-0C67731134B9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\iMesh Applications\iMesh\iMesh.exe] Key Deleted : HKCU\Software\AVG Security Toolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\FLEXnet Key Deleted : HKCU\Software\Imesh Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\Software\MetaStream Key Deleted : HKLM\Software\Trymedia Systems Key Deleted : HKLM\Software\Viewpoint Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Google Chrome v [ File : C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [12741 octets] - [23/01/2014 15:57:37] AdwCleaner[s0].txt - [12981 octets] - [23/01/2014 15:59:46] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [13042 octets] ##########

Thanks for the help gringo. jus got back in the office this morning. sorry for the delay. I ran the Farbar recovery scan tool and here are the logs. FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-01-2014 Ran by user (administrator) on BECKY on 27-01-2014 09:40:21 Running from C:\Documents and Settings\user\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Gladinet, INC) C:\Program Files\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe () C:\Program Files\Nuance\Nuance Cloud Connector\WOSVSSSvrXP32.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Nuance Communications, Inc.) C:\Program Files\Dell Printers\paperport\PaperPort\PDFProFiltSrvPP.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (VIA Technologies, Inc.) C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Flexera Software, Inc.) C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Nuance Communications, Inc.) C:\Program Files\Dell Printers\paperport\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\PdfPro7Hook.exe (Nuance Communications, Inc.) C:\Program Files\Dell Printers\paperport\PDFCreate\PdfCreate7Hook.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE (Gladinet, INC) C:\Program Files\Nuance\Nuance Cloud Connector\GladinetClient.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation) C:\WINDOWS\system32\ntvdm.exe (Flexera Software, Inc.) C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe (Nuance Communications, Inc.) C:\Program Files\Dell Printers\paperport\PaperPort\ppscandr.exe (Nuance Communications, Inc.) C:\Program Files\Dell Printers\paperport\PaperPort\pplinks.exe (Nuance Communications, Inc.) C:\Program Files\Dell Printers\paperport\PaperPort\ppscanmg.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [LogMeIn GUI] - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2010-09-17] (LogMeIn, Inc.) HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [29896704 2011-01-11] (VIA Technologies, Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [HP Software Update] - C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [49152 2004-02-12] (Hewlett-Packard Company) HKLM\...\Run: [iSUSPM] - C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.) HKLM\...\Run: [PaperPort PTD] - C:\Program Files\Dell Printers\paperport\PaperPort\pptd40nt.exe [38848 2011-11-17] (Nuance Communications, Inc.) HKLM\...\Run: [indexSearch] - C:\Program Files\Dell Printers\paperport\PaperPort\IndexSearch.exe [51136 2011-11-17] (Nuance Communications, Inc.) HKLM\...\Run: [PDFProHook] - C:\Program Files\Nuance\PDF Viewer Plus\pdfpro7hook.exe [607592 2011-07-01] (Nuance Communications, Inc.) HKLM\...\Run: [PDFCreHook] - C:\Program Files\Dell Printers\paperport\PDFCreate\pdfcreate7hook.exe [605032 2011-06-28] (Nuance Communications, Inc.) HKLM\...\Run: [PDF7 Registry Controller] - C:\Program Files\Dell Printers\paperport\PDFCreate\RegistryController.exe [140136 2011-06-28] (Nuance Communications, Inc.) HKLM\...\Run: [DLPSP] - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE [902536 2012-04-11] (Dell Inc.) HKLM\...\Run: [DLUPDR] - C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE [1099072 2012-04-11] (Dell Inc.) HKLM\...\Run: [DLQLU] - C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE [1082688 2012-04-11] (Dell Inc.) Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nuance Cloud Connector.lnk ShortcutTarget: Nuance Cloud Connector.lnk -> C:\Program Files\Nuance\Nuance Cloud Connector\GladLauncher.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA63F31F32543CC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/ SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {DEED4915-633E-480B-BBE7-111CE86CDA41} URL = http://websearch.ask.com/redirect?client=ie&tb=MTV&o=1590&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^AAH&apn_dtid=^YYYYYY^SG^US&apn_uid=6c8c558c-8d11-403a-936d-33dcc6622d91&apn_sauid=41A1F0AB-C468-46B4-868B-82043D48DCE9& BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Dell Printers\paperport\PDFCreate\Bin\ZeonIEFavClient.dll (Zeon Corporation) Toolbar: HKLM - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File Toolbar: HKLM - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Dell Printers\paperport\PDFCreate\Bin\ZeonIEFavClient.dll (Zeon Corporation) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Chrome: ======= CHR HomePage: CHR RestoreOnStartup: "translate_blocked_languages": [ "en" CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\pdf.dll () CHR Plugin: (registryAccess) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaobhcmeiifeadmdbjbpbdngaoille\7.13.1.0_0\background/registryAccess.dll No File CHR Plugin: (AVG Internet Security) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll No File CHR Plugin: (Application Manager) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () CHR Extension: (Google Wallet) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-19] CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-16] (ArcSoft Inc.) R2 GladFileMonSvc; C:\Program Files\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [29552 2011-09-29] (Gladinet, INC) R2 PDFProFiltSrvPP; C:\Program Files\Dell Printers\paperport\PaperPort\PDFProFiltSrvPP.exe [219496 2012-01-03] (Nuance Communications, Inc.) S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x] S4 srv13F4; \\?\globalroot\Device\HarddiskVolume1\DOCUME~1\user\LOCALS~1\Temp\srv13F4.tmp [x] ==================== Drivers (Whitelisted) ==================== R3 monfilt; C:\WINDOWS\System32\drivers\monfilt.sys [1389056 2011-01-11] (Creative Technology Ltd.) R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [105344 2006-08-14] (NVIDIA Corporation) R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [57856 2006-07-11] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [20480 2006-07-11] (NVIDIA Corporation) R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [279680 2011-01-11] (VIA Technologies, Inc.) S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31744 2008-04-13] (Microsoft Corporation) S3 catchme; \??\C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys [x] S4 IntelIde; No ImagePath S4 LMIRfsClientNP; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== NETSVC: srv13F4 -> \\?\globalroot\Device\HarddiskVolume1\DOCUME~1\user\LOCALS~1\Temp\srv13F4.tmp ==> No File. ==================== One Month Created Files and Folders ======== 2014-01-27 09:40 - 2014-01-27 09:40 - 00011731 _____ C:\Documents and Settings\user\Desktop\FRST.txt 2014-01-27 09:40 - 2014-01-27 09:40 - 00000000 ____D C:\FRST 2014-01-27 09:39 - 2014-01-27 09:34 - 01223168 _____ (Farbar) C:\Documents and Settings\user\Desktop\FRST.exe 2014-01-23 16:45 - 2014-01-23 16:49 - 00000995 _____ C:\Documents and Settings\user\Desktop\attach.txt 2014-01-23 15:57 - 2014-01-23 16:13 - 00000000 ____D C:\AdwCleaner 2014-01-23 15:56 - 2014-01-23 15:54 - 01236282 _____ C:\Documents and Settings\user\Desktop\AdwCleaner.exe 2014-01-23 15:56 - 2014-01-23 15:35 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\user\Desktop\rkill.exe 2014-01-23 15:56 - 2014-01-17 09:15 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\user\Desktop\mbam-setup-1.75.0.1300.exe 2014-01-21 16:00 - 2014-01-23 16:14 - 00000735 _____ C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Client.lnk 2014-01-21 16:00 - 2014-01-21 16:00 - 00000719 _____ C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Control Panel.lnk 2014-01-17 14:48 - 2014-01-17 14:48 - 00016316 _____ C:\ComboFix.txt 2014-01-17 14:34 - 2014-01-17 14:34 - 00000000 _RSHD C:\cmdcons 2014-01-17 14:34 - 2011-07-15 13:22 - 00000211 _____ C:\Boot.bak 2014-01-17 14:34 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr 2014-01-17 10:44 - 2014-01-17 10:44 - 00000000 ____D C:\Documents and Settings\user\Application Data\Malwarebytes 2014-01-17 10:43 - 2014-01-17 12:18 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2014-01-17 10:43 - 2014-01-17 10:43 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-01-17 10:43 - 2014-01-17 10:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-01-17 10:43 - 2014-01-17 10:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-01-17 10:43 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-01-15 03:00 - 2014-01-15 03:00 - 00004340 _____ C:\WINDOWS\KB2914368.log 2014-01-15 03:00 - 2014-01-15 03:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$ 2014-01-13 14:32 - 2014-01-15 12:59 - 00000000 ____D C:\Documents and Settings\user\My Documents\BRAYTON ENERGY 2013-12-30 08:30 - 2013-12-30 08:30 - 00000871 _____ C:\Documents and Settings\user\Desktop\Shortcut to RECEIVABLES JANUARY '14.lnk ==================== One Month Modified Files and Folders ======= 2014-01-27 09:40 - 2014-01-27 09:40 - 00011731 _____ C:\Documents and Settings\user\Desktop\FRST.txt 2014-01-27 09:40 - 2014-01-27 09:40 - 00000000 ____D C:\FRST 2014-01-27 09:39 - 2011-01-14 10:40 - 00000374 _____ C:\WINDOWS\QAWIN.INI 2014-01-27 09:35 - 2011-10-30 22:35 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-179605362-839522115-1003UA.job 2014-01-27 09:34 - 2014-01-27 09:39 - 01223168 _____ (Farbar) C:\Documents and Settings\user\Desktop\FRST.exe 2014-01-27 09:34 - 2013-07-22 18:48 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-01-27 09:31 - 2012-04-11 14:00 - 00000000 ____D C:\Documents and Settings\user\My Documents\STATEMENT OF ACCOUNTS 2014-01-27 09:11 - 2013-05-23 08:11 - 00000488 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job 2014-01-27 09:08 - 2011-01-11 09:55 - 01977854 _____ C:\WINDOWS\WindowsUpdate.log 2014-01-27 08:48 - 2011-01-14 10:12 - 00000000 ____D C:\Documents and Settings\user\My Documents\AMERICAN MARINE 2014-01-27 08:47 - 2011-01-11 03:41 - 00008284 _____ C:\WINDOWS\wiadebug.log 2014-01-27 08:35 - 2011-10-30 22:35 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-179605362-839522115-1003Core.job 2014-01-27 08:28 - 2012-12-26 16:32 - 00002521 _____ C:\Documents and Settings\user\Desktop\Microsoft Office Outlook 2003.lnk 2014-01-27 01:35 - 2011-01-11 09:59 - 00032540 _____ C:\WINDOWS\SchedLgU.Txt 2014-01-27 00:10 - 2011-01-11 11:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LogMeIn 2014-01-26 12:17 - 2011-01-11 11:36 - 00000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{E7F8C04E-25CA-4973-A8ED-8A0F032B93A4}.job 2014-01-24 14:38 - 2013-10-23 16:20 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\gladinet 2014-01-24 14:36 - 2011-01-11 10:03 - 00000278 __SHC C:\Documents and Settings\user\ntuser.ini 2014-01-24 12:29 - 2011-01-14 10:13 - 00000000 ____D C:\Documents and Settings\user\My Documents\CRIPOLY 2014-01-24 11:32 - 2011-01-14 10:15 - 00000000 ____D C:\Documents and Settings\user\My Documents\PROGRESS RAIL 2014-01-24 10:27 - 2011-05-05 09:46 - 00000000 ____D C:\Documents and Settings\user\My Documents\POWERTEAMUS 2014-01-24 08:18 - 2011-01-14 10:17 - 00000000 ____D C:\Documents and Settings\user\My Documents\STEWART & STEVENSON 2014-01-24 07:46 - 2011-01-14 10:13 - 00000000 ____D C:\Documents and Settings\user\My Documents\DOTSON 2014-01-24 07:42 - 2012-12-04 08:56 - 00000000 ____D C:\Documents and Settings\user\My Documents\STRIEGEL SUPPLY 2014-01-23 16:49 - 2014-01-23 16:45 - 00000995 _____ C:\Documents and Settings\user\Desktop\attach.txt 2014-01-23 16:17 - 2011-04-11 11:05 - 00000000 ____D C:\WINDOWS\ERDNT 2014-01-23 16:17 - 2011-04-11 11:04 - 00000000 ____D C:\Qoobox 2014-01-23 16:17 - 2011-01-11 09:54 - 00000000 ____D C:\WINDOWS\system32\Restore 2014-01-23 16:14 - 2014-01-21 16:00 - 00000735 _____ C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Client.lnk 2014-01-23 16:14 - 2011-01-11 09:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2014-01-23 16:14 - 2011-01-11 03:41 - 00000049 _____ C:\WINDOWS\wiaservc.log 2014-01-23 16:13 - 2014-01-23 15:57 - 00000000 ____D C:\AdwCleaner 2014-01-23 15:59 - 2012-11-21 09:47 - 00000000 ____D C:\Program Files\Mozilla Firefox 2014-01-23 15:54 - 2014-01-23 15:56 - 01236282 _____ C:\Documents and Settings\user\Desktop\AdwCleaner.exe 2014-01-23 15:35 - 2014-01-23 15:56 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\user\Desktop\rkill.exe 2014-01-23 14:13 - 2012-11-21 08:48 - 00000000 ____D C:\Documents and Settings\user\My Documents\K & L ELECTRONICS 2014-01-23 13:03 - 2012-07-30 07:21 - 00000000 ____D C:\Documents and Settings\user\My Documents\S & S SALES & LEASING 2014-01-23 11:14 - 2011-06-27 15:04 - 00000000 ____D C:\Documents and Settings\user\My Documents\MASTER PACKING 2014-01-23 10:34 - 2011-01-14 10:12 - 00000000 ____D C:\Documents and Settings\user\My Documents\AMEREN SALES 2014-01-23 10:20 - 2011-01-14 10:15 - 00000000 ____D C:\Documents and Settings\user\My Documents\NREC POWER SYSTEMS 2014-01-23 09:17 - 2001-08-23 06:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2014-01-23 08:57 - 2011-01-14 10:14 - 00000000 ____D C:\Documents and Settings\user\My Documents\LAWRENCE & ASSOC 2014-01-23 08:31 - 2011-01-14 10:15 - 00000000 ____D C:\Documents and Settings\user\My Documents\MIKE'S 2014-01-22 14:18 - 2011-09-01 12:51 - 00000000 ____D C:\Documents and Settings\user\My Documents\BECKY'S EBAY 2014-01-22 13:57 - 2011-01-14 10:14 - 00000000 ____D C:\Documents and Settings\user\My Documents\EURO-AMERICAN DIESEL CHILE 2014-01-22 13:53 - 2012-12-21 07:58 - 00000000 ____D C:\Documents and Settings\user\My Documents\DIESEL LOKO DIST 2014-01-22 13:45 - 2011-09-01 13:07 - 00000000 ____D C:\Documents and Settings\user\My Documents\J & L CONSULTING 2014-01-22 11:17 - 2011-01-14 10:14 - 00000000 ____D C:\Documents and Settings\user\My Documents\LASCASIANA 2014-01-21 17:13 - 2011-01-11 09:58 - 00000000 __SHD C:\Documents and Settings\NetworkService 2014-01-21 16:07 - 2012-06-26 15:56 - 00000000 ____D C:\Documents and Settings\user\My Documents\MIDWEST MAINTENANCE SVC 2014-01-21 16:00 - 2014-01-21 16:00 - 00000719 _____ C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Control Panel.lnk 2014-01-21 16:00 - 2011-01-11 11:55 - 00000000 ____D C:\Program Files\LogMeIn 2014-01-21 15:59 - 2011-01-11 11:56 - 00086888 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll 2014-01-21 15:59 - 2011-01-11 11:56 - 00031560 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll 2014-01-21 15:59 - 2011-01-11 11:55 - 00085832 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll 2014-01-21 08:35 - 2011-01-14 10:17 - 00000000 ____D C:\Documents and Settings\user\My Documents\WORLD BRIDGE 2014-01-21 08:21 - 2012-10-18 10:01 - 00000000 ____D C:\Documents and Settings\user\My Documents\DESIGN POWER 2014-01-21 08:02 - 2011-01-14 10:15 - 00000000 ____D C:\Documents and Settings\user\My Documents\POWER RAIL 2014-01-20 14:12 - 2011-01-11 10:04 - 00071936 ____C C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-01-20 12:56 - 2011-01-14 10:17 - 00000000 ____D C:\Documents and Settings\user\My Documents\SPECIALIZED DIESEL 2014-01-20 08:55 - 2011-01-14 10:39 - 00000000 ____D C:\qawin 2014-01-17 14:58 - 2011-01-11 03:38 - 00275760 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2014-01-17 14:55 - 2011-01-11 11:43 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat 2014-01-17 14:48 - 2014-01-17 14:48 - 00016316 _____ C:\ComboFix.txt 2014-01-17 14:47 - 2001-08-23 06:00 - 00000227 _____ C:\WINDOWS\system.ini 2014-01-17 14:34 - 2014-01-17 14:34 - 00000000 _RSHD C:\cmdcons 2014-01-17 14:34 - 2011-01-11 03:37 - 00000327 __RSH C:\boot.ini 2014-01-17 14:17 - 2013-07-22 18:32 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\Avg2013 2014-01-17 14:17 - 2011-01-11 12:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData 2014-01-17 14:07 - 2013-08-16 15:13 - 00127683 _____ C:\WINDOWS\setupapi.log 2014-01-17 14:07 - 2013-07-22 18:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2013 2014-01-17 14:07 - 2011-06-15 16:27 - 00000000 ____D C:\$AVG 2014-01-17 12:53 - 2011-01-11 03:39 - 00588972 ____C C:\WINDOWS\system32\PerfStringBackup.INI 2014-01-17 12:50 - 2011-01-11 12:02 - 00000376 ____C C:\WINDOWS\ODBC.INI 2014-01-17 12:50 - 2001-08-23 06:00 - 00000573 _____ C:\WINDOWS\win.ini 2014-01-17 12:32 - 2011-01-11 03:34 - 00000000 ____D C:\WINDOWS\system32\ias 2014-01-17 12:27 - 2004-08-04 00:56 - 00033280 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rundll32.exe 2014-01-17 12:27 - 2004-08-04 00:56 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe 2014-01-17 12:18 - 2014-01-17 10:43 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2014-01-17 10:44 - 2014-01-17 10:44 - 00000000 ____D C:\Documents and Settings\user\Application Data\Malwarebytes 2014-01-17 10:43 - 2014-01-17 10:43 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-01-17 10:43 - 2014-01-17 10:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-01-17 10:43 - 2014-01-17 10:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-01-17 09:15 - 2014-01-23 15:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\user\Desktop\mbam-setup-1.75.0.1300.exe 2014-01-17 08:59 - 2013-04-26 13:29 - 00001769 _____ C:\InstallHelper.log 2014-01-17 08:59 - 2013-04-26 13:29 - 00000000 ____D C:\Documents and Settings\All Users\eBay 2014-01-17 08:35 - 2012-01-31 15:26 - 00000000 ____D C:\Program Files\Philips 2014-01-17 08:31 - 2011-01-11 03:34 - 00000000 ____D C:\WINDOWS\Help 2014-01-16 08:18 - 2011-07-06 11:21 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk 2014-01-16 08:18 - 2011-07-06 11:21 - 00000000 ____D C:\Program Files\Common Files\Adobe 2014-01-15 16:27 - 2013-07-30 11:58 - 00000000 ____D C:\Documents and Settings\user\My Documents\TPS HOUSTON GROUP 2014-01-15 12:59 - 2014-01-13 14:32 - 00000000 ____D C:\Documents and Settings\user\My Documents\BRAYTON ENERGY 2014-01-15 11:35 - 2011-01-14 10:14 - 00000000 ____D C:\Documents and Settings\user\My Documents\LOCODOCS 2014-01-15 08:19 - 2012-04-10 06:43 - 00000000 ____D C:\Documents and Settings\user\My Documents\VMV PADUCAHBILT 2014-01-15 03:02 - 2013-08-09 02:00 - 00000000 ____D C:\WINDOWS\system32\MRT 2014-01-15 03:00 - 2014-01-15 03:00 - 00004340 _____ C:\WINDOWS\KB2914368.log 2014-01-15 03:00 - 2014-01-15 03:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$ 2014-01-15 03:00 - 2012-07-03 16:15 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-01-15 03:00 - 2011-01-11 03:39 - 01410105 ____C C:\WINDOWS\iis6.log 2014-01-15 03:00 - 2011-01-11 03:39 - 01261044 ____C C:\WINDOWS\FaxSetup.log 2014-01-15 03:00 - 2011-01-11 03:39 - 00614613 ____C C:\WINDOWS\ocgen.log 2014-01-15 03:00 - 2011-01-11 03:39 - 00580858 ____C C:\WINDOWS\tsoc.log 2014-01-15 03:00 - 2011-01-11 03:39 - 00425031 ____C C:\WINDOWS\comsetup.log 2014-01-15 03:00 - 2011-01-11 03:39 - 00383752 ____C C:\WINDOWS\msmqinst.log 2014-01-15 03:00 - 2011-01-11 03:39 - 00256263 ____C C:\WINDOWS\ntdtcsetup.log 2014-01-15 03:00 - 2011-01-11 03:39 - 00221739 ____C C:\WINDOWS\netfxocm.log 2014-01-15 03:00 - 2011-01-11 03:39 - 00088142 ____C C:\WINDOWS\MedCtrOC.log 2014-01-15 03:00 - 2011-01-11 03:39 - 00069915 ____C C:\WINDOWS\ocmsn.log 2014-01-15 03:00 - 2011-01-11 03:39 - 00064230 ____C C:\WINDOWS\tabletoc.log 2014-01-15 03:00 - 2011-01-11 03:39 - 00063303 ____C C:\WINDOWS\msgsocm.log 2014-01-15 03:00 - 2011-01-11 03:39 - 00001374 _____ C:\WINDOWS\imsins.log 2014-01-14 15:49 - 2011-01-14 10:17 - 00000000 ____D C:\Documents and Settings\user\My Documents\SUPCO CANADA 2014-01-14 08:13 - 2011-01-14 10:15 - 00000000 ____D C:\Documents and Settings\user\My Documents\MARINSA 2014-01-14 08:09 - 2012-06-20 09:40 - 00000000 ____D C:\Documents and Settings\user\My Documents\MARINE SYSTEMS 2014-01-13 16:42 - 2011-01-14 10:14 - 00000000 ____D C:\Documents and Settings\user\My Documents\HILLCREST CAMSHAFT 2014-01-13 13:50 - 2013-03-12 07:26 - 00000000 ____D C:\Documents and Settings\user\My Documents\AMTRAK BIDS 2014-01-13 13:11 - 2011-01-14 10:14 - 00000000 ____D C:\Documents and Settings\user\My Documents\LAWRENCE & ASSOCIATES 2014-01-09 16:05 - 2011-05-19 15:14 - 00000000 ____D C:\Documents and Settings\user\My Documents\AMERICAN TURBO 2014-01-09 13:54 - 2012-02-02 08:15 - 00000000 ____D C:\Documents and Settings\user\My Documents\WABTEC 2014-01-09 08:26 - 2011-01-14 10:13 - 00000000 ____D C:\Documents and Settings\user\My Documents\DICKSON MARINE 2014-01-02 14:02 - 2013-08-22 08:13 - 00000000 ____D C:\Documents and Settings\user\My Documents\MARINE DIESEL OF SEATTLE 2013-12-30 15:44 - 2011-01-14 10:15 - 00000000 ____D C:\Documents and Settings\user\My Documents\PEAKER SERVICES 2013-12-30 08:30 - 2013-12-30 08:30 - 00000871 _____ C:\Documents and Settings\user\Desktop\Shortcut to RECEIVABLES JANUARY '14.lnk 2013-12-30 08:29 - 2011-01-14 10:15 - 00000000 ____D C:\Documents and Settings\user\My Documents\RECEIVABLES 2013-12-30 07:58 - 2012-03-07 14:15 - 00000000 ____D C:\Documents and Settings\user\My Documents\LOCOMOTORAS Some content of TEMP: ==================== C:\Documents and Settings\user\Local Settings\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Addition.txt

Hi everyone any help would be appreciated. The bosses daughter got on one of our computers and played some silly games along with downloading some music from a random website. Now every so often several windows pop up on the desktop which appear to be a webpage with external links(mostly just advertisements) but no browser is open and nothing was clicked on. When i open task manager i can see a separate instance of explorer.exe running for each window that opens. (usually 3 to 4) Also a download box appears from time to time asking to save or open a random video file. This dialog box also opens without any user input. Here is the log file from dds.exe Attach.txt was the only log that was generated though. here it is: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 1/11/2011 9:57:34 AMSystem Uptime: 1/23/2014 4:14:15 PM (0 hours ago).Motherboard: FOXCONN | | M61PMVProcessor: AMD Athlon 64 X2 Dual Core Processor 5000+ | AMD Athlon 64 X2 Dual Core Processor 5000+ | 2612/201mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 75 GiB total, 40.262 GiB free.D: is CDROM ()E: is RemovableN: is NetworkDisk (FAT) - 75 GiB total, 40.262 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================.No restore point in system..==== Image File Execution Options =============.IFEO: Your Image File Name Here without a path - ntsd -d.==== Installed Programs ======================..==== End Of File ===========================