Jump to content

gtdriski

Honorary Members
  • Posts

    46
  • Joined

  • Last visited

Everything posted by gtdriski

  1. Hello Kevin, Here are the logs: OTM All processes killed ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\GaryT\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\GaryT\Desktop\cmd.txt deleted successfully. C:\FRST\Quarantine folder moved successfully. C:\FRST\Logs folder moved successfully. C:\FRST\Hives\Users\00000002 folder moved successfully. C:\FRST\Hives\Users\00000001 folder moved successfully. C:\FRST\Hives\Users folder moved successfully. C:\FRST\Hives folder moved successfully. C:\FRST folder moved successfully. C:\Documents and Settings\GaryT\Desktop\FRST.exe moved successfully. C:\Documents and Settings\All Users\Uninst.exe moved successfully. C:\Documents and Settings\GaryT\DimdimSetup.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 58264 bytes User: GaryT ->Temp folder emptied: 2652505 bytes ->Temporary Internet Files folder emptied: 18725542 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 721933072 bytes ->Google Chrome cache emptied: 240932043 bytes ->Flash cache emptied: 8108591 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33624 bytes ->FireFox cache emptied: 23729193 bytes ->Flash cache emptied: 405 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 10155 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1453 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13832 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 175485 bytes RecycleBin emptied: 3521758 bytes Total Files Cleaned = 973.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 07222013_233649 Files moved on Reboot... Registry entries deleted on Reboot... Adwcleaner # AdwCleaner v2.306 - Logfile created 07/22/2013 at 23:47:44 # Updated 19/07/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : GaryT - GTD-DESKTOP # Boot Mode : Normal # Running from : C:\Documents and Settings\GaryT\Desktop\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) File : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\4qu1wovc.default\prefs.js [OK] File is clean. File : C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\prefs.js [OK] File is clean. -\\ Google Chrome v28.0.1500.72 File : C:\Documents and Settings\GaryT\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1256 octets] - [10/06/2013 23:53:24] AdwCleaner[s1].txt - [3608 octets] - [30/04/2013 04:31:48] AdwCleaner[s2].txt - [1928 octets] - [22/07/2013 23:47:44] ########## EOF - C:\AdwCleaner[s2].txt - [1988 octets] ########## Firefox tells me it is running the latest version (22.0), so I don't know why it shows outdated. Things seem ok. Thanks, Gary
  2. Thanks Kevin, Here are the logs: Farbar Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-07-2013 Ran by GaryT (administrator) on 21-07-2013 18:16:42 Running from C:\Documents and Settings\GaryT\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (brother Industries Ltd) C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd) C:\WINDOWS\system32\brss01a.exe (Logitech Inc.) c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardian.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe () C:\WINDOWS\system32\PSIService.exe (Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (Windows ® Codename Longhorn DDK provider) C:\Program Files\UPHClean\uphclean.exe (Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (Google Inc.) C:\Documents and Settings\GaryT\Local Settings\Application Data\Google\Update\1.3.21.153\GoogleCrashHandler.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Intuit Inc. All rights reserved.) C:\Documents and Settings\GaryT\Local Settings\Application Data\Intuit\SyncManager\Current\IntuitSyncManager.exe (Intuit, Inc.) C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgr.exe (Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe (Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk10\PerfectDisk.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe ==================== Registry (Whitelisted) ================== HKLM\...\Winlogon: [uIHost] C:\WINDOWS\system32\logonui.exe [x ] () Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X] Winlogon\Notify\LMIinit: LMIinit.dll (LogMeIn, Inc.) Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation) Skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.) HKCU\...\Run: [Google Update] - C:\Documents and Settings\GaryT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-08-18] (Google Inc.) BootExecute: PDBoot.exeautocheck autochk * sasnative32 ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/?rd=nux SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKCU - {774C86F0-F13C-4FAF-8D16-A4F2417C8AFC} URL = http://www.weather.com/search/enhanced?where={searchTerms} SearchScopes: HKCU - {7FCF2E2B-F64E-4ACE-BFA4-F76F7C9C0194} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7 SearchScopes: HKCU - {84B73620-247B-453E-BF3D-01F0CAA7FF70} URL = http://www.shopzilla.com/buy/superfind.xpml?search_box=1&sfsk=0&cat_id=1&keyword={searchTerms} SearchScopes: HKCU - {931D8C7B-7F39-4D42-9991-FC52DC61283C} URL = http://www.facebook.com/s.php?src=os&q={searchTerms} SearchScopes: HKCU - {9360E69F-4978-40C5-A508-176730C120F0} URL = http://search.about.com/fullsearch.htm?terms={searchTerms} BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company) BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll (Moyea Software Co., Ltd.) BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () Toolbar: HKLM - del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) Toolbar: HKCU -del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company) Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU -No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File DPF: {02FFCFC3-C28F-4ED9-954B-1BAC9FD77E12} http://webstream.intra.net/media/xflux3.cab DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {16C698C4-4BE0-4CDF-B777-39276A95F58F} http://meeting.zoho.com/login/ActivexViewer.jsp DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.3.8.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab DPF: {54D53429-945C-4188-B460-C81356541882} http://photosmart.hpphoto.com/Download/HPeServicesLocalPrint.CAB DPF: {56426D1F-A2BB-4195-8555-CCE6533F81E8} http://meeting.zoho.com/login/Agent.jsp DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122093200750 DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www3.ca.com/securityadvisor/virusinfo/webscan.cab DPF: {7BC974EF-A718-4A17-B77E-4C8DBC327AFA} https://secure.voloper.net/editor.cab DPF: {7DD82D6B-3553-470B-8D1E-D5C7086478A7} https://merchantaccount.quickbooks.com/sync/QBMASSyncCom2_2005.cab DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} http://www.contentpurity.com/xp/ScanFilexp.CAB DPF: {87651085-BCBF-4281-B8F7-1F6E56E92515} http://meeting.zoho.com/login/Agent.jsp DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {B7039D87-D648-4431-BA87-C3A04E6111DA} https://67.43.9.72:4643/vz/ssh/wodTelnetDLX.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D5382F3F-32AA-41E1-9FFF-5D1EFAC80D40} http://contentpurity.com/members/FileClean.CAB DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://office.webstream-innovations.com/hyperoffice/personal/documents/XUpload.ocx DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab DPF: {F21AC8A4-4322-11D6-8EBE-0001023D1A2A} https://merchantaccount.quickbooks.com/recurchrg/IntuitRecurPayCom.cab DPF: {F8A9F96F-8375-4596-BD89-EEAE2781D810} https://merchantaccount.quickbooks.com/sync/QBMASSyncCom1.cab DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} http://www.plaxo.com/activex/plx_upldr-2k-xp.cab Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) Handler: ipp - No CLSID Value - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Handler: msdaipp - No CLSID Value - Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.) Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 38.116.38.49 FireFox: ======== FF ProfilePath: C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default FF Homepage: hxxp://web.ebuddy.com/#|hxxp://www.netvibes.com/privatepage/1#General|https://www.passpack.com/online/# FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @IBM.com/WDPlugin,version=1 - C:\WINDOWS\system32\IBM\npwdplugin.dll (IBM ) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 - C:\Program Files\Sibelius Software\Scorch\npsibelius.dll () FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @vialect.com/superfile,version=1.0 - C:\Program Files\Intra.Net 4.x Components\packages\{309453F2-8D7A-4F10-BDAC-EA09D31F9198}\npsf.dll (Vialect) FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File FF Plugin HKCU: @IBM.com/WDPlugin,version=1 - C:\WINDOWS\system32\IBM\npwdplugin.dll (IBM ) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\GaryT\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\GaryT\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\searchplugins\delicious-tag.xml FF SearchPlugin: C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\searchplugins\linkedin-1.xml FF SearchPlugin: C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\searchplugins\linkedin.xml FF SearchPlugin: C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\searchplugins\linkedinjobs.xml FF SearchPlugin: C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\searchplugins\marketwatch.xml FF SearchPlugin: C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\searchplugins\searchplugins-backup FF SearchPlugin: C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\searchplugins\technorati.xml FF SearchPlugin: C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\searchplugins\weathercom.xml FF SearchPlugin: C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\searchplugins\webster.xml FF SearchPlugin: C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\searchplugins\wikipedia-en.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml FF Extension: No Name - C:\Documents and Settings\GaryT\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: No Name - C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\Extensions\collector@broceliand.fr FF Extension: United States English Spellchecker - C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\Extensions\en-US@dictionaries.addons.mozilla.org FF Extension: No Name - C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\Extensions\foxmarks@kei.com FF Extension: No Name - C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\Extensions\kgen@elitwork.com FF Extension: printpdf - C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\Extensions\printpdf@pavlov.net FF Extension: SEO Blogger - C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\Extensions\seo-blogger@wordtracker.com FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: SeoQuake - C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}(2) FF Extension: WOT - C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF Extension: Evernote Web Clipper - C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} FF Extension: LinkedIn Companion for Firefox - C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\Extensions\{e2337727-f9c9-411b-929e-287584341d1a} FF Extension: No Name - C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\Extensions\{ec9CEB59-8266-438b-91D9-82F56D595E15} FF Extension: rankchecker - C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\Extensions\rankchecker@seobook.com.xpi FF Extension: seo4firefox - C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\Extensions\seo4firefox@seobook.com.xpi FF Extension: seotoolbar - C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\Extensions\seotoolbar@seobook.com.xpi FF Extension: sqlime - C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\Extensions\sqlime@security.compass.xpi FF Extension: No Name - C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\Extensions\{86c18b42-e466-45a9-ae7a-9b95ba6f5640}.xpi FF Extension: No Name - C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi FF Extension: No Name - C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi FF Extension: No Name - C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi FF Extension: No Name - C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi FF Extension: No Name - C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi FF Extension: No Name - C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi FF Extension: No Name - C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\Extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}.xpi FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Documents and Settings\GaryT\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\GaryT\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.71\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\GaryT\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.71\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Chrome Toolbox Plugin) - C:\Documents and Settings\GaryT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn\1.0.30_0\plugin/convenience.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (ActiveTouch General Plugin Container) - C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll (WebEx Communications, Inc) CHR Plugin: (Google Gadget Plugin) - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll () CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation) CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (QuickTime Plug-in 7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (WD General Plugin) - C:\Program Files\Mozilla Firefox\plugins\npwdplugin.dll (IBM ) CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Google Update) - C:\Documents and Settings\GaryT\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Intra.Net) - C:\Program Files\Intra.Net 4.x Components\packages\{309453F2-8D7A-4F10-BDAC-EA09D31F9198}\npsf.dll (Vialect) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Bejeweled) - C:\DOCUME~1\GaryT\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0 CHR Extension: (BIODIGITAL HUMAN) - C:\DOCUME~1\GaryT\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0 CHR Extension: (Xmarks Bookmark Sync) - C:\DOCUME~1\GaryT\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.25_0 CHR Extension: (YouTube) - C:\DOCUME~1\GaryT\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\DOCUME~1\GaryT\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Zoho Projects) - C:\DOCUME~1\GaryT\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\dhifphcimhhfnhlemdpmlonlkgfkjjae\1.1_0 CHR Extension: (Google+) - C:\DOCUME~1\GaryT\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.2.0.418_0 CHR Extension: (Sumo Paint) - C:\DOCUME~1\GaryT\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\dpgjihldbpodlmnjolekemlfbcajnmod\3.7_0 CHR Extension: (Google Calendar) - C:\DOCUME~1\GaryT\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0 CHR Extension: (Creately - Online Diagramming) - C:\DOCUME~1\GaryT\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\figjjaggcjcojopflaabmebmocabdglm\1.1_0 CHR Extension: (Chrome Toolbox (by Google)) - C:\DOCUME~1\GaryT\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn\1.0.32_0 CHR Extension: (bitly | \u2665 your bitmarks) - C:\DOCUME~1\GaryT\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\2.0.89_0 CHR Extension: (Dropbox) - C:\DOCUME~1\GaryT\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.6_0 CHR Extension: (Zoho Mail) - C:\DOCUME~1\GaryT\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jjemfhbmnkbapnnmiadkbiaokccjnhge\1.1_0 CHR Extension: (Zoho CRM) - C:\DOCUME~1\GaryT\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\kigppphkaknhndejgcmckacpipcioacn\1.1.1_0 CHR Extension: (HootSuite) - C:\DOCUME~1\GaryT\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij\5.244_0 CHR Extension: (Evernote Web) - C:\DOCUME~1\GaryT\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0 CHR Extension: (Webcam Toy) - C:\DOCUME~1\GaryT\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.4_0 CHR Extension: (Skype Click to Call) - C:\DOCUME~1\GaryT\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0 CHR Extension: (Google Maps) - C:\DOCUME~1\GaryT\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0 CHR Extension: (Chrome to Phone) - C:\DOCUME~1\GaryT\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0 CHR Extension: (SEO for Chrome) - C:\DOCUME~1\GaryT\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj\0.9.5_0 CHR Extension: (ColorPick Eyedropper) - C:\DOCUME~1\GaryT\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg\0.0.1.68_0 CHR Extension: (Palette for Chrome) - C:\DOCUME~1\GaryT\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\oolpphfmdmjbojolagcbgdemojhcnlod\1.6.0_0 CHR Extension: (Evernote Web Clipper) - C:\DOCUME~1\GaryT\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.18_0 CHR Extension: (Gmail) - C:\DOCUME~1\GaryT\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx CHR StartMenuInternet: Google Chrome - "C:\Documents and Settings\GaryT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" ========================== Services (Whitelisted) ================= R2 Brother XP spl Service; C:\WINDOWS\system32\brsvc01a.exe [57344 2003-08-27] (brother Industries Ltd) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1341664 2013-03-21] (ESET) S3 iPodService; C:\Program Files\iPod\bin\iPodService.exe [323584 2005-12-20] (Apple Computer, Inc.) R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [319568 2010-10-26] (Logitech, Inc.) S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [105248 2007-02-06] (Logitech Inc.) S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [647216 2009-07-07] (Cisco Systems, Inc.) R2 PDAgent; C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe [939272 2010-01-26] (Raxco Software, Inc.) R3 PDEngine; C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe [1033480 2010-01-26] (Raxco Software, Inc.) R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [177704 2007-06-05] () R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-08-19] (Intuit Inc.) S3 Roxio UPnP Renderer 9; C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe [57344 2006-08-10] (Sonic Solutions) S2 Roxio Upnp Server 9; C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe [294912 2006-08-10] (Sonic Solutions) R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-01-31] (Skype Technologies S.A.) R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1724192 2013-01-31] (TuneUp Software) R2 UPHClean; C:\Program Files\UPHClean\uphclean.exe [399872 2010-09-13] (Windows ® Codename Longhorn DDK provider) R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== R3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.) R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices) R3 AmdLLD; C:\Windows\System32\DRIVERS\AmdLLD.sys [34304 2007-06-29] (AMD, Inc.) S2 BrPar; C:\Windows\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R1 Cinemsup; C:\Windows\System32\Drivers\Cinemsup.sys [6656 2003-12-19] (Sonic Solutions) S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) R2 DefragFS; C:\Windows\System32\Drivers\DefragFS.sys [73232 2009-08-20] (Raxco Software, Inc.) R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [31896 2005-11-25] (DemoForge, LLC) R2 DLABMFSM; C:\Windows\System32\DLA\DLABMFSM.SYS [35128 2006-08-08] (Sonic Solutions) R2 DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [32504 2006-08-08] (Sonic Solutions) R1 DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [12952 2006-08-01] (Sonic Solutions) R2 DLADResM; C:\Windows\System32\DLA\DLADResM.SYS [9432 2006-08-08] (Sonic Solutions) R2 DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [104504 2006-08-08] (Sonic Solutions) R2 DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [26136 2006-08-08] (Sonic Solutions) R2 DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [14552 2006-08-08] (Sonic Solutions) R1 DLARTL_M; C:\Windows\System32\Drivers\DLARTL_M.SYS [28216 2006-08-01] (Sonic Solutions) R2 DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [94680 2006-08-08] (Sonic Solutions) R2 DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [97880 2006-08-08] (Sonic Solutions) S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.) R2 DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [51800 2006-08-01] (Sonic Solutions) R1 eamon; C:\Windows\System32\DRIVERS\eamon.sys [161368 2013-01-10] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [122240 2013-01-10] (ESET) S3 ENTECH; C:\WINDOWS\system32\DRIVERS\ENTECH.sys [21664 2004-10-25] (EnTech Taiwan) R1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [105784 2013-01-10] (ESET) S3 FileShd; C:\Windows\System32\DRIVERS\fileshd2.sys [69888 2007-09-10] (Pulsar-NVP) R3 FilterService; C:\Windows\System32\DRIVERS\lvuvcflt.sys [22560 2007-05-11] (Logitech Inc.) R2 LBeepKE; C:\Windows\System32\Drivers\LBeepKE.sys [12216 2012-09-18] (Logitech, Inc.) R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [43704 2012-09-18] (Logitech, Inc.) R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12216 2012-09-18] (Logitech, Inc.) S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [42592 2012-03-13] (http://libusb-win32.sourceforge.net) R2 LMIInfo; C:\Program Files\LogMeIn\x86\RaInfo.sys [12856 2008-07-24] (LogMeIn, Inc.) R2 LMIRfsDriver; C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [47640 2008-07-24] (LogMeIn, Inc.) R3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39608 2012-09-18] (Logitech, Inc.) S3 ltmodem5; C:\Windows\System32\DRIVERS\ltmdmnt.sys [652689 2003-12-12] (Agere Systems) R3 Lvckap; C:\Windows\System32\DRIVERS\LVcKap.sys [1691808 2007-02-06] () R3 lvmvdrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [1964064 2007-02-06] (Logitech Inc.) R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25632 2007-02-06] () S3 LVPrcMon; C:\WINDOWS\system32\drivers\LVPrcMon.sys [16768 2005-09-01] () R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41888 2007-05-11] (Logitech Inc.) S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [35144 2013-06-02] () S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [34064 2009-03-15] (CACE Technologies) R0 nvata; C:\Windows\System32\DRIVERS\nvata.sys [92800 2005-05-17] (NVIDIA Corporation) R0 nvatabus; C:\Windows\System32\drivers\nvatabus.sys [92800 2005-05-17] (NVIDIA Corporation) R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation) R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation) R3 ousb2hub; C:\Windows\System32\DRIVERS\ousb2hub.sys [56960 2005-09-29] (OrangeWare Corporation) R2 ousbehci; C:\Windows\System32\Drivers\ousbehci.sys [45824 2005-09-29] (OrangeWare Corporation) S3 PCAlertDriver; C:\Program Files\MSI\Core Center\NTGLM7X.sys [22432 2005-08-25] (MICRO-STAR INT'L CO., LTD.) S3 PCANDIS5; C:\WINDOWS\System32\PCANDIS5.SYS [16128 2004-07-05] (Printing Communications Assoc., Inc. (PCAUSA)) R2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [25392 2009-07-07] (Cisco Systems, Inc.) R2 purendis; C:\Windows\System32\DRIVERS\purendis.sys [26672 2009-07-07] (Cisco Systems, Inc.) S3 RushTopDevice; C:\Program Files\MSI\Core Center\RushTop.sys [39808 2005-08-25] (MICRO-STAR INT'L CO., LTD.) S4 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [50688 2006-08-09] (Sonic Solutions) R0 Si3114r5; C:\Windows\System32\DRIVERS\Si3114r5.sys [211496 2008-11-25] (Silicon Image, Inc) R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17064 2008-11-25] (Silicon Image, Inc.) R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12200 2008-11-25] (Silicon Image, Inc.) S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation) S3 SSKBFD; C:\Windows\System32\Drivers\sskbfd.sys [23920 2008-01-04] (Webroot Software Inc (www.webroot.com)) S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-18] (TuneUp Software) R3 ubohci; C:\Windows\System32\DRIVERS\ubohci.sys [77056 2005-07-27] (Unibrain S.A.) R2 ubsbm; C:\Windows\System32\DRIVERS\ubsbm.sys [14080 2005-07-27] (Unibrain S.A.) R2 ubumapi; C:\Windows\System32\DRIVERS\ubumapi.sys [36352 2005-07-27] (Unibrain S.A.) S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation) R3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [297344 2009-04-21] (Marvell) S3 FTDIBUS; system32\drivers\ftdibus.sys [x] S3 FTSER2K; system32\drivers\ftser2k.sys [x] S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [x] S4 IntelIde; No ImagePath S4 LMIRfsClientNP; No ImagePath S3 PalmUSBD; system32\drivers\PalmUSBD.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-21 18:16 - 2013-07-21 18:16 - 00000000 ____D C:\FRST 2013-07-21 18:11 - 2013-07-21 18:11 - 00891062 _____ C:\Documents and Settings\GaryT\Desktop\SecurityCheck.exe 2013-07-21 18:10 - 2013-07-21 18:10 - 01219874 _____ (Farbar) C:\Documents and Settings\GaryT\Desktop\FRST.exe 2013-07-11 02:42 - 2013-07-11 02:42 - 00009733 _____ C:\WINDOWS\KB2850851.log 2013-07-11 02:41 - 2013-07-11 02:42 - 00009312 _____ C:\WINDOWS\KB2845187.log 2013-06-27 01:35 - 2013-06-27 01:36 - 00009201 _____ C:\WINDOWS\KB2510531-IE8.log 2013-06-27 01:24 - 2013-06-27 01:24 - 00000000 __SHD C:\Documents and Settings\GaryT\IECompatCache 2013-06-27 01:17 - 2013-06-27 01:17 - 00000000 __SHD C:\Documents and Settings\NetworkService\IETldCache 2013-06-27 01:17 - 2013-06-27 01:17 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache 2013-06-27 01:16 - 2013-06-27 01:16 - 00000000 __SHD C:\Documents and Settings\GaryT\IETldCache 2013-06-27 01:13 - 2013-06-27 01:13 - 00078526 _____ C:\WINDOWS\KB2838727-IE8.log 2013-06-27 01:12 - 2013-06-27 01:13 - 00082117 _____ C:\WINDOWS\KB2744842-IE8.log 2013-06-27 01:12 - 2013-06-27 01:12 - 00085146 _____ C:\WINDOWS\KB2618444-IE8.log 2013-06-27 01:12 - 2013-05-07 18:30 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll 2013-06-27 01:11 - 2013-06-27 01:11 - 00074047 _____ C:\WINDOWS\KB2598845-IE8.log 2013-06-27 01:11 - 2013-06-27 01:11 - 00000000 ____D C:\WINDOWS\ie8updates 2013-06-27 01:11 - 2011-08-16 06:45 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iecompat.dll 2013-06-27 01:10 - 2013-06-27 01:17 - 00007481 _____ C:\WINDOWS\spupdsvc.log 2013-06-27 01:10 - 2013-06-27 01:11 - 00097071 _____ C:\WINDOWS\KB982381-IE8.log 2013-06-27 01:10 - 2013-05-07 18:30 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll 2013-06-27 01:10 - 2013-05-07 18:30 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll 2013-06-27 01:10 - 2013-05-07 18:30 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll 2013-06-27 01:09 - 2013-06-27 01:09 - 00000000 __HDC C:\WINDOWS\ie8 2013-06-27 01:08 - 2013-06-27 01:10 - 00087177 _____ C:\WINDOWS\ie8.log 2013-06-27 00:59 - 2013-06-27 01:13 - 00193368 _____ C:\WINDOWS\ie8_main.log 2013-06-26 20:53 - 2013-06-26 20:55 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-06-26 19:55 - 2013-06-26 19:54 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-06-26 19:55 - 2013-06-26 19:54 - 00144896 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2013-06-26 19:54 - 2013-06-26 19:54 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-06-26 19:54 - 2013-06-26 19:54 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-06-26 19:54 - 2013-06-26 19:54 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-06-26 19:54 - 2013-06-26 19:54 - 00000000 ____D C:\Program Files\Java 2013-06-26 19:25 - 2013-06-26 19:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2839229$ ==================== One Month Modified Files and Folders ======= 2013-07-21 18:16 - 2013-07-21 18:16 - 00000000 ____D C:\FRST 2013-07-21 18:16 - 2007-01-23 12:49 - 00000422 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{6B4B2B2E-0337-436A-93B3-0954C8510B04}.job 2013-07-21 18:15 - 2009-05-30 22:39 - 00000000 ____D C:\Program Files\SOS Online Backup 2013-07-21 18:14 - 2010-07-05 23:34 - 00000000 ____D C:\Documents and Settings\GaryT\My Documents\Malware Tools, Help & Removal 2013-07-21 18:11 - 2013-07-21 18:11 - 00891062 _____ C:\Documents and Settings\GaryT\Desktop\SecurityCheck.exe 2013-07-21 18:11 - 2005-07-17 21:28 - 00000000 ____D C:\Documents and Settings\GaryT\Desktop 2013-07-21 18:10 - 2013-07-21 18:10 - 01219874 _____ (Farbar) C:\Documents and Settings\GaryT\Desktop\FRST.exe 2013-07-21 18:10 - 2006-01-21 01:22 - 00000000 ____D C:\Documents and Settings\GaryT\Application Data\Skype 2013-07-21 18:00 - 2011-08-18 19:00 - 00000978 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1647877149-725345543-1003UA.job 2013-07-21 17:54 - 2010-02-02 21:24 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-21 16:36 - 2011-01-05 01:04 - 00032002 _____ C:\WINDOWS\SchedLgU.Txt 2013-07-21 16:00 - 2011-08-18 19:00 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1647877149-725345543-1003Core.job 2013-07-21 07:25 - 2009-04-24 01:53 - 00000000 ____D C:\Program Files\LogMeIn 2013-07-21 03:12 - 2009-05-30 22:43 - 00000440 _____ C:\WINDOWS\Tasks\SOS Online Backup - Driskill.job 2013-07-21 01:42 - 2011-01-05 01:02 - 01374469 _____ C:\WINDOWS\WindowsUpdate.log 2013-07-20 20:54 - 2010-02-02 21:24 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-20 01:53 - 2013-06-11 00:19 - 00054156 ____H C:\WINDOWS\QTFont.qfn 2013-07-20 01:38 - 2005-07-17 21:20 - 00000000 ____D C:\WINDOWS\system32\Restore 2013-07-20 01:35 - 2012-04-04 18:07 - 00692104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2013-07-20 01:35 - 2011-05-24 20:30 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2013-07-20 01:34 - 2005-07-19 22:20 - 00000000 ____D C:\Documents and Settings\GaryT\Local Settings\Application Data\Adobe 2013-07-20 01:34 - 2005-07-18 22:49 - 00000000 ____D C:\Documents and Settings\GaryT\My Documents\Download 2013-07-20 01:30 - 2011-01-05 01:04 - 00000159 _____ C:\WINDOWS\wiadebug.log 2013-07-20 01:30 - 2011-01-05 01:04 - 00000049 _____ C:\WINDOWS\wiaservc.log 2013-07-20 01:30 - 2009-01-06 17:38 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl 2013-07-20 01:30 - 2005-07-17 21:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-07-20 01:29 - 2006-02-19 23:17 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs 2013-07-20 01:28 - 2012-05-31 16:32 - 01482478 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-796845957-1647877149-725345543-1003-0.dat 2013-07-20 01:28 - 2012-05-31 16:32 - 00359102 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2013-07-20 01:28 - 2011-09-01 00:11 - 00393216 _____ C:\WINDOWS\system32\config\VPN.evt 2013-07-20 01:28 - 2008-12-28 23:52 - 00065536 _____ C:\WINDOWS\system32\config\TuneUp.evt 2013-07-20 01:28 - 2005-07-17 21:28 - 00000278 ___SH C:\Documents and Settings\GaryT\ntuser.ini 2013-07-20 01:27 - 2013-05-13 19:03 - 00002255 _____ C:\WINDOWS\setupapi.log 2013-07-20 01:19 - 2011-04-26 16:41 - 00000090 _____ C:\WINDOWS\QBChanUtil_Trigger.ini 2013-07-17 17:30 - 2013-06-10 02:27 - 00000000 ____D C:\Documents and Settings\GaryT\Desktop\New Folder 2013-07-16 22:36 - 2007-07-17 23:11 - 00002225 _____ C:\Documents and Settings\All Users\Desktop\SmartFTP Client.lnk 2013-07-15 09:48 - 2008-01-27 01:58 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2013-07-15 00:26 - 2006-12-16 05:04 - 00001840 ____H C:\Documents and Settings\GaryT\My Documents\Default.rdp 2013-07-13 02:10 - 2011-08-18 19:02 - 00002284 _____ C:\Documents and Settings\GaryT\Desktop\Google Chrome.lnk 2013-07-11 02:42 - 2013-07-11 02:42 - 00009733 _____ C:\WINDOWS\KB2850851.log 2013-07-11 02:42 - 2013-07-11 02:41 - 00009312 _____ C:\WINDOWS\KB2845187.log 2013-07-10 13:54 - 2009-03-20 01:33 - 00000000 ___RD C:\Program Files\Skype 2013-07-10 13:54 - 2006-01-21 01:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype 2013-07-09 22:56 - 2012-10-07 19:54 - 00000000 ____D C:\Documents and Settings\GaryT\My Documents\Medical 2013-07-02 01:32 - 2007-11-26 20:43 - 00000600 _____ C:\Documents and Settings\GaryT\Local Settings\Application Data\PUTTY.RND 2013-06-27 23:52 - 2005-07-23 01:23 - 00115536 _____ C:\Documents and Settings\GaryT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2013-06-27 23:51 - 2005-07-18 05:07 - 00391184 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-06-27 23:25 - 2010-07-12 14:03 - 00000000 ____D C:\WINDOWS\ERDNT 2013-06-27 01:36 - 2013-06-27 01:35 - 00009201 _____ C:\WINDOWS\KB2510531-IE8.log 2013-06-27 01:36 - 2013-05-15 18:45 - 00068752 _____ C:\WINDOWS\updspapi.log 2013-06-27 01:36 - 2013-05-15 18:32 - 00079934 _____ C:\WINDOWS\iis6.log 2013-06-27 01:36 - 2013-05-15 18:32 - 00073908 _____ C:\WINDOWS\FaxSetup.log 2013-06-27 01:36 - 2013-05-15 18:32 - 00035472 _____ C:\WINDOWS\ocgen.log 2013-06-27 01:36 - 2013-05-15 18:32 - 00033841 _____ C:\WINDOWS\tsoc.log 2013-06-27 01:36 - 2013-05-15 18:32 - 00024614 _____ C:\WINDOWS\comsetup.log 2013-06-27 01:36 - 2013-05-15 18:32 - 00022538 _____ C:\WINDOWS\msmqinst.log 2013-06-27 01:36 - 2013-05-15 18:32 - 00014917 _____ C:\WINDOWS\ntdtcsetup.log 2013-06-27 01:36 - 2013-05-15 18:32 - 00012996 _____ C:\WINDOWS\netfxocm.log 2013-06-27 01:36 - 2013-05-15 18:32 - 00005100 _____ C:\WINDOWS\MedCtrOC.log 2013-06-27 01:36 - 2013-05-15 18:32 - 00004104 _____ C:\WINDOWS\ocmsn.log 2013-06-27 01:36 - 2013-05-15 18:32 - 00003732 _____ C:\WINDOWS\tabletoc.log 2013-06-27 01:36 - 2013-05-15 18:32 - 00003636 _____ C:\WINDOWS\msgsocm.log 2013-06-27 01:36 - 2013-05-15 18:32 - 00001374 _____ C:\WINDOWS\imsins.log 2013-06-27 01:35 - 2005-07-23 00:41 - 00000000 ___HD C:\WINDOWS\$hf_mig$ 2013-06-27 01:24 - 2013-06-27 01:24 - 00000000 __SHD C:\Documents and Settings\GaryT\IECompatCache 2013-06-27 01:24 - 2005-07-17 21:28 - 00000000 ____D C:\Documents and Settings\GaryT 2013-06-27 01:17 - 2013-06-27 01:17 - 00000000 __SHD C:\Documents and Settings\NetworkService\IETldCache 2013-06-27 01:17 - 2013-06-27 01:17 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache 2013-06-27 01:17 - 2013-06-27 01:10 - 00007481 _____ C:\WINDOWS\spupdsvc.log 2013-06-27 01:17 - 2005-07-17 21:28 - 00000803 _____ C:\Documents and Settings\GaryT\Start Menu\Programs\Internet Explorer.lnk 2013-06-27 01:17 - 2005-07-17 21:27 - 00000000 __SHD C:\Documents and Settings\NetworkService 2013-06-27 01:17 - 2005-07-17 21:27 - 00000000 __SHD C:\Documents and Settings\LocalService 2013-06-27 01:16 - 2013-06-27 01:16 - 00000000 __SHD C:\Documents and Settings\GaryT\IETldCache 2013-06-27 01:16 - 2005-07-18 05:00 - 00000000 ____D C:\WINDOWS\Media 2013-06-27 01:16 - 2005-07-18 05:00 - 00000000 ____D C:\WINDOWS\Help 2013-06-27 01:13 - 2013-06-27 01:13 - 00078526 _____ C:\WINDOWS\KB2838727-IE8.log 2013-06-27 01:13 - 2013-06-27 01:12 - 00082117 _____ C:\WINDOWS\KB2744842-IE8.log 2013-06-27 01:13 - 2013-06-27 00:59 - 00193368 _____ C:\WINDOWS\ie8_main.log 2013-06-27 01:13 - 2013-05-15 18:32 - 00001374 _____ C:\WINDOWS\imsins.BAK 2013-06-27 01:12 - 2013-06-27 01:12 - 00085146 _____ C:\WINDOWS\KB2618444-IE8.log 2013-06-27 01:11 - 2013-06-27 01:11 - 00074047 _____ C:\WINDOWS\KB2598845-IE8.log 2013-06-27 01:11 - 2013-06-27 01:11 - 00000000 ____D C:\WINDOWS\ie8updates 2013-06-27 01:11 - 2013-06-27 01:10 - 00097071 _____ C:\WINDOWS\KB982381-IE8.log 2013-06-27 01:10 - 2013-06-27 01:08 - 00087177 _____ C:\WINDOWS\ie8.log 2013-06-27 01:09 - 2013-06-27 01:09 - 00000000 __HDC C:\WINDOWS\ie8 2013-06-26 20:55 - 2013-06-26 20:53 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-06-26 20:55 - 2012-05-04 19:37 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-06-26 19:54 - 2013-06-26 19:55 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-06-26 19:54 - 2013-06-26 19:55 - 00144896 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2013-06-26 19:54 - 2013-06-26 19:54 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-06-26 19:54 - 2013-06-26 19:54 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-06-26 19:54 - 2013-06-26 19:54 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-06-26 19:54 - 2013-06-26 19:54 - 00000000 ____D C:\Program Files\Java 2013-06-26 19:54 - 2012-08-15 21:34 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\system32\npdeployJava1.dll 2013-06-26 19:54 - 2010-05-14 01:08 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll 2013-06-26 19:27 - 2013-06-11 21:29 - 00111556 _____ C:\WINDOWS\KB2838727-IE7.log 2013-06-26 19:26 - 2013-06-26 19:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2839229$ 2013-06-26 19:26 - 2013-06-11 21:29 - 00013283 _____ C:\WINDOWS\KB2839229.log 2013-06-26 19:17 - 2005-07-23 00:45 - 73381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe Files to move or delete: ==================== C:\Documents and Settings\All Users\Uninst.exe C:\Documents and Settings\GaryT\DimdimSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-07-2013 Ran by GaryT at 2013-07-21 18:17:46 Running from C:\Documents and Settings\GaryT\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 3114 SATARAID5 500e (Version: 1.13.00) ABBYY FineReader 5.0 Sprint (Version: 5.0.0.3412) Adobe Acrobat 9 Standard - English, Français, Deutsch (Version: 9.5.5) Adobe Acrobat 9.5.5 - CPSID_83708 Adobe AIR (Version: 3.5.0.1060) Adobe ConnectNow Adobe ConnectNow Add-in Adobe Flash Player 11 ActiveX (Version: 11.1.102.55) Adobe Flash Player 11 Plugin (Version: 11.8.800.94) Adobe Shockwave Player 11 (Version: 11) Advanced Find and Replace v5.1 (Version: 5.1) AMD CPUInfo (Version: 3.0.1.0031) AMD Power Monitor (Version: 1.3.1.0016) AMD Processor Driver (Version: 1.3.2.0053) Apple Software Update (Version: 2.0.2.92) Brother BRAdmin Professional 2.51 (Version: 2.51) Brother HL-5170DN Camera Window DS (Version: 5.0) Camera Window DVC (Version: 5.0) Camera Window MC (Version: 5.0) Camtasia Studio 7 (Version: 7.1.1) Canon Camera Support Core Library (Version: 7.1.0.11) Canon Camera Window DS for ZoomBrowser EX (Version: 5.0) Canon Camera Window DVC for ZoomBrowser EX (Version: 5.0) Canon Camera Window for ZoomBrowser EX (Version: 5.0) Canon i950 Canon MovieEdit Task for ZoomBrowser EX (Version: 1.2.0.21) Canon PhotoRecord (Version: 02.00.00029) Canon RAW Image Task for ZoomBrowser EX (Version: 0.9.2) Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.1) Canon Utilities Easy-PhotoPrint Canon ZoomBrowser EX (Version: 5.00.0000) CCleaner (Version: 4.01) Cisco AnyConnect VPN Client (Version: 2.5.3055) Cisco Network Magic (Version: 5.5.09195.0) Cisco Unified Presenter Add-in 6x5 ClickTracks Hosted Viewer (Version: 6.1.3) Cole2k Media - Codec Pack (Advanced) 7.1.0 Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000) Constant Contact QuickImport - Outlook (HKCU Version: 1.0) Corel Photo Album 6 (Version: 6.33) Critical Security Update Critical Update for Windows Media Player 11 (KB959772) CSS eXplorer (Version: 1.0.0) Cypress USB Mass Storage Driver Installation del.icio.us Buttons for Internet Explorer (Version: 1.0.8) DeVilbiss Remote Control (Version: 1.3.0.0) DH Driver Cleaner.NET (Version: 3.2.0.6) Directory Submitter 1.0.29 DivX (Version: 6.0) DivX Player (Version: 6.0) Domain Samurai (Version: 0.03.18) DriverMax 5 (Version: 5.31.0.560) Dropbox (HKCU Version: 1.4.7) Dual-Core Optimizer (Version: 1.1.4.0169) EPSON Copy Utility 3 (Version: 3.0.2.0) EPSON Perf 2480 - 2580 Guide EPSON Scan EPSON Smart Panel eReg (Version: 1.20.138.34) erLT (Version: 1.20.0137) ESET NOD32 Antivirus (Version: 6.0.316.0) EVEREST Ultimate Edition v5.02 (Version: 5.02) Evernote v. 4.5.10 (Version: 4.5.10.7472) Family Tree Maker 2011 (Version: 20.0.379) Flash Decompiler Trillix (Version: 3.0) Free Easy Burner V 3.8 Google AdWords Editor (Version: 7.0.0) Google Chrome (HKCU Version: 28.0.1500.72) Google Toolbar for Internet Explorer (Version: 1.0.0) Google Toolbar for Internet Explorer (Version: 7.5.4209.2358) Google Update Helper (Version: 1.3.21.153) GoToMeeting 5.4.0.1082 (HKCU Version: 5.4.0.1082) GSiteCrawler (Version: v1.23) GTK+ 2.10.6-1 runtime environment HighMAT Extension to Microsoft Windows XP CD Writing Wizard (Version: 1.1.1905.1) HP eServices Local Prints and Save (Version: 1.00.0007) HP Scrawlr (Version: 1.0.133.4) InfraRecorder Internet Explorer Q903235 Intra.Net 4.x Components IrfanView (remove only) iTunes (Version: 6.0.2.23) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) Jawbone Updater (Version: 0.1) join.me (HKCU Version: 1.9.1.204) Keyword Cloud Generator 1.0.21 LightScribe 1.4.136.1 (Version: 1.4.136.1) Likno Web Button Maker (Version: 2.0.144) Localizer Leads Tool (Version: 3.5.2) Logitech Audio Echo Cancellation Component (Version: 10.51.2027) Logitech QuickCam (Version: 10.51.2029) Logitech SetPoint 6.50 (Version: 6.50.152) Logitech Solar App 1.0 (Version: 1.00.46) Logitech Video Enumerator (Version: 10.51.2027) Logitech® Camera Driver LogMeIn (Version: 4.0.784) LtMoh_MARS Macromedia Dreamweaver 8 (Version: 8.0.2) Macromedia Extension Manager (Version: 1.7.240) Macromedia Flash 8 (Version: 8.00.0000) Macromedia Flash 8 Video Encoder (Version: 1.00.0000) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Market Samurai (Version: 0.92.54) MediaInfo 0.7.5.3 (Version: 0.7.5.3) MediaLife Memory Zipper Plus 7.11 (Version: 7.11.1) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729) Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1) Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft National Language Support Downlevel APIs Microsoft Office 2003 Primary Interop Assemblies (Version: 11.0.6553.0) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1) Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0) Microsoft Office Project Standard 2003 (Version: 11.0.8173.0) Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0) Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0) Mirage Driver 1.1 (Version: 1.1) Mix-FX (Version: ) MovieEdit Task (Version: 1.2.0.21) Moyea Flash Video MX Pro Version: 5.0.16.932 Moyea Flash Video MX Pro Version: 6.0.2.1174 Moyea FLV Downloader version 1.15.0.15 Moyea FLV Player version 1.5.2.7 Moyea FLV to Video Converter Pro 3 Version: 3.0.6.0 Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0) Mozilla Maintenance Service (Version: 22.0) MSI DigiCell (Version: 2.1.2.11) MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0) MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0) MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0) MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0) MVision (Version: 10.51.2027) MyPublisher BookMaker Netsparker [Community Edition] - Web Application Security Scanner Network Magic (Version: 5.5.9195.0) Nmap 4.85BETA5 Notepad++ (Version: 5.7) NVIDIA Drivers (Version: 1.5) OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0) Paint.NET v3.5.10 (Version: 3.60.0) Paros 3.2.13 Passpack DESKTOP (Version: 2.0.2) PerfectDisk 10 Professional (Version: 10.0.129) PhotoImpression 5 PingPlotter Standard 3.30.0s (Version: 3.30.0s) PlexTools Professional V2.28 (Version: 2.28.0000) Pure Networks Platform (Version: 11.2.09195.1) QuickBooks (Version: 22.0.4014.2206) QuickBooks Pro 2012 (Version: 22.0.4014.2206) Quicken 2006 (Version: 15.1.1.29) Quicken WillMaker Plus 2006 QuickTime (Version: 7.4.0.91) RAW Image Task (Version: 0.9.2) RawShooter essentials 2005 (Version: 1.1.3) Realtek AC'97 Audio (Version: 5.36) Recuva (remove only) RemoteCapture Task 1.1 (Version: 1.1) Report Viewer 2.3 Revo Uninstaller Pro 3.0.5 (Version: 3.0.5) Roxio Content 9 (Version: 9.0.021) Roxio Drag-to-Disc (Version: 9.0) Roxio Easy Media Creator 9 Suite (Version: 9.0.088) Roxio Media Experience (Version: 3.5) Roxio Update Manager (Version: 6.0.0) Savings Bond Wizard ScanToWeb SeaTools for Windows (Version: 1.2.0.5) Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (Version: 6.2.0) Skype Click to Call (Version: 6.9.12585) Skype™ 6.6 (Version: 6.6.106) SmartFTP Client (Version: 4.0.1239.0) SmartFTP Client 3.0 Setup Files (remove only) (Version: 3.0) SmartFTP Client 4.0 Setup Files (remove only) (Version: 4.0) SmartLink Desktop (Version: 2.4.1) Snagit 10.0.1 (Version: 10.0.1) SnagIt Studio (Version: 8.0.1) SOS Online Backup (Version: 4.0.10.3) Speccy (Version: 1.21) StuffIt Expander 2009 (Version: 13.0.1) Sumopaint Pro (Version: 5.0.4) SupportSoft Assisted Service (Version: 15) System Requirements Lab TeamViewer 6 (Version: 6.0.11656) Time Zone Data Update Tool for Microsoft Office Outlook (Version: 12.0.4518.1029) TuneUp Utilities 2013 (Version: 13.0.3020.7) TuneUp Utilities Language Pack (en-US) (Version: 12.0.3600.104) TuneUp Utilities Language Pack (en-US) (Version: 13.0.3020.7) ubCore (Version: 4.0) UEStudio '10.30 (Version: 10.30.2) UltraCompare v7.20 (Version: 7.0.97) UltraSentry (Version: 1.0.28) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Windows Internet Explorer 7 (KB976749) (Version: 1) Update for Windows Internet Explorer 7 (KB980182) (Version: 1) Update for Windows Internet Explorer 8 (KB2598845) (Version: 1) Update for Windows XP (KB2141007) (Version: 1) Update for Windows XP (KB2345886) (Version: 1) Update for Windows XP (KB2467659) (Version: 1) Update for Windows XP (KB2541763) (Version: 1) Update for Windows XP (KB2616676-v2) (Version: 2) Update for Windows XP (KB2641690) (Version: 1) Update for Windows XP (KB2661254-v2) (Version: 2) Update for Windows XP (KB2718704) (Version: 1) Update for Windows XP (KB2736233) (Version: 1) Update for Windows XP (KB2749655) (Version: 1) Update for Windows XP (KB951072-v2) (Version: 2) Update for Windows XP (KB951978) (Version: 1) Update for Windows XP (KB955759) (Version: 1) Update for Windows XP (KB955839) (Version: 1) Update for Windows XP (KB967715) (Version: 1) Update for Windows XP (KB968389) (Version: 1) Update for Windows XP (KB971029) (Version: 1) Update for Windows XP (KB971737) (Version: 1) Update for Windows XP (KB973687) (Version: 1) Update for Windows XP (KB973815) (Version: 1) USB Storage Adapter FX (SM1) User Profile Hive Cleanup Service (Version: 1.6.36) Visual Studio 2005 Tools for Office Second Edition Runtime Web CEO 9.1 (Version: 9.1) WebEx WebFldrs XP (Version: 9.50.6513) Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0) Windows Imaging Component (Version: 3.0.0.0) Windows Installer Clean Up (Version: 3.00.00.0000) Windows Internet Explorer 8 (Version: 20090308.140743) Windows Live Sign-in Assistant (Version: 5.000.818.6) Windows Media Encoder 9 Series Windows Media Encoder 9 Series (Version: 9.00.2980) Windows Media Format 11 runtime Windows Resource Kit Tools - SubInAcl.exe (Version: 5.2.3790.1164) Windows XP Service Pack 3 (Version: 20080414.031525) WinMerge 2.12.4 (Version: 2.12.4) winpcap-nmap 4.02 WinZip 15.0 (Version: 15.0.9411) WSI Power Search XML Paper Specification Shared Components Pack 1.0 XSitePro2 (Version: 2.061) XviD MPEG-4 Codec Yugma (Version: 1.0) Yugma (Version: 4.1.3.2) ==================== Restore Points ========================= 20-07-2013 05:38:17 System Checkpoint 21-07-2013 05:41:40 System Checkpoint ==================== Hosts content: ========================== 2012-08-09 02:06 - 2013-06-07 18:42 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1647877149-725345543-1003Core.job => C:\Documents and Settings\GaryT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1647877149-725345543-1003UA.job => C:\Documents and Settings\GaryT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\SOS Online Backup - Driskill.job => c:\program files\sos online backup\sosuploadagent.exe Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{6B4B2B2E-0337-436A-93B3-0954C8510B04}.job => C:\WINDOWS\system32\msfeedssync.exe ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/21/2013 03:12:16 AM) (Source: MSSOAP) (User: ) Description: Soap error: One of the parameters supplied is invalid.. Error: (07/21/2013 03:12:16 AM) (Source: MSSOAP) (User: ) Description: Soap error: Loading of the WSDL file failed. Error: (07/21/2013 03:12:16 AM) (Source: MSSOAP) (User: ) Description: Soap error: XML Parser failed at linenumber 0, lineposition 0, reason is: System error: -2146697210. . Error: (07/20/2013 09:23:12 PM) (Source: crypt32) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error: (07/20/2013 09:23:12 PM) (Source: crypt32) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (07/20/2013 09:23:12 PM) (Source: crypt32) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error: (07/20/2013 09:23:12 PM) (Source: crypt32) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (07/20/2013 09:23:11 PM) (Source: crypt32) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error: (07/20/2013 09:23:11 PM) (Source: crypt32) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (07/20/2013 09:23:11 PM) (Source: crypt32) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. System errors: ============= Error: (07/20/2013 01:30:35 AM) (Source: Service Control Manager) (User: ) Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started. Error: (07/20/2013 01:30:35 AM) (Source: Service Control Manager) (User: ) Description: The Parallel port driver service failed to start due to the following error: %%1058 Error: (07/20/2013 01:30:09 AM) (Source: NETLOGON) (User: ) Description: This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration. Error: (07/18/2013 00:31:27 AM) (Source: Print) (User: GTD-DESKTOP) Description: The document ALLDATAdiy.com - 2004 Mercury Truck Mountaineer 2WD V8-4.6L SOHC VIN W - Body - Rear Door Window Stuck In Up Position/Inoperative owned by GaryT failed to print on printer Brother HL-5170DN series. Data type: NT EMF 1.008. Size of the spool file in bytes: 847632. Number of bytes printed: 0. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\GTD-DESKTOP. Win32 error code returned by the print processor: ALLDATAdiy.com - 2004 Mercury Truck Mountaineer 2WD V8-4.6L SOHC VIN W - Body - Rear Door Window Stuck In Up Position/Inoperative0. ALLDATAdiy.com - 2004 Mercury Truck Mountaineer 2WD V8-4.6L SOHC VIN W - Body - Rear Door Window Stuck In Up Position/Inoperative1 Error: (07/15/2013 11:59:37 AM) (Source: Dhcp) (User: ) Description: The IP address lease 192.168.1.103 for the Network Card with network address 0013D3632A27 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error: (07/13/2013 11:59:34 AM) (Source: Dhcp) (User: ) Description: The IP address lease 192.168.1.103 for the Network Card with network address 0013D3632A27 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error: (07/12/2013 11:59:30 AM) (Source: Dhcp) (User: ) Description: The IP address lease 192.168.1.106 for the Network Card with network address 0013D3632A27 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error: (07/11/2013 02:42:59 AM) (Source: Print) (User: GTD-DESKTOP) Description: The document Helprx.info | Apidra owned by GaryT failed to print on printer Brother HL-5170DN series. Data type: NT EMF 1.008. Size of the spool file in bytes: 5373952. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\GTD-DESKTOP. Win32 error code returned by the print processor: Helprx.info | Apidra0. Helprx.info | Apidra1 Error: (07/01/2013 11:59:46 PM) (Source: Service Control Manager) (User: ) Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started. Error: (07/01/2013 11:59:46 PM) (Source: Service Control Manager) (User: ) Description: The Parallel port driver service failed to start due to the following error: %%1058 Microsoft Office Sessions: ========================= Error: (07/21/2013 03:12:16 AM) (Source: MSSOAP)(User: ) Description: One of the parameters supplied is invalid. Error: (07/21/2013 03:12:16 AM) (Source: MSSOAP)(User: ) Description: Loading of the WSDL file failed Error: (07/21/2013 03:12:16 AM) (Source: MSSOAP)(User: ) Description: XML Parser failed at linenumber 0, lineposition 0, reason is: System error: -2146697210. Error: (07/20/2013 09:23:12 PM) (Source: crypt32)(User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist. Error: (07/20/2013 09:23:12 PM) (Source: crypt32)(User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (07/20/2013 09:23:12 PM) (Source: crypt32)(User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist. Error: (07/20/2013 09:23:12 PM) (Source: crypt32)(User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (07/20/2013 09:23:11 PM) (Source: crypt32)(User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist. Error: (07/20/2013 09:23:11 PM) (Source: crypt32)(User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (07/20/2013 09:23:11 PM) (Source: crypt32)(User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist. ==================== Memory info =========================== Percentage of memory in use: 28% Total physical RAM: 3455.46 MB Available physical RAM: 2464.57 MB Total Pagefile: 4827.91 MB Available Pagefile: 3868.61 MB Total Virtual: 2047.88 MB Available Virtual: 1947.46 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:186.3 GB) (Free:43.49 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 186 GB) (Disk ID: FFFFFFFF) Partition 1: (Active) - (Size=186 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Security Check Results of screen317's Security Check version 0.99.70 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! ESET NOD32 Antivirus 6.0 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 TuneUp Utilities 2013 TuneUp Utilities Language Pack (en-US) TuneUp Utilities 2013 CCleaner DH Driver Cleaner.NET Java 7 Update 25 Adobe Flash Player 11.8.800.94 Mozilla Firefox (Firefox,. Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 4% ````````````````````End of Log``````````````````````
  3. Hello, I noticed earlier today that my Malwarebytes Pro task bar icon was gray. I checked it and the "enable malicious website blocking" had been turned off. I tried but was unable to turn it back on. I then rebooted my machine (Windows XP) and restarted Malwarebytes Pro. At this point I was able to turn "Enable Malicious Website Blocking" back on. I also noticed the Windows System Restore had be turned off. Again, I was able to turn it back on. Things seem ok now, but since something was obviously messing with my system should I run some types of scans? Your assistance is appreciated Thanks, Gary
  4. First class support. Thanks MrCharlie

  5. MrC, I ran it in Safe Mode. Here is the Security Check Log: Results of screen317's Security Check version 0.99.68 Windows XP Service Pack 3 x86 Internet Explorer 7 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! ESET NOD32 Antivirus 6.0 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 TuneUp Utilities 2013 TuneUp Utilities Language Pack (en-US) TuneUp Utilities 2013 CCleaner DH Driver Cleaner.NET Java 7 Update 25 Adobe Flash Player 11.7.700.224 Mozilla Firefox (Firefox,. Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 5% ````````````````````End of Log`````````````````````` I went ahead and updated Firefox (I was just one (1) version behind) Thanks, Gary
  6. MrC, Secuity Check gives me an "Unsupported Operating System" message. I am running Win XP. Any ideas? Thanks, Gary
  7. MrC, Here is the Junkware Removal Log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Microsoft Windows XP x86 Ran by GaryT on Thu 06/20/2013 at 23:31:15.32 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4CD1F1ED-DC61-4307-B83A-9A7655ACC89F} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{646F9139-5B3D-4A8A-A2B4-5E4C8E6CC4E8} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6F26AA37-D892-434B-AFAC-9133A645145B} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F4E5CAF5-554C-4CC8-A163-523E5129A54D} ~~~ Files Successfully deleted: [File] "C:\WINDOWS\system32\turegopt.exe" Successfully deleted: [File] C:\eula.1028.txt Successfully deleted: [File] C:\eula.1031.txt Successfully deleted: [File] C:\eula.1033.txt Successfully deleted: [File] C:\eula.1036.txt Successfully deleted: [File] C:\eula.1040.txt Successfully deleted: [File] C:\eula.1041.txt Successfully deleted: [File] C:\eula.1042.txt Successfully deleted: [File] C:\eula.2052.txt Successfully deleted: [File] C:\install.res.1028.dll Successfully deleted: [File] C:\install.res.1031.dll Successfully deleted: [File] C:\install.res.1033.dll Successfully deleted: [File] C:\install.res.1036.dll Successfully deleted: [File] C:\install.res.1040.dll Successfully deleted: [File] C:\install.res.1041.dll Successfully deleted: [File] C:\install.res.1042.dll Successfully deleted: [File] C:\install.res.2052.dll Successfully deleted: [File] C:\install.res.3082.dll ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\systweak" Successfully deleted: [Folder] "C:\Documents and Settings\GaryT\Application Data\systweak" Successfully deleted: [Folder] "C:\Documents and Settings\GaryT\Local Settings\Application Data\systweak" ~~~ FireFox Successfully deleted: [File] C:\Documents and Settings\GaryT\Application Data\mozilla\firefox\profiles\1llhjzre.default\user.js Successfully deleted: [Folder] C:\Documents and Settings\GaryT\Application Data\mozilla\firefox\profiles\1llhjzre.default\extensions\LogMeInClient@logmein(2).com Successfully deleted: [Folder] C:\Documents and Settings\GaryT\Application Data\mozilla\firefox\profiles\1llhjzre.default\extensions\LogMeInClient@logmein.com Successfully deleted the following from C:\Documents and Settings\GaryT\Application Data\mozilla\firefox\profiles\1llhjzre.default\prefs.js user_pref("extensions.seoquake.params.108.icon", "AAABAAIAEBAAAAAAAABoBQAAJgAAACAgAAAAAAAAqAgAAI4FAAAoAAAAEAAAACAAAAABAAgAAAAAAEABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///wAGgvsA63YdA user_pref("extensions.seoquake.params.20.icon", "AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAMQOAADEDgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA user_pref("extensions.seoquake.params.21.icon", "AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAMQOAADEDgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA user_pref("extensions.seoquake.params.22.icon", "AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAMQOAADEDgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA user_pref("extensions.seoquake.params.23.icon", "AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAMQOAADEDgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 06/20/2013 at 23:35:43.26 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks, Gary
  8. MrCharlie, Here is the Adware log: # AdwCleaner v2.303 - Logfile created 06/10/2013 at 23:53:24 # Updated 08/06/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : GaryT - GTD-DESKTOP # Boot Mode : Normal # Running from : C:\Documents and Settings\GaryT\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Found : HKCU\Software\YahooPartnerToolbar ***** [internet Browsers] ***** -\\ Internet Explorer v7.0.6000.21335 [OK] Registry is clean. -\\ Mozilla Firefox v21.0 (en-US) File : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\4qu1wovc.default\prefs.js [OK] File is clean. File : C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\prefs.js [OK] File is clean. -\\ Google Chrome v27.0.1453.110 File : C:\Documents and Settings\GaryT\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1067 octets] - [10/06/2013 23:53:24] AdwCleaner[s1].txt - [3608 octets] - [30/04/2013 04:31:48] Don't think it found anyting. Thanks, Gary
  9. MrCharlie, Sorry for the delay. Here is the ComboFix report: ComboFix 13-06-07.03 - GaryT 06/07/2013 18:30:54.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3455.2658 [GMT -4:00] Running from: c:\documents and settings\GaryT\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\EventSystem.log . . ((((((((((((((((((((((((( Files Created from 2013-05-07 to 2013-06-07 ))))))))))))))))))))))))))))))) . . 2013-06-03 02:37 . 2013-06-03 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-06-03 02:36 . 2013-06-03 02:36 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-05-13 05:25 . 2013-05-13 05:25 -------- d-----w- c:\documents and settings\GaryT\Local Settings\Application Data\Sun 2013-05-13 03:36 . 2013-05-13 03:36 -------- d-----w- c:\program files\Common Files\Java 2013-05-13 03:36 . 2013-05-13 03:35 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-05-13 03:36 . 2013-05-13 03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-05-13 03:35 . 2013-05-13 03:35 -------- d-----w- c:\program files\Java . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-27 22:02 . 2012-04-04 22:07 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-27 22:02 . 2011-05-25 00:30 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-13 03:35 . 2012-08-16 01:34 866720 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-05-13 03:35 . 2010-05-14 05:08 788896 ----a-w- c:\windows\system32\deployJava1.dll 2013-04-16 21:59 . 2005-04-27 14:54 841216 ----a-w- c:\windows\system32\wininet.dll 2013-04-16 21:59 . 2003-03-31 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2013-04-16 21:59 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2013-04-16 21:59 . 2003-03-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2013-04-12 23:28 . 2004-08-04 05:59 389120 ----a-w- c:\windows\system32\html.iec 2013-04-10 01:31 . 2009-05-11 00:18 1876352 ----a-w- c:\windows\system32\win32k.sys 2013-04-04 18:50 . 2011-01-05 17:12 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-31 20:13 . 2009-11-02 08:13 44 ---h--w- c:\program files\dd2c2250.tmp 2003-08-27 18:19 . 2005-08-07 18:05 36963 ----a-w- c:\program files\Common Files\SM1updtr.dll 2012-02-23 21:09 . 2013-05-19 04:44 113976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2012-02-23 21:09 . 2013-05-19 04:44 449848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll 2011-03-03 18:52 . 2013-05-19 04:44 46392 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll 2011-03-03 18:52 . 2013-05-19 04:44 99208 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2010-03-31 15:09 . 2013-05-19 04:44 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll 2010-04-08 16:35 . 2013-05-19 04:44 9822960 ----a-r- c:\program files\mozilla firefox\plugins\ScorchAxPlugin.dll 2010-04-08 17:36 . 2013-05-19 04:44 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId] @="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}" [HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}] 2009-04-21 09:17 233472 ------w- c:\program files\SOS Online Backup\CtxMenu_1_0_0_10.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\documents and settings\GaryT\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\documents and settings\GaryT\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\documents and settings\GaryT\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\documents and settings\GaryT\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 68856] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 5078504] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2013-03-01 2778424] "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\windows\system32\logonui.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2010-06-10 00:08 87424 ----a-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0sasnative32 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Intuit Data Protect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk backup=c:\windows\pss\Intuit Data Protect.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk backup=c:\windows\pss\QuickBooks_Standard_21.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^GaryT^Start Menu^Programs^Startup^Dropbox.lnk] path=c:\documents and settings\GaryT\Start Menu\Programs\Startup\Dropbox.lnk backup=c:\windows\pss\Dropbox.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^GaryT^Start Menu^Programs^Startup^EvernoteClipper.lnk] path=c:\documents and settings\GaryT\Start Menu\Programs\Startup\EvernoteClipper.lnk backup=c:\windows\pss\EvernoteClipper.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^GaryT^Start Menu^Programs^Startup^Jawbone Updater.lnk] path=c:\documents and settings\GaryT\Start Menu\Programs\Startup\Jawbone Updater.lnk backup=c:\windows\pss\Jawbone Updater.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6] 2012-10-06 08:16 1843512 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2005-08-11 20:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2008-10-24 14:14 79136 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] 2007-02-08 05:12 488984 ----a-w- c:\program files\Common Files\Logishrd\LComMgr\Communications_Helper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2007-02-08 05:13 774168 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI] 2008-07-24 22:46 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG] 2003-07-14 14:52 40960 ----a-w- c:\windows\ltmsg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp] 2009-07-08 06:53 472112 ----a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth] 2009-07-07 18:48 647216 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2007-04-16 19:28 577536 ----a-w- c:\windows\soundman.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "MemoryZipperPlus"="c:\program files\Memzip\memzip.exe" "DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" -agent "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "LiveMonitor"=c:\program files\MSI\Live Update 3\LMonitor.exe "Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "bwprnmon.exe"=c:\bitware\NT\bwprnmon.exe "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" "SoundMan"=SOUNDMAN.EXE "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" "DMXLauncher"="c:\program files\Roxio\Media Experience\DMXLauncher.exe" "NVRaidService"="c:\windows\System32\nvraidservice.exe" "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" "SM1BG"="c:\windows\SM1BG.EXE" "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\Savings Bond Wizard\\SBWizard.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Web CEO\\BIN\\webceo.exe"= "c:\\Program Files\\Web CEO\\BIN\\wsceokrnl.dll"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Paros\\IEEmbed.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Documents and Settings\\GaryT\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"= "c:\\Program Files\\Jawbone\\JawboneUpdater.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "67:UDP"= 67:UDP:DHCP Discovery Service . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/14/2012 9:40 AM 122240] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/14/2012 9:40 AM 105784] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [3/21/2013 3:19 PM 1341664] R2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe [10/26/2010 5:25 PM 319568] R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [6/14/2011 11:55 PM 12216] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/12/2012 7:13 PM 418376] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [3/15/2009 4:13 PM 34064] R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [10/12/2009 2:46 AM 45824] R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [8/19/2011 9:31 PM 1248256] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1/31/2013 5:35 AM 1724192] R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [7/27/2005 5:25 PM 14080] R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [7/27/2005 5:25 PM 36352] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [9/22/2011 2:43 PM 645048] R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 5:43 PM 31896] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 1:30 PM 43704] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 1:30 PM 12216] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/5/2011 1:12 PM 22856] R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [10/12/2009 2:46 AM 56960] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [9/18/2012 4:02 PM 10088] R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [7/27/2005 5:25 PM 77056] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/5/2011 1:12 PM 701512] S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [1/31/2013 10:38 AM 3289208] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 6:45 PM 161384] S3 FileShd;FileShd;c:\windows\system32\drivers\fileshd2.sys [9/10/2007 4:13 PM 69888] S3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;c:\windows\system32\drivers\libusb0.sys [5/13/2011 12:17 AM 42592] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [6/2/2013 10:36 PM 35144] S3 PCAlertDriver;PCAlertDriver;c:\program files\MSI\Core Center\NTGLM7X.SYS [10/2/2005 1:15 AM 22432] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [7/11/2010 1:36 AM 27064] . --- Other Services/Drivers In Memory --- . *Deregistered* - uphcleanhlp . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder . 2013-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57] . 2013-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 01:24] . 2013-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 01:24] . 2013-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1647877149-725345543-1003Core.job - c:\documents and settings\GaryT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-18 23:00] . 2013-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1647877149-725345543-1003UA.job - c:\documents and settings\GaryT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-18 23:00] . 2013-06-07 c:\windows\Tasks\SOS Online Backup - Driskill.job - c:\program files\sos online backup\sosuploadagent.exe [2009-04-28 06:38] . 2013-06-07 c:\windows\Tasks\User_Feed_Synchronization-{6B4B2B2E-0337-436A-93B3-0954C8510B04}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 16:58] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://cm.my.yahoo.com/?rd=nux uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204 IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html Trusted Zone: microsoft.com\drmlicense.one TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 38.116.38.49 DPF: NetGUI - hxxp://www.gomeetnow.com/client/window/1,0,1,69/ActiveXInstaller.CAB DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB DPF: {02FFCFC3-C28F-4ED9-954B-1BAC9FD77E12} - hxxp://webstream.intra.net/media/xflux3.cab DPF: {16C698C4-4BE0-4CDF-B777-39276A95F58F} - hxxp://meeting.zoho.com/login/ActivexViewer.jsp DPF: {54D53429-945C-4188-B460-C81356541882} - hxxp://photosmart.hpphoto.com/Download/HPeServicesLocalPrint.CAB DPF: {56426D1F-A2BB-4195-8555-CCE6533F81E8} - hxxp://meeting.zoho.com/login/Agent.jsp DPF: {7BC974EF-A718-4A17-B77E-4C8DBC327AFA} - hxxps://secure.voloper.net/editor.cab DPF: {7DD82D6B-3553-470B-8D1E-D5C7086478A7} - hxxps://merchantaccount.quickbooks.com/sync/QBMASSyncCom2_2005.cab DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} - hxxp://www.contentpurity.com/xp/ScanFilexp.CAB DPF: {87651085-BCBF-4281-B8F7-1F6E56E92515} - hxxp://meeting.zoho.com/login/Agent.jsp DPF: {B7039D87-D648-4431-BA87-C3A04E6111DA} - hxxps://67.43.9.72:4643/vz/ssh/wodTelnetDLX.cab DPF: {D5382F3F-32AA-41E1-9FFF-5D1EFAC80D40} - hxxp://contentpurity.com/members/FileClean.CAB DPF: {F21AC8A4-4322-11D6-8EBE-0001023D1A2A} - hxxps://merchantaccount.quickbooks.com/recurchrg/IntuitRecurPayCom.cab DPF: {F8A9F96F-8375-4596-BD89-EEAE2781D810} - hxxps://merchantaccount.quickbooks.com/sync/QBMASSyncCom1.cab FF - ProfilePath - c:\documents and settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - web.ebuddy.com|hxxp://www.netvibes.com/ FF - ExtSQL: !HIDDEN! 2011-07-10 18:12; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-06-07 18:43 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(936) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\windows\system32\LMIinit.dll . Completion time: 2013-06-07 18:45:14 ComboFix-quarantined-files.txt 2013-06-07 22:44 . Pre-Run: 49,955,500,032 bytes free Post-Run: 49,950,998,528 bytes free . - - End Of File - - DC8B1119620991C832B93026C3E856A5 8F558EB6672622401DA993E1E865C861 Thanks, Gary
  10. MrCharllie, Thanks. I ran MBAR and it found nothing. Here are the logs: Malwarebytes Anti-Rootkit BETA 1.06.0.1003 www.malwarebytes.org Database version: v2013.06.03.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.11 GaryT :: GTD-DESKTOP [administrator] 6/2/2013 10:37:18 PM mbar-log-2013-06-02 (22-37-18).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: Deep Anti-Rootkit Scan | PUP Objects scanned: 232353 Time elapsed: 13 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1003 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 7.0.5730.11 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.210000 GHz Memory total: 3623317504, free: 2791817216 Downloaded database version: v2013.06.03.01 Downloaded database version: v2013.05.22.01 Initializing... ------------ Kernel report ------------ 06/02/2013 22:37:08 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\System32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys ohci1394.sys \WINDOWS\System32\DRIVERS\1394BUS.SYS MountMgr.sys ftdisk.sys dmload.sys dmio.sys nvraid.sys \WINDOWS\system32\drivers\CLASSPNP.SYS PartMgr.sys VolSnap.sys nvatabus.sys Si3114r5.sys \WINDOWS\System32\DRIVERS\SCSIPORT.SYS nvata.sys disk.sys fltmgr.sys drvmcdb.sys SiWinAcc.sys PxHelp20.sys KSecDD.sys Ntfs.sys NDIS.sys SiRemFil.sys Mup.sys \SystemRoot\System32\DRIVERS\AmdK8.sys \SystemRoot\System32\DRIVERS\usbohci.sys \SystemRoot\System32\DRIVERS\USBPORT.SYS \SystemRoot\System32\Drivers\ousbehci.sys \SystemRoot\system32\drivers\ALCXWDM.SYS \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\System32\DRIVERS\imapi.sys \SystemRoot\System32\Drivers\DLACDBHM.SYS \SystemRoot\System32\DRIVERS\cdrom.sys \SystemRoot\System32\DRIVERS\redbook.sys \SystemRoot\System32\Drivers\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\ubohci.sys \SystemRoot\system32\DRIVERS\UB1394.SYS \SystemRoot\System32\DRIVERS\nvnetbus.sys \SystemRoot\System32\DRIVERS\NVNRM.SYS \SystemRoot\System32\DRIVERS\yk51x86.sys \SystemRoot\System32\DRIVERS\nv4_mini.sys \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS \SystemRoot\System32\DRIVERS\fdc.sys \SystemRoot\system32\DRIVERS\dfmirage.sys \SystemRoot\system32\DRIVERS\lmimirr.sys \SystemRoot\System32\DRIVERS\audstub.sys \SystemRoot\System32\DRIVERS\rasl2tp.sys \SystemRoot\System32\DRIVERS\ndistapi.sys \SystemRoot\System32\DRIVERS\ndiswan.sys \SystemRoot\System32\DRIVERS\raspppoe.sys \SystemRoot\System32\DRIVERS\raspptp.sys \SystemRoot\System32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\psched.sys \SystemRoot\System32\DRIVERS\msgpc.sys \SystemRoot\System32\DRIVERS\ptilink.sys \SystemRoot\System32\DRIVERS\raspti.sys \SystemRoot\System32\DRIVERS\rdpdr.sys \SystemRoot\System32\DRIVERS\termdd.sys \SystemRoot\System32\DRIVERS\kbdclass.sys \SystemRoot\System32\DRIVERS\mouclass.sys \SystemRoot\System32\DRIVERS\swenum.sys \SystemRoot\System32\DRIVERS\update.sys \SystemRoot\System32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\AmdLLD.sys \SystemRoot\System32\DRIVERS\flpydisk.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\System32\DRIVERS\usbhub.sys \SystemRoot\System32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\ousb2hub.sys \SystemRoot\System32\DRIVERS\NVENETFD.sys \SystemRoot\system32\DRIVERS\eamon.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\Drivers\DLARTL_M.SYS \SystemRoot\system32\DRIVERS\ehdrv.sys \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\System32\DRIVERS\tcpip.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\System32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\epfwtdir.sys \SystemRoot\System32\drivers\ws2ifsl.sys \SystemRoot\System32\DRIVERS\wanarp.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbios.sys \SystemRoot\System32\DRIVERS\rdbss.sys \SystemRoot\System32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \SystemRoot\System32\Drivers\Cinemsup.SYS \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\System32\Drivers\LEqdUsb.Sys \SystemRoot\System32\Drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\wdf01000.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\System32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\LHidEqd.Sys \SystemRoot\system32\DRIVERS\lvuvcflt.sys \SystemRoot\system32\DRIVERS\LHidFilt.Sys \SystemRoot\system32\DRIVERS\LMouFilt.Sys \SystemRoot\system32\DRIVERS\LVMVDrv.sys \SystemRoot\system32\drivers\LVUSBSta.sys \SystemRoot\system32\DRIVERS\lvuvc.sys \SystemRoot\system32\DRIVERS\lvpopflt.sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\system32\DRIVERS\LVcKap.sys \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\System32\Drivers\dump_nvraid.sys \SystemRoot\System32\Drivers\dump_CLASSPNP.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\nv4_disp.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\System32\Drivers\DRVNDDM.SYS \SystemRoot\System32\DLA\DLADResM.SYS \SystemRoot\System32\DLA\DLAIFS_M.SYS \SystemRoot\System32\DLA\DLAOPIOM.SYS \SystemRoot\System32\DLA\DLAPoolM.SYS \SystemRoot\System32\Drivers\DefragFS.SYS \SystemRoot\System32\DLA\DLABMFSM.SYS \SystemRoot\System32\DLA\DLABOIOM.SYS \SystemRoot\System32\DLA\DLAUDFAM.SYS \SystemRoot\System32\DLA\DLAUDF_M.SYS \SystemRoot\System32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\pnarp.sys \SystemRoot\system32\DRIVERS\purendis.sys \SystemRoot\System32\Drivers\LBeepKE.sys \SystemRoot\system32\DRIVERS\srv.sys \??\C:\Program Files\LogMeIn\x86\RaInfo.sys \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys \SystemRoot\system32\drivers\npf.sys \SystemRoot\system32\DRIVERS\ubsbm.sys \SystemRoot\system32\DRIVERS\ubumapi.sys \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\DRIVERS\LVPr2Mon.sys \SystemRoot\System32\Drivers\HTTP.sys \??\C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys \SystemRoot\System32\Drivers\TDTCP.SYS \SystemRoot\System32\Drivers\RDPWD.SYS \SystemRoot\System32\Drivers\Fastfat.SYS \SystemRoot\System32\DRIVERS\ipfltdrv.sys \SystemRoot\System32\DRIVERS\sr.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \SystemRoot\system32\drivers\kmixer.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8b0af728 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000080\ Lower Device Object: 0xffffffff8b08f1c8 Lower Device Driver Name: \Driver\nvraid\ <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8b0af728, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8b054cc8, DeviceName: Unknown, DriverName: \Driver\SiRemFil\ DevicePointer: 0xffffffff8b054e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8b0af728, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8b08f1c8, DeviceName: \Device\00000080\, DriverName: \Driver\nvraid\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\system32\drivers... <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes The directory C:\WINDOWS\system32\drivers seems inaccessible or encrypted. Drivers scan is aborted. Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: FFFFFFFF Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 390700737 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 200049623040 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701920-390721920)... Done! Scan finished ======================================= Removal queue found; removal started Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam... Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removal finished However, while I am in my browser, MB keeps blocking an attempted outgoing connection to the same IP (46.229.165.2). Thanks, Gary
  11. MrCharlie, Thanks for helping. Here is the RogueKiller Report: RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : GaryT [Admin rights] Mode : Scan -- Date : 06/02/2013 01:42:05 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: NVIDIA MIRROR 186.31G +++++ --- User --- [MBR] c742ddd5f6a0c3b55445f63cd19fee64 [bSP] 1a31c6e198c07ae4fde6f1b9e53b97ae : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 190771 Mo Error reading LL1 MBR! Error reading LL2 MBR! Finished : << RKreport[1]_S_06022013_02d0142.txt >> RKreport[1]_S_06022013_02d0142.txt Thanks, Gary
  12. Hello, Like others, I keep getting the popup that MalwareBytes has Successfully blocked access to a potentially malicious website. It seems to be the same IP over and over. Please assist. I have already run DDS. Here are the DDS logs: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 7.0.6000.21335 BrowserJavaVersion: 10.21.2 Run by GaryT at 14:37:18 on 2013-05-31 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3455.2288 [GMT -4:00] . AV: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ============== Running Processes ================ . C:\Program Files\Logitech\SolarApp\L4301_Solar.exe C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\UPHClean\uphclean.exe C:\Documents and Settings\GaryT\Local Settings\Application Data\Google\Update\1.3.21.145\GoogleCrashHandler.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Documents and Settings\GaryT\Local Settings\Application Data\Intuit\SyncManager\Current\IntuitSyncManager.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe C:\Program Files\Raxco\PerfectDisk10\PerfectDisk.exe C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\PROGRA~1\INTUIT\QUICKB~1\QBDBMgr.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://cm.my.yahoo.com/?rd=nux uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/keyword/%s BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: del.icio.us Toolbar Helper: {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - c:\program files\del.icio.us\internet explorer buttons\dlcsIE.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Catcher Class: {ADECBED6-0366-4377-A739-E69DFBA04663} - c:\program files\moyea\flv downloader\MoyeaCth.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: del.icio.us: {981FE6A8-260C-4930-960F-C3BC82746CB0} - c:\program files\del.icio.us\internet explorer buttons\dlcsIE.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll TB: del.icio.us: {981FE6A8-260C-4930-960F-C3BC82746CB0} - c:\program files\del.icio.us\internet explorer buttons\dlcsIE.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun uRun: [Google Update] "c:\documents and settings\garyt\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204 IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html IE: {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - c:\program files\eltima software\flash decompiler trillix\saveflash\iebt.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe DPF: NetGUI - hxxp://www.gomeetnow.com/client/window/1,0,1,69/ActiveXInstaller.CAB DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB DPF: {02FFCFC3-C28F-4ED9-954B-1BAC9FD77E12} - hxxp://webstream.intra.net/media/xflux3.cab DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {16C698C4-4BE0-4CDF-B777-39276A95F58F} - hxxp://meeting.zoho.com/login/ActivexViewer.jsp DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.3.8.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab DPF: {54D53429-945C-4188-B460-C81356541882} - hxxp://photosmart.hpphoto.com/Download/HPeServicesLocalPrint.CAB DPF: {56426D1F-A2BB-4195-8555-CCE6533F81E8} - hxxp://meeting.zoho.com/login/Agent.jsp DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122093200750 DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257126710734 DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www3.ca.com/securityadvisor/virusinfo/webscan.cab DPF: {7BC974EF-A718-4A17-B77E-4C8DBC327AFA} - hxxps://secure.voloper.net/editor.cab DPF: {7DD82D6B-3553-470B-8D1E-D5C7086478A7} - hxxps://merchantaccount.quickbooks.com/sync/QBMASSyncCom2_2005.cab DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} - hxxp://www.contentpurity.com/xp/ScanFilexp.CAB DPF: {87651085-BCBF-4281-B8F7-1F6E56E92515} - hxxp://meeting.zoho.com/login/Agent.jsp DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {B7039D87-D648-4431-BA87-C3A04E6111DA} - hxxps://67.43.9.72:4643/vz/ssh/wodTelnetDLX.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D5382F3F-32AA-41E1-9FFF-5D1EFAC80D40} - hxxp://contentpurity.com/members/FileClean.CAB DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://office.webstream-innovations.com/hyperoffice/personal/documents/XUpload.ocx DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab DPF: {F21AC8A4-4322-11D6-8EBE-0001023D1A2A} - hxxps://merchantaccount.quickbooks.com/recurchrg/IntuitRecurPayCom.cab DPF: {F8A9F96F-8375-4596-BD89-EEAE2781D810} - hxxps://merchantaccount.quickbooks.com/sync/QBMASSyncCom1.cab DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxp://www.plaxo.com/activex/plx_upldr-2k-xp.cab TCP: NameServer = 208.67.222.222 208.67.220.220 38.116.38.49 TCP: Interfaces\{625B8D87-A3B9-4E07-ABB1-3D7E45668443} : DHCPNameServer = 208.67.222.222 208.67.220.220 38.116.38.49 Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2006\HelpAsyncPluggableProtocol.dll Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2006\HelpAsyncPluggableProtocol.dll Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\intuit\quickbooks 2006\HelpAsyncPluggableProtocol.dll Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll Notify: LMIinit - LMIinit.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\garyt\application data\mozilla\firefox\profiles\1llhjzre.default\ FF - prefs.js: browser.startup.homepage - web.ebuddy.com|hxxp://www.netvibes.com/ FF - plugin: c:\documents and settings\garyt\application data\mozilla\firefox\profiles\1llhjzre.default\extensions\logmeinclient@logmein.com\plugins\npLMI64.dll FF - plugin: c:\documents and settings\garyt\application data\mozilla\firefox\profiles\1llhjzre.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll FF - plugin: c:\documents and settings\garyt\local settings\application data\google\update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: c:\program files\intra.net 4.x components\packages\{309453f2-8d7a-4f10-bdac-ea09d31f9198}\npsf.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\sibelius software\scorch\NPSibelius.dll FF - plugin: c:\windows\system32\ibm\npwdplugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\Npindeo.dll FF - plugin: c:\windows\system32\npptools.dll FF - plugin: c:\windows\system32\npwmsdrm.dll FF - ExtSQL: !HIDDEN! 2011-07-10 18:12; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 . ============= SERVICES / DRIVERS =============== . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-3-14 122240] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2012-3-14 105784] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2013-3-21 1341664] R2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\logitech\solarapp\L4301_Solar.exe [2010-10-26 319568] R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-6-14 12216] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-4-24 47640] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-12 418376] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-5 701512] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-3-15 34064] R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2009-10-12 45824] R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-8-19 1248256] R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-1-31 3289208] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2013\TuneUpUtilitiesService32.exe [2013-1-31 1724192] R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [2005-7-27 14080] R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [2005-7-27 36352] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2011-9-22 645048] R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-8-24 43704] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-8-24 12216] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-5 22856] R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2009-10-12 56960] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2013\TuneUpUtilitiesDriver32.sys [2012-9-18 10088] R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2005-7-27 77056] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384] S3 FileShd;FileShd;c:\windows\system32\drivers\fileshd2.sys [2007-9-10 69888] S3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;c:\windows\system32\drivers\libusb0.sys [2011-5-13 42592] S3 PCAlertDriver;PCAlertDriver;c:\program files\msi\core center\NTGLM7X.SYS [2005-10-2 22432] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-7-11 27064] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . =============== Created Last 30 ================ . 2013-05-19 04:44:59 548864 ----a-w- c:\program files\mozilla firefox\plugins\webex\924\mmssl32.dll 2013-05-18 04:18:01 1409 ----a-w- c:\windows\QTFont.for 2013-05-13 05:25:42 -------- d-----w- c:\documents and settings\garyt\local settings\application data\Sun 2013-05-13 03:36:19 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-05-13 03:36:01 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . ==================== Find3M ==================== . 2013-05-27 22:02:09 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-27 22:02:09 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-13 03:35:42 866720 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-05-13 03:35:41 788896 ----a-w- c:\windows\system32\deployJava1.dll 2013-04-30 10:18:51 1072544 ----a-w- c:\windows\system32\nvdrsdb0.bin 2013-04-30 10:18:51 1 ----a-w- c:\windows\system32\nvdrssel.bin 2013-04-30 10:18:46 1072544 ----a-w- c:\windows\system32\nvdrsdb1.bin 2013-04-16 21:59:48 841216 ----a-w- c:\windows\system32\wininet.dll 2013-04-16 21:59:48 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2013-04-16 21:59:47 78336 ----a-w- c:\windows\system32\ieencode.dll 2013-04-16 21:59:47 17408 ----a-w- c:\windows\system32\corpol.dll 2013-04-12 23:28:54 389120 ----a-w- c:\windows\system32\html.iec 2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys 2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-10-31 20:13:58 44 ---h--w- c:\program files\dd2c2250.tmp 2003-08-27 18:19:18 36963 ----a-w- c:\program files\common files\SM1updtr.dll . ============= FINISH: 14:38:50.61 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 7/17/2005 9:23:02 PM System Uptime: 5/28/2013 3:12:39 AM (83 hours ago) . Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7125 Processor: AMD Athlon™ 64 X2 Dual Core Processor 4200+ | Socket 939 | 2210/201mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 186 GiB total, 46.736 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows PNP Device ID: ROOT\NET\0000 Service: vpnva . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . 3114 SATARAID5 500e ABBYY FineReader 5.0 Sprint Adobe Acrobat 9 Standard - English, Français, Deutsch Adobe Acrobat 9.5.4 - CPSID_83708 Adobe AIR Adobe ConnectNow Adobe ConnectNow Add-in Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Shockwave Player 11 Advanced Find and Replace v5.1 AMD CPUInfo AMD Power Monitor AMD Processor Driver Apple Software Update Brother BRAdmin Professional 2.51 Brother HL-5170DN Camera Support Core Library Camera Window DS Camera Window DVC Camera Window MC Camtasia Studio 7 Canon Camera Support Core Library Canon Camera Window DS for ZoomBrowser EX Canon Camera Window DVC for ZoomBrowser EX Canon Camera Window for ZoomBrowser EX Canon i950 Canon MovieEdit Task for ZoomBrowser EX Canon PhotoRecord Canon RAW Image Task for ZoomBrowser EX Canon RemoteCapture Task for ZoomBrowser EX Canon Utilities Easy-PhotoPrint Canon ZoomBrowser EX CCleaner Cisco AnyConnect VPN Client Cisco Network Magic Cisco Unified Presenter Add-in 6x5 ClickTracks Hosted Viewer Cole2k Media - Codec Pack (Advanced) 7.1.0 Compatibility Pack for the 2007 Office system Constant Contact QuickImport - Outlook Corel Photo Album 6 Critical Security Update Critical Update for Windows Media Player 11 (KB959772) CSS eXplorer Cypress USB Mass Storage Driver Installation del.icio.us Buttons for Internet Explorer DeVilbiss Remote Control DH Driver Cleaner.NET Directory Submitter 1.0.29 DivX DivX Player Domain Samurai DriverMax 5 Dropbox Dual-Core Optimizer EPSON Copy Utility 3 EPSON Perf 2480 - 2580 Guide EPSON Scan EPSON Smart Panel eReg erLT ESET NOD32 Antivirus EVEREST Ultimate Edition v5.02 Evernote v. 4.5.10 Family Tree Maker 2011 Flash Decompiler Trillix Free Easy Burner V 3.8 Google AdWords Editor Google Chrome Google Toolbar for Internet Explorer Google Update Helper GoToMeeting 5.4.0.1082 GSiteCrawler GTK+ 2.10.6-1 runtime environment HighMAT Extension to Microsoft Windows XP CD Writing Wizard Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP eServices Local Prints and Save HP Scrawlr InfraRecorder Internet Explorer Q903235 Intra.Net 4.x Components IrfanView (remove only) iTunes Java 7 Update 21 Java Auto Updater Jawbone Updater join.me Keyword Cloud Generator 1.0.21 LightScribe 1.4.136.1 Likno Web Button Maker Logitech Audio Echo Cancellation Component Logitech QuickCam Logitech SetPoint 6.50 Logitech Solar App 1.0 Logitech Video Enumerator Logitech® Camera Driver LogMeIn LtMoh_MARS Macromedia Dreamweaver 8 Macromedia Extension Manager Macromedia Flash 8 Macromedia Flash 8 Video Encoder Malwarebytes Anti-Malware version 1.75.0.1300 Market Samurai MediaInfo 0.7.5.3 MediaLife Memory Zipper Plus 7.11 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft National Language Support Downlevel APIs Microsoft Office 2003 Primary Interop Assemblies Microsoft Office File Validation Add-In Microsoft Office Live Add-in 1.5 Microsoft Office Professional Edition 2003 Microsoft Office Project Standard 2003 Microsoft Primary Interoperability Assemblies 2005 Microsoft Silverlight Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft WSE 3.0 Runtime Mirage Driver 1.1 Mix-FX MovieEdit Task Moyea Flash Video MX Pro Version: 5.0.16.932 Moyea Flash Video MX Pro Version: 6.0.2.1174 Moyea FLV Downloader version 1.15.0.15 Moyea FLV Player version 1.5.2.7 Moyea FLV to Video Converter Pro 3 Version: 3.0.6.0 Mozilla Firefox 21.0 (x86 en-US) Mozilla Maintenance Service MSI DigiCell MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 6 Service Pack 2 (KB954459) MVision MyPublisher BookMaker Netsparker [Community Edition] - Web Application Security Scanner Network Magic Nmap 4.85BETA5 Notepad++ NVIDIA Drivers OGA Notifier 2.0.0048.0 Paint.NET v3.5.10 Paros 3.2.13 Passpack DESKTOP PerfectDisk 10 Professional PhotoImpression 5 PingPlotter Standard 3.30.0s PlexTools Professional V2.28 Pure Networks Platform QuickBooks QuickBooks Pro 2012 Quicken 2006 Quicken WillMaker Plus 2006 QuickTime RAW Image Task RawShooter essentials 2005 Realtek AC'97 Audio Recuva (remove only) RemoteCapture Task 1.1 Report Viewer 2.3 Revo Uninstaller Pro 3.0.5 Roxio Content 9 Roxio Drag-to-Disc Roxio Easy Media Creator 9 Suite Roxio Media Experience Roxio Update Manager Savings Bond Wizard ScanToWeb SeaTools for Windows Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB2482017) Security Update for Windows Internet Explorer 7 (KB2497640) Security Update for Windows Internet Explorer 7 (KB2530548) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2559049) Security Update for Windows Internet Explorer 7 (KB2586448) Security Update for Windows Internet Explorer 7 (KB2618444) Security Update for Windows Internet Explorer 7 (KB2647516) Security Update for Windows Internet Explorer 7 (KB2675157) Security Update for Windows Internet Explorer 7 (KB2699988) Security Update for Windows Internet Explorer 7 (KB2722913) Security Update for Windows Internet Explorer 7 (KB2744842) Security Update for Windows Internet Explorer 7 (KB2761465) Security Update for Windows Internet Explorer 7 (KB2792100) Security Update for Windows Internet Explorer 7 (KB2797052) Security Update for Windows Internet Explorer 7 (KB2799329) Security Update for Windows Internet Explorer 7 (KB2809289) Security Update for Windows Internet Explorer 7 (KB2817183) Security Update for Windows Internet Explorer 7 (KB2829530) Security Update for Windows Media Encoder (KB2447961) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2808735) Security Update for Windows XP (KB2813170) Security Update for Windows XP (KB2813345) Security Update for Windows XP (KB2820197) Security Update for Windows XP (KB2820917) Security Update for Windows XP (KB2829361) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) Skype Click to Call Skype™ 6.3 SmartFTP Client SmartFTP Client 3.0 Setup Files (remove only) SmartFTP Client 4.0 Setup Files (remove only) SmartLink Desktop Snagit 10.0.1 SnagIt Studio SOS Online Backup Speccy StuffIt Expander 2009 Sumopaint Pro SupportSoft Assisted Service System Requirements Lab TeamViewer 6 Time Zone Data Update Tool for Microsoft Office Outlook TuneUp Utilities 2013 TuneUp Utilities Language Pack (en-US) ubCore UEStudio '10.30 UltraCompare v7.20 UltraSentry Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 7 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) USB Storage Adapter FX (SM1) User Profile Hive Cleanup Service Visual Studio 2005 Tools for Office Second Edition Runtime Web CEO 9.1 WebEx WebFldrs XP Windows Genuine Advantage v1.3.0254.0 Windows Imaging Component Windows Installer Clean Up Windows Live Sign-in Assistant Windows Media Encoder 9 Series Windows Media Format 11 runtime Windows Media Player 11 Windows Resource Kit Tools - SubInAcl.exe Windows XP Service Pack 3 WinMerge 2.12.4 winpcap-nmap 4.02 WinZip 15.0 WSI Power Search XML Paper Specification Shared Components Pack 1.0 XSitePro2 XviD MPEG-4 Codec Yugma . ==== Event Viewer Messages From Past Week ======== . 5/31/2013 2:37:22 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0. 5/28/2013 3:14:30 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b66ac3a6, parameter3 a55f0960, parameter4 00000000. 5/27/2013 5:56:57 PM, error: Service Control Manager [7002] - The BrPar service depends on the Parallel arbitrator group and no member of this group started. 5/27/2013 5:56:57 PM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 5/27/2013 5:56:16 PM, error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration. . ==== End Of File =========================== Thanks, Gary
  13. Gringo, . Thanks for the effort. Yes, I figured much more work would be involved. That's why I hoped someone had a secret trick If you would, go ahead and give me the links to the other forums and I will pursue when I have time. While the hanging up is a nuisance, fixing it is not critical right now. You can close this thread, if you wish. Thanks again, Gary
  14. Gringo, Still no luck. I turned off all the non-Microsoft services and all the startup items (except it wouldn't let me turn off the NOD32 startup item). However, it still hung during restart. I tried it several times with no change. It must be a Microsoft service or a driver. Gary
  15. Hello again, Thanks for offering to help. I ran the script, but no luck. It gave me the following response: "No Resettable ATA Channels with Windows drivers found. Nothing changed." I went ahead and rebooted a couple of times, but it still hangs. Also, I read the article you pointed to, so I went into my device manager and looks at the IDE ATA/ATAPI controllers. First off, my system is somewhat different than what is in the article. I have two (2) Serial ATA RAID controllers and one (1) Parallel ATA controller. See the attached file. IDE ATA Controller Settings.doc My Hard Drive (RAID Array) is on the Serial ATA and there don't seem to be any DMA settings for these controllers The only thing on the Parallel ATA controller is a single DVD drive, and as shown in the attached document, it seems to be set correctly DMA wise: Thanks, Gary
  16. Hello Gringo, Thanks for all your help and all the information. I sent you a little donation. It is not enough, but all I can afford right now. A couple of last questions, if you don't mind: What software firewall product do you recommend, if any? This is not a security question, but with your expertise, I thought you might have some advice. For several months now, Windows on this system has been hanging on Shutdown or Restart. It gets to the message "Windows is Shutting Down" and just stays there. I have done some research and there doesn't seem to be an easy solution or even an easy way to troubleshoot. Do you have any recommendations? Thanks again, Gary
  17. Hello Gringo, Sorry I took so long. I had trouble getting NOD32 to complete its scan and had to talk to ESET Support. To answer your #2 question above, I believe I was using Firefox, when I downloaded the F-Secure Online Scanner standalone EXE. However, I closed all my browsers before I actually ran it. Ok, to give you an updated report on my PC situation: Earlier, I had mentioned that the MalwareBytes daily scan had been running when I got the FBI MoneyPak infection and that the only way I got my PC unlocked was that it finally completed and then cleaned the infection. Here is the log from than scan, which I thought you might find useful: Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.29.09 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.11 GaryT :: GTD-DESKTOP [administrator] Protection: Disabled 4/30/2013 5:14:18 AM mbam-log-2013-04-30 (05-14-18).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 227410 Time elapsed: 27 minute(s), 53 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent.RNS) -> Data: explorer.exe,C:\Documents and Settings\GaryT\Application Data\skype.dat -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Documents and Settings\GaryT\rundll32.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\GaryT\spoolsv.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\GaryT\Application Data\skype.dat (Trojan.Agent) -> Quarantined and deleted successfully. (end) While I was having trouble running my NOD32 scan, I ran the ESET Online Scanner. Here is what it found: C:\Documents and Settings\GaryT\My Documents\Download\Setup_FreeBurner.exe Win32/Toolbar.Widgi application C:\Documents and Settings\GaryT\My Documents\Download\Setup_FreeBurnerV2.exe Win32/Toolbar.Widgi application C:\Documents and Settings\GaryT\My Documents\Download\WinZip15\winzip155.exe Win32/OpenCandy application C:\System Volume Information\_restore{81204647-6BB4-4E2A-B834-E51237745CC7}\RP1153\A0175618.exe a variant of Win32/Kryptik.AZXZ trojan C:\TDSSKiller_Quarantine\30.04.2013_08.26.35\tdlfs0000\tsk0004.dta a variant of Win32/Olmarik.ADZ trojan Lastly, with ESET's help I finally got my NOD32 to complete a system scan. Here are the threats it found: C:\Documents and Settings\GaryT\My Documents\Download\Setup_FreeBurner.exe » INNO » {tmp}\dealio.exe - Win32/Toolbar.Widgi potentially unwanted application C:\Documents and Settings\GaryT\My Documents\Download\Setup_FreeBurnerV2.exe » INNO » {tmp}\dealio.exe - Win32/Toolbar.Widgi potentially unwanted application C:\System Volume Information\_restore{81204647-6BB4-4E2A-B834-E51237745CC7}\RP1153\A0175618.exe - a variant of Win32/Kryptik.AZXZ trojan - cleaned by deleting - quarantined [1] C:\Documents and Settings\GaryT\My Documents\Download\Setup_FreeBurner.exe » INNO » {tmp}\dealio.exe - Win32/Toolbar.Widgi potentially unwanted application C:\Documents and Settings\GaryT\My Documents\Download\Setup_FreeBurnerV2.exe » INNO » {tmp}\dealio.exe - Win32/Toolbar.Widgi potentially unwanted application Let me know what you think. Thanks, Gary
  18. Hello again, I removed GoogleToolbarNotifier and left IntuitSyncManager. I ran F-Secure Online Scanner: It found no problems This newer version didn't provide a report I am also running a Smart Scan with my NOD32. This may take a while. I will post another reply with th results. Since you are helping me so much, I wanted to give a little back. Here is some updated information I found: The latest version of CCleaner doesn't try to install Yahoo Toolbar The latest F-Secure Online Scanner is a standalone EXE. It doesn't run inside your browser. The latest F-Secure Online Scanner download is at: http://www.f-secure.com/en/web/home_us/online-scanner Thanks, Gary
  19. Gringo, A couple of questions before I do this: I use Quickbooks & Intuit Merchant Service in my business. Isn't Intuit SyncManager necessary to keep all this synced? If not, I will gladly remove it. I already have the paid version of Eset NOD32 installed and running on my system. It is the latest version with the latest data file. Wouldn't it be better to run the scan with it rather than the Eset online scanner? If not, I will proceed as instructed. Thanks, Gary Thanks, Gary
  20. Ok, here we go. I removed Java 6 Update 37 with Revo Uninstaller. I actually have Revo Uninstaller Pro on my system. Is there a later Java version we can install? Ran CCleaner (already had it on my system). Ran a scan with Malwarebytes. I actually have Pro on the system and it runs all the time. I am actually surprised that it and/or my NOD32 didn't stop the FBI MoneyPak infection. It found nothing. Here is the Log: Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.01.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.11 GaryT :: GTD-DESKTOP [administrator] Protection: Disabled 5/1/2013 2:24:49 AM mbam-log-2013-05-01 (02-24-49).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 225145 Time elapsed: 8 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Ran HijackThis. Here is log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:35:03 AM, on 5/1/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17128) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Logitech\SolarApp\L4301_Solar.exe C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\WINDOWS\Explorer.EXE C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\GaryT\Local Settings\Application Data\Intuit\SyncManager\Current\IntuitSyncManager.exe C:\PROGRA~1\INTUIT\QUICKB~1\QBDBMgr.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\GaryT\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/?rd=nux R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: NetGUI - http://www.gomeetnow.com/client/window/1,0,1,69/ActiveXInstaller.CAB O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB O16 - DPF: {02FFCFC3-C28F-4ED9-954B-1BAC9FD77E12} (Intra.Net Component Manager 2.0) - http://webstream.intra.net/media/xflux3.cab O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {16C698C4-4BE0-4CDF-B777-39276A95F58F} (InstallActivexViewer Control) - http://meeting.zoho.com/login/ActivexViewer.jsp O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.3.8.cab O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://photosmart.hpphoto.com/Download/HPeServicesLocalPrint.CAB O16 - DPF: {56426D1F-A2BB-4195-8555-CCE6533F81E8} (ZohoMeetingAgent Control) - http://meeting.zoho.com/login/Agent.jsp O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122093200750 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257126710734 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {7BC974EF-A718-4A17-B77E-4C8DBC327AFA} (SCE Control) - https://secure.voloper.net/editor.cab O16 - DPF: {7DD82D6B-3553-470B-8D1E-D5C7086478A7} (QBMASSyncCom2_2005.UserControl1) - https://merchantaccount.quickbooks.com/sync/QBMASSyncCom2_2005.cab O16 - DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} (ScanFile.FileScan) - http://www.contentpurity.com/xp/ScanFilexp.CAB O16 - DPF: {87651085-BCBF-4281-B8F7-1F6E56E92515} (ZohoMeetingAgent Control) - http://meeting.zoho.com/login/Agent.jsp O16 - DPF: {B7039D87-D648-4431-BA87-C3A04E6111DA} (wodTelnetDLX Class) - https://67.43.9.72:4643/vz/ssh/wodTelnetDLX.cab O16 - DPF: {D5382F3F-32AA-41E1-9FFF-5D1EFAC80D40} (FileClean.Clean) - http://contentpurity.com/members/FileClean.CAB O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://office.webstream-innovations.com/hyperoffice/personal/documents/XUpload.ocx O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {F21AC8A4-4322-11D6-8EBE-0001023D1A2A} (IntuitRecurPayCom.UserControl1) - https://merchantaccount.quickbooks.com/recurchrg/IntuitRecurPayCom.cab O16 - DPF: {F8A9F96F-8375-4596-BD89-EEAE2781D810} (QBMASSyncCom1.UserControl1) - https://merchantaccount.quickbooks.com/sync/QBMASSyncCom1.cab O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - http://www.plaxo.com/activex/plx_upldr-2k-xp.cab O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll O18 - Protocol: intu-help-qb5 - {867FCB77-9823-4CD6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Solar Keyboard Service (L4301_Solar) - Logitech, Inc. - C:\Program Files\Logitech\SolarApp\L4301_Solar.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows ® Codename Longhorn DDK provider - C:\Program Files\UPHClean\uphclean.exe O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- End of file - 18285 bytes Everthing seems good. Next? Thanks, Gary
  21. Gringo, Here is the report: 3114 SATARAID5 500e ABBYY FineReader 5.0 Sprint Adobe Acrobat 9 Standard - English, Français, Deutsch Adobe Acrobat 9.5.4 - CPSID_83708 Adobe AIR Adobe ConnectNow Adobe ConnectNow Add-in Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Shockwave Player 11 Advanced Find and Replace v5.1 AllWebMenus PRO 5.1.760 AMD CPUInfo AMD Power Monitor AMD Processor Driver Apple Software Update Brother BRAdmin Professional 2.51 Brother HL-5170DN Camera Support Core Library Camera Window DS Camera Window DVC Camera Window MC Camtasia Studio 7 Canon Camera Support Core Library Canon Camera Window DS for ZoomBrowser EX Canon Camera Window DVC for ZoomBrowser EX Canon Camera Window for ZoomBrowser EX Canon i950 Canon MovieEdit Task for ZoomBrowser EX Canon PhotoRecord Canon RAW Image Task for ZoomBrowser EX Canon RemoteCapture Task for ZoomBrowser EX Canon Utilities Easy-PhotoPrint Canon ZoomBrowser EX CCleaner Cisco AnyConnect VPN Client Cisco Network Magic Cisco Unified Presenter Add-in 6x5 ClickTracks Hosted Viewer Cole2k Media - Codec Pack (Advanced) 7.1.0 Compatibility Pack for the 2007 Office system Constant Contact QuickImport - Outlook Corel Photo Album 6 Critical Security Update Critical Update for Windows Media Player 11 (KB959772) CSS eXplorer Cypress USB Mass Storage Driver Installation del.icio.us Buttons for Internet Explorer DeVilbiss Remote Control DH Driver Cleaner.NET Directory Submitter 1.0.29 DivX DivX Player Domain Samurai DriverMax 5 Dropbox Dual-Core Optimizer EPSON Copy Utility 3 EPSON Perf 2480 - 2580 Guide EPSON Scan EPSON Smart Panel eReg erLT ESET NOD32 Antivirus EVEREST Ultimate Edition v5.02 Evernote v. 4.5.10 Family Tree Maker 2011 Flash Decompiler Trillix Free Easy Burner V 3.8 Google AdWords Editor Google Chrome Google Toolbar for Internet Explorer Google Update Helper GoToMeeting 5.4.0.1082 GSiteCrawler GTK+ 2.10.6-1 runtime environment HighMAT Extension to Microsoft Windows XP CD Writing Wizard Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP eServices Local Prints and Save HP Scrawlr InfraRecorder Internet Explorer Q903235 Intra.Net 4.x Components IrfanView (remove only) iTunes Java Auto Updater Java 6 Update 37 Jawbone Updater join.me Keyword Cloud Generator 1.0.21 LightScribe 1.4.136.1 Likno Web Button Maker Logitech Audio Echo Cancellation Component Logitech QuickCam Logitech SetPoint 6.50 Logitech Solar App 1.0 Logitech Video Enumerator Logitech® Camera Driver LogMeIn LtMoh_MARS Macromedia Dreamweaver 8 Macromedia Extension Manager Macromedia Flash 8 Macromedia Flash 8 Video Encoder Malwarebytes Anti-Malware version 1.75.0.1300 Market Samurai MediaInfo 0.7.5.3 MediaLife Memory Zipper Plus 7.11 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft National Language Support Downlevel APIs Microsoft Office 2003 Primary Interop Assemblies Microsoft Office File Validation Add-In Microsoft Office Live Add-in 1.5 Microsoft Office Professional Edition 2003 Microsoft Office Project Standard 2003 Microsoft Primary Interoperability Assemblies 2005 Microsoft Silverlight Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft WSE 3.0 Runtime Mirage Driver 1.1 Mix-FX MovieEdit Task Moyea Flash Video MX Pro Version: 5.0.16.932 Moyea Flash Video MX Pro Version: 6.0.2.1174 Moyea FLV Downloader version 1.15.0.15 Moyea FLV Player version 1.5.2.7 Moyea FLV to Video Converter Pro 3 Version: 3.0.6.0 Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service MSI DigiCell MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 6 Service Pack 2 (KB954459) MVision MyPublisher BookMaker Netsparker [Community Edition] - Web Application Security Scanner Network Magic Nmap 4.85BETA5 Notepad++ NVIDIA Drivers OGA Notifier 2.0.0048.0 Paint.NET v3.5.10 Paros 3.2.13 Passpack DESKTOP PerfectDisk 10 Professional PhotoImpression 5 PingPlotter Standard 3.30.0s PlexTools Professional V2.28 Pure Networks Platform QuickBooks QuickBooks Pro 2012 Quicken 2006 Quicken WillMaker Plus 2006 QuickTime RAW Image Task RawShooter essentials 2005 Realtek AC'97 Audio Recuva (remove only) RemoteCapture Task 1.1 Report Viewer 2.3 Revo Uninstaller Pro 2.5.9 Roxio Content 9 Roxio Drag-to-Disc Roxio Easy Media Creator 9 Suite Roxio Media Experience Roxio Update Manager Savings Bond Wizard ScanToWeb SeaTools for Windows Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB2482017) Security Update for Windows Internet Explorer 7 (KB2497640) Security Update for Windows Internet Explorer 7 (KB2530548) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2559049) Security Update for Windows Internet Explorer 7 (KB2586448) Security Update for Windows Internet Explorer 7 (KB2618444) Security Update for Windows Internet Explorer 7 (KB2647516) Security Update for Windows Internet Explorer 7 (KB2675157) Security Update for Windows Internet Explorer 7 (KB2699988) Security Update for Windows Internet Explorer 7 (KB2722913) Security Update for Windows Internet Explorer 7 (KB2744842) Security Update for Windows Internet Explorer 7 (KB2761465) Security Update for Windows Internet Explorer 7 (KB2792100) Security Update for Windows Internet Explorer 7 (KB2797052) Security Update for Windows Internet Explorer 7 (KB2799329) Security Update for Windows Internet Explorer 7 (KB2809289) Security Update for Windows Internet Explorer 7 (KB2817183) Security Update for Windows Media Encoder (KB2447961) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2808735) Security Update for Windows XP (KB2813170) Security Update for Windows XP (KB2813345) Security Update for Windows XP (KB2820917) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) Skype Click to Call Skype™ 6.3 SmartFTP Client SmartFTP Client 3.0 Setup Files (remove only) SmartFTP Client 4.0 Setup Files (remove only) SmartLink Desktop Snagit 10.0.1 SnagIt Studio SOS Online Backup StuffIt Expander 2009 Sumopaint Pro SupportSoft Assisted Service System Requirements Lab TeamViewer 6 Time Zone Data Update Tool for Microsoft Office Outlook TuneUp Utilities 2013 TuneUp Utilities Language Pack (en-US) ubCore UEStudio '10.30 UltraCompare v7.20 UltraSentry Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 7 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) USB Storage Adapter FX (SM1) User Profile Hive Cleanup Service Visual Studio 2005 Tools for Office Second Edition Runtime Web CEO 9.1 WebEx WebFldrs XP Windows Genuine Advantage v1.3.0254.0 Windows Imaging Component Windows Installer Clean Up Windows Live Sign-in Assistant Windows Media Encoder 9 Series Windows Media Format 11 runtime Windows Media Player 11 Windows Resource Kit Tools - SubInAcl.exe Windows XP Service Pack 3 WinMerge 2.12.4 winpcap-nmap 4.02 WinZip 15.0 WSI Power Search XML Paper Specification Shared Components Pack 1.0 XSitePro2 XviD MPEG-4 Codec Yugma Nexr? Thanks, Gary
  22. Hello, I did as instructed. Here is the log: ComboFix 13-04-29.01 - GaryT 04/30/2013 19:56:05.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3455.2314 [GMT -4:00] Running from: c:\documents and settings\GaryT\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\GaryT\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\EventSystem.log . . ((((((((((((((((((((((((( Files Created from 2013-04-01 to 2013-05-01 ))))))))))))))))))))))))))))))) . . 2013-04-30 12:28 . 2013-04-30 12:28 -------- d-----w- C:\TDSSKiller_Quarantine 2013-04-30 11:24 . 2013-04-30 11:24 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-04-30 10:18 . 2013-04-30 10:18 1072544 ----a-w- c:\windows\system32\nvdrsdb0.bin 2013-04-30 10:18 . 2013-04-30 10:18 1 ----a-w- c:\windows\system32\nvdrssel.bin 2013-04-30 10:18 . 2013-04-30 10:18 1072544 ----a-w- c:\windows\system32\nvdrsdb1.bin 2013-04-24 19:37 . 2013-04-24 19:37 -------- d-----w- c:\documents and settings\GaryT\Application Data\Sibelius Software 2013-04-24 19:36 . 2013-04-24 19:36 -------- d-----w- c:\program files\Sibelius Software 2013-04-12 18:51 . 2013-04-12 18:51 -------- d-----w- c:\program files\Common Files\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-22 19:03 . 2012-04-04 22:07 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-04-22 19:03 . 2011-05-25 00:30 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-04 18:50 . 2011-01-05 17:12 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-11 03:44 . 2013-03-11 03:44 1409 ----a-w- c:\windows\QTFont.for 2013-03-08 08:36 . 2003-03-31 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 01:32 . 2009-05-11 00:18 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 00:50 . 2009-05-11 00:18 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-02 01:25 . 2009-05-11 00:18 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-02-27 07:56 . 2005-07-18 01:19 2067456 ----a-w- c:\windows\system32\mstscax.dll 2013-02-24 19:03 . 2005-04-27 14:54 832512 ----a-w- c:\windows\system32\wininet.dll 2013-02-24 19:03 . 2003-03-31 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2013-02-24 19:03 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2013-02-24 19:03 . 2003-03-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2013-02-12 00:32 . 2009-05-11 00:18 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys 2013-02-12 00:32 . 2009-05-11 00:18 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-08 09:03 . 2013-02-08 09:03 1010464 ----a-w- c:\windows\system32\nvdispco32.dll 2013-02-08 09:03 . 2005-06-15 21:20 19189760 ----a-w- c:\windows\system32\nvoglnt.dll 2013-02-08 09:03 . 2005-06-15 21:20 4494336 ----a-w- c:\windows\system32\nv4_disp.dll 2013-02-08 09:02 . 2009-07-08 13:07 7536640 ----a-w- c:\windows\system32\nvcuda.dll 2013-02-08 09:02 . 2009-07-08 13:07 2581792 ----a-w- c:\windows\system32\nvcuvid.dll 2013-02-08 09:02 . 2013-02-08 09:02 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll 2013-02-08 09:02 . 2013-02-08 09:02 17551360 ----a-w- c:\windows\system32\nvcompiler.dll 2013-02-08 09:02 . 2009-07-08 13:07 2389504 ----a-w- c:\windows\system32\nvapi.dll 2013-02-08 09:02 . 2005-06-15 21:20 12648960 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2013-02-08 09:02 . 2013-02-08 09:02 5967872 ----a-w- c:\windows\system32\nvopencl.dll 2013-02-08 09:02 . 2009-07-08 13:07 1869088 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-01-31 09:35 . 2012-04-25 23:27 32032 ----a-w- c:\windows\system32\TURegOpt.exe 2013-01-31 09:35 . 2013-02-18 05:00 29984 ----a-w- c:\windows\system32\uxtuneup.dll 2009-10-31 20:13 . 2009-11-02 08:13 44 ---h--w- c:\program files\dd2c2250.tmp 2003-08-27 18:19 . 2005-08-07 18:05 36963 ----a-w- c:\program files\Common Files\SM1updtr.dll 2012-02-23 21:09 . 2013-04-12 05:12 113976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2012-02-23 21:09 . 2013-04-12 05:12 449848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll 2011-03-03 18:52 . 2013-04-12 05:12 46392 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll 2011-03-03 18:52 . 2013-04-12 05:12 99208 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2010-03-31 15:09 . 2010-03-31 15:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll 2010-04-08 16:35 . 2010-04-08 16:35 9822960 ----a-r- c:\program files\mozilla firefox\plugins\ScorchAxPlugin.dll 2010-04-08 17:36 . 2010-04-08 17:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll 2013-04-12 05:12 . 2013-04-12 05:11 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId] @="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}" [HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}] 2009-04-21 09:17 233472 ------w- c:\program files\SOS Online Backup\CtxMenu_1_0_0_10.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\documents and settings\GaryT\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\documents and settings\GaryT\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\documents and settings\GaryT\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\documents and settings\GaryT\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 68856] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2013-03-01 2778424] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-12-21 5074384] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Z1"="c:\documents and settings\GaryT\My Documents\Download\FBI MoneyPak Cleanup\mbar\mbar.exe" [2013-03-23 1398856] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\windows\system32\logonui.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2010-06-10 00:08 87424 ----a-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0sasnative32 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Intuit Data Protect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk backup=c:\windows\pss\Intuit Data Protect.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk backup=c:\windows\pss\QuickBooks_Standard_21.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^GaryT^Start Menu^Programs^Startup^Dropbox.lnk] path=c:\documents and settings\GaryT\Start Menu\Programs\Startup\Dropbox.lnk backup=c:\windows\pss\Dropbox.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^GaryT^Start Menu^Programs^Startup^EvernoteClipper.lnk] path=c:\documents and settings\GaryT\Start Menu\Programs\Startup\EvernoteClipper.lnk backup=c:\windows\pss\EvernoteClipper.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^GaryT^Start Menu^Programs^Startup^Jawbone Updater.lnk] path=c:\documents and settings\GaryT\Start Menu\Programs\Startup\Jawbone Updater.lnk backup=c:\windows\pss\Jawbone Updater.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6] 2012-10-06 08:16 1843512 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-08-18 23:00 136176 ----atw- c:\documents and settings\GaryT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager] 2013-03-01 05:28 2778424 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2005-08-11 20:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2008-10-24 14:14 79136 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] 2007-02-08 05:12 488984 ----a-w- c:\program files\Common Files\Logishrd\LComMgr\Communications_Helper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2007-02-08 05:13 774168 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI] 2008-07-24 22:46 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG] 2003-07-14 14:52 40960 ----a-w- c:\windows\ltmsg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp] 2009-07-08 06:53 472112 ----a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth] 2009-07-07 18:48 647216 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2013-02-28 22:50 18642024 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2007-04-16 19:28 577536 ----a-w- c:\windows\soundman.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-09-17 16:41 254896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-03-31 08:54 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "MemoryZipperPlus"="c:\program files\Memzip\memzip.exe" "DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" -agent . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "LiveMonitor"=c:\program files\MSI\Live Update 3\LMonitor.exe "Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "bwprnmon.exe"=c:\bitware\NT\bwprnmon.exe "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" "SoundMan"=SOUNDMAN.EXE "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" "DMXLauncher"="c:\program files\Roxio\Media Experience\DMXLauncher.exe" "NVRaidService"="c:\windows\System32\nvraidservice.exe" "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" "SM1BG"="c:\windows\SM1BG.EXE" "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\Savings Bond Wizard\\SBWizard.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Web CEO\\BIN\\webceo.exe"= "c:\\Program Files\\Web CEO\\BIN\\wsceokrnl.dll"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Paros\\IEEmbed.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Documents and Settings\\GaryT\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"= "c:\\Program Files\\Jawbone\\JawboneUpdater.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "67:UDP"= 67:UDP:DHCP Discovery Service . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/14/2012 9:40 AM 122240] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/14/2012 9:40 AM 105784] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2012 2:08 PM 1333424] R2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe [10/26/2010 5:25 PM 319568] R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [6/14/2011 11:55 PM 12216] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/12/2012 7:13 PM 418376] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/5/2011 1:12 PM 701512] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [3/15/2009 4:13 PM 34064] R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [10/12/2009 2:46 AM 45824] R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [8/19/2011 9:31 PM 1248256] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1/31/2013 5:35 AM 1724192] R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [7/27/2005 5:25 PM 14080] R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [7/27/2005 5:25 PM 36352] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [9/22/2011 2:43 PM 645048] R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 5:43 PM 31896] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 1:30 PM 43704] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 1:30 PM 12216] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/30/2013 7:24 AM 35144] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/5/2011 1:12 PM 22856] R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [10/12/2009 2:46 AM 56960] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [9/18/2012 4:02 PM 10088] R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [7/27/2005 5:25 PM 77056] S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [1/31/2013 10:38 AM 3289208] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 6:45 PM 161384] S3 FileShd;FileShd;c:\windows\system32\drivers\fileshd2.sys [9/10/2007 4:13 PM 69888] S3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;c:\windows\system32\drivers\libusb0.sys [5/13/2011 12:17 AM 42592] S3 PCAlertDriver;PCAlertDriver;c:\program files\MSI\Core Center\NTGLM7X.SYS [10/2/2005 1:15 AM 22432] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [7/11/2010 1:36 AM 27064] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 14873701 *NewlyCreated* - 25549179 *NewlyCreated* - 26730192 *NewlyCreated* - 80328800 *NewlyCreated* - MBAMCHAMELEON *Deregistered* - 14873701 *Deregistered* - 25549179 *Deregistered* - 26730192 *Deregistered* - 80328800 *Deregistered* - uphcleanhlp . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder . 2013-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57] . 2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 01:24] . 2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 01:24] . 2013-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1647877149-725345543-1003Core.job - c:\documents and settings\GaryT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-18 23:00] . 2013-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1647877149-725345543-1003UA.job - c:\documents and settings\GaryT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-18 23:00] . 2013-04-28 c:\windows\Tasks\SOS Online Backup - Driskill.job - c:\program files\sos online backup\sosuploadagent.exe [2009-04-28 06:38] . 2013-04-30 c:\windows\Tasks\User_Feed_Synchronization-{6B4B2B2E-0337-436A-93B3-0954C8510B04}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 16:58] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://cm.my.yahoo.com/?rd=nux uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204 IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html Trusted Zone: microsoft.com\drmlicense.one TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 38.116.38.49 DPF: NetGUI - hxxp://www.gomeetnow.com/client/window/1,0,1,69/ActiveXInstaller.CAB DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB DPF: {02FFCFC3-C28F-4ED9-954B-1BAC9FD77E12} - hxxp://webstream.intra.net/media/xflux3.cab DPF: {16C698C4-4BE0-4CDF-B777-39276A95F58F} - hxxp://meeting.zoho.com/login/ActivexViewer.jsp DPF: {54D53429-945C-4188-B460-C81356541882} - hxxp://photosmart.hpphoto.com/Download/HPeServicesLocalPrint.CAB DPF: {56426D1F-A2BB-4195-8555-CCE6533F81E8} - hxxp://meeting.zoho.com/login/Agent.jsp DPF: {7BC974EF-A718-4A17-B77E-4C8DBC327AFA} - hxxps://secure.voloper.net/editor.cab DPF: {7DD82D6B-3553-470B-8D1E-D5C7086478A7} - hxxps://merchantaccount.quickbooks.com/sync/QBMASSyncCom2_2005.cab DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} - hxxp://www.contentpurity.com/xp/ScanFilexp.CAB DPF: {87651085-BCBF-4281-B8F7-1F6E56E92515} - hxxp://meeting.zoho.com/login/Agent.jsp DPF: {B7039D87-D648-4431-BA87-C3A04E6111DA} - hxxps://67.43.9.72:4643/vz/ssh/wodTelnetDLX.cab DPF: {D5382F3F-32AA-41E1-9FFF-5D1EFAC80D40} - hxxp://contentpurity.com/members/FileClean.CAB DPF: {F21AC8A4-4322-11D6-8EBE-0001023D1A2A} - hxxps://merchantaccount.quickbooks.com/recurchrg/IntuitRecurPayCom.cab DPF: {F8A9F96F-8375-4596-BD89-EEAE2781D810} - hxxps://merchantaccount.quickbooks.com/sync/QBMASSyncCom1.cab FF - ProfilePath - c:\documents and settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\ FF - prefs.js: browser.startup.homepage - web.ebuddy.com|hxxp://www.netvibes.com/ FF - ExtSQL: 2013-03-22 16:48; LogMeInClient@logmein.com; c:\documents and settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\extensions\LogMeInClient@logmein.com FF - ExtSQL: !HIDDEN! 2011-07-10 18:12; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - . SafeBoot-14873701.sys AddRemove-{1E3CA1C4-1E90-401B-8CC0-911DF018D8D8} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{1E3CA~1\Setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-04-30 20:04 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(936) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\windows\system32\LMIinit.dll . Completion time: 2013-04-30 20:06:34 ComboFix-quarantined-files.txt 2013-05-01 00:06 ComboFix2.txt 2013-04-30 11:40 ComboFix3.txt 2010-07-12 18:52 . Pre-Run: 45,369,098,240 bytes free Post-Run: 45,363,138,560 bytes free . - - End Of File - - 2B4AD2F9E4A44AA3830BA9D77A7B2054 Things seem OK. What's next? Thanks, Gary
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.