Jump to content

Need Help With Infection

shinglhed
 Share

Recommended Posts

shinglhed

shinglhed

Posted
Posted

Yesterday caught a bug that locked up my computer. Restarted in safe mode, ran a quick scan and deleted it. This morning's flash scan found another and required a restart. This what the log says it found -

Files Detected: 1
C:\Documents and Settings\Customer\Local Settings\Temp\User32.exe (Trojan.Winlock) -> Quarantined and deleted successfully.

 

But now everything is running very slow and Avast Anti-Virus keeps trying to tell me to delete mbamswissarmy.sys.

Here are the logs fromthe DDS tool.

 

.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4500_G510gm_Help
4500G510gm
4500G510gm_Software_Min
ACDSee 7.0
Acrobat.com
Acronis True Image Home
Adobe AIR
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11.5
Amazon MP3 Downloader 1.0.10
ArcSoft PhotoImpression 4
avast! Internet Security
AVS Audio Converter version 4.1
AVS Audio Editor version 3.5
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
BufferChm
Cisco Connect
Destinations
DeviceDiscovery
DivX Setup
dj_sf_software
DocMgr
DocProc
DriverScanner
Eudora
Evidence Eliminator
Fax
FloorPlan 3D v8
Forté Agent
Foxit Reader
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.0.0
HijackThis 2.0.2
Hollywood FX 5.5 Additional Effects
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510g-m
HP Product Detection
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
Instant Deck Design
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Connections Drivers
Java 7 Update 25
Java Auto Updater
LightScribe  1.4.42.1
LiveUpdate
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 2000
Mozilla Firefox (3.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB925673)
Napster for Windows Media Player
Nero Suite
NETGEAR GA311 Gigabit Adapter
NETGEAR GA311 Smart Wizard Utility
Network
NTI DVD-Maker
Nuance PDF Create 7
OCR Software by I.R.I.S. 13.0
OpenOffice.org 3.4.1
PaperPort 8.0 SE
Pinnacle Hollywood FX for Studio
Pinnacle PCI Performance Enhancer
proDAD Heroglyph 1.0
QuickBooks Pro 2007
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Scan
Scansoft PDF Create
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype Click to Call
Skype™ 5.8
SmartWebPrinting
SolutionCenter
SoundMAX
Spelling Dictionaries Support For Adobe Reader 8
Status
Studio 9
Studio 9 Content CD/DVD
Studio 9.4 Patch
SupportSoft Assisted Service
Symbols for FloorPlan v8
Toolbox
TrayApp
TurboCAD Designer v9.2
Ulead Photo Explorer 8.0 SE Basic
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB PC Camera (P Series)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.6195
Visioneer OneTouch 7300
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell 1.0
Windows Presentation Foundation
Windows XP Service Pack 3
WinFax PRO
Wondershare DVD Ripper Platinum(Build 3.2.40)
WordPerfect Office 12
XML Paper Specification Shared Components Pack 1.0
.
==== End Of File ===========================
 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by Customer at 10:03:17 on 2013-07-30
.
============== Running Processes ================
.
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\PROGRA~1\EVIDEN~1\ee.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - c:\program files\nuance\pdf create 7\bin\ZeonIEFavClient.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Nuance PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - c:\program files\nuance\pdf create 7\bin\ZeonIEFavClient.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Evidence Eliminator] c:\progra~1\eviden~1\ee.exe /m
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [WinFaxAppPortStarter] wfxsnt40.exe
mRun: [Nuance PDF Create 7-reminder] "c:\program files\nuance\pdf create 7\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\pdf create 7\ereg\Ereg.ini"
mRun: [OneTouch Monitor] c:\program files\visioneer onetouch\OneTouchMon.exe
mRun: [indexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABBAC0ATgAwADAAUQAzAC0AMABEAFUARwBTAC0AUQBEAFcATQBSAC0AMgBZADQAVgBLAC0AQgBDAEcAUgBFAA"&"inst=NwA2AC0ANQAwADYANgA0ADAANAAxADgALQBWAE8AUAArADMALQBVADkAMAArADEALQBYAE8AMwA2ACsAMQAtAE4AMQBEACsAMQAtAFQAQgA5ACsAMgAtAFAATAArADkA"&"prod=51"&"ver=9.0.872
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdf create 7\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdf create 7\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\nuance\pdf create 7\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\nuance\pdf create 7\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\nuance\pdf create 7\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\nuance\pdf create 7\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe














Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - c:\program files\qualcomm\eudora\EuShlExt.dll
SEH: WinFax PRO IShellExecuteHook - {A213B520-C6C2-11d0-AF9D-008029E1027E} - c:\program files\symantec\winfax\WFXSEH32.DLL
LSA: Authentication Packages =  msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\customer\application data\mozilla\firefox\profiles\5iz62msn.default\
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R? Diag69xp;Diag69xp
R? LANPkt;Realtek LANPkt Protocol
R? lxdc_device;lxdc_device
R? MovRVDrv32;MovRVDrv32
R? NetgearGA311;NETGEAR GA311 Gigabit Adapter Driver
R? SetupNTGLM7X;SetupNTGLM7X
R? SkypeUpdate;Skype Updater
S? aswFsBlk;aswFsBlk
S? aswFW;avast! TDI Firewall driver
S? aswKbd;aswKbd
S? aswMonFlt;aswMonFlt
S? aswNdis;avast! Firewall NDIS Filter Service
S? aswNdis2;avast! Firewall Core Firewall Service
S? aswRvrt;aswRvrt
S? aswSnx;aswSnx
S? aswSP;aswSP
S? aswVmm;aswVmm
S? avast! Antivirus;avast! Antivirus
S? avast! Firewall;avast! Firewall
S? GT680xNT;Visioneer OneTouch 7300 Driver
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? qic157;qic157
S? Skype C2C Service;Skype C2C Service
.
=============== Created Last 30 ================
.
2013-07-16 12:51:29 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-07-16 12:51:23 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-12 18:42:18 6129024 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-07-12 18:42:18 6129024 ----a-w- c:\program files\mozilla firefox\browser\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
.
==================== Find3M  ====================
.
2013-07-16 12:51:05 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-07-16 12:51:05 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-27 19:50:17 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-27 19:50:17 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-12 16:49:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 16:49:38 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-08 03:55:44 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-09 08:59:10 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59:09 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59:09 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-05-09 08:59:09 204784 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-05-09 08:59:08 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-05-09 08:58:37 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 04:28:02 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-05-03 01:30:20 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 10:04:49.35 ===============
 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello shinglhed! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

  • Download on the desktop RogueKiller
  • Quit all programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished ...
  • Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.
In your next reply, post the following log files:
  • Malwarebytes' Anti-Malware log
  • RogueKiller log
Link to post
Share on other sites
shinglhed

shinglhed

Posted
  • Author
Posted

Here are the reports.

 

RogueKiller V8.6.4 [Jul 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Customer [Admin rights]
Mode : Scan -- Date : 07/30/2013 11:10:05
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) ->

FOUND
[HJ DLL][sUSP PATH] HKLM\[...]\CCSet\[...]\Parameters : ServiceDll

(C:\DOCUME~1\ALLUSE~1\APPLIC~1\User32.exe [x]) -> FOUND
[HJ DLL][sUSP PATH] HKLM\[...]\CS001\[...]\Parameters : ServiceDll

(C:\DOCUME~1\ALLUSE~1\APPLIC~1\User32.exe [x]) -> FOUND
[HJ DLL][sUSP PATH] HKLM\[...]\CS003\[...]\Parameters : ServiceDll

(C:\DOCUME~1\ALLUSE~1\APPLIC~1\User32.exe [x]) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] a2bcb2a57f3b18b406c510cc1e2baa00
[bSP] 119fa0530a051591b7682f4b5a0d7b88 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07302013_111005.txt >>

 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.30.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Customer :: CUSTOMER-F3E23B [administrator]

Protection: Enabled

7/30/2013 10:48:15 AM
mbam-log-2013-07-30 (10-48-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 237536
Time elapsed: 7 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites
shinglhed

shinglhed

Posted
  • Author
Posted

Here is the combofix log

 

ComboFix 13-07-30.03 - Customer 07/30/2013  13:30:44.1.2 - x86
Running from: c:\documents and settings\Customer\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi
c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupcz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupda.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupfr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupge.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuphu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupin.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupit.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupjp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupko.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupms.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupnl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsk.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuptr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi
c:\documents and settings\Customer\GoToAssistDownloadHelper.exe
c:\documents and settings\Customer\Start Menu\Programs\Evidence Eliminator
c:\documents and settings\Customer\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator Help.lnk
c:\documents and settings\Customer\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator License Agreement.lnk
c:\documents and settings\Customer\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator Read Me.lnk
c:\documents and settings\Customer\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator.lnk
c:\documents and settings\Customer\WINDOWS
c:\documents and settings\Customer\zlib.dll
C:\install.exe
c:\program files\Evidence Eliminator
c:\program files\Evidence Eliminator\Data\Config.dat
c:\program files\Evidence Eliminator\Data\Drives.dat
c:\program files\Evidence Eliminator\Data\Files.dat
c:\program files\Evidence Eliminator\Data\FilesContents.dat
c:\program files\Evidence Eliminator\Data\Folders.dat
c:\program files\Evidence Eliminator\Data\FolderScans.dat
c:\program files\Evidence Eliminator\Data\IECookiesKeep.dat
c:\program files\Evidence Eliminator\Data\IEDownloadedKeep.dat
c:\program files\Evidence Eliminator\Data\NSN4CookiesKeep.dat
c:\program files\Evidence Eliminator\Data\OE5ChoiceList.dat
c:\program files\Evidence Eliminator\Data\Plug-Ins\AbsoluteFTP.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\ACDSEE Photo Viewer v3.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adaptec Easy CD Creator v4.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v3.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v3.1.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v4.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v5.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v5.1.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v6.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v7.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat v6.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v5.0 LE.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v5.5.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v5.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v6.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v7.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v8.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v9.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\ASPack.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Avant Browser.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Cabinet Manager.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Copernic 2000 Pro.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Copernic 2000.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Copernic Agent.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Cute FTP v3.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Cute FTP v4.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Delphi v3.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Delphi v4.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Delphi v5.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\DiskKeeper v5.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\DivXPlayer.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Download Accelerator.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Eudora Mail.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\EventLog.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\FTP Explorer.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\GetRight ExplorerBar.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\GetRight v4.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\GoogleBar.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\GoZilla.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Helios TextPad v3.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Helios TextPad v4.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\HelpWriter.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Icon Extractor.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\ICQ 2000a.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\InstallShield Express.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v5.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v6.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v7.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v8.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Jet PhotoShell v1.2.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Kazaa.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Limewire v4.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Macromedia Flash v4.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\MasterSplitter v2.1.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\McAfee Virus Scan v4.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microangelo 98.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Micrografx Picture Publisher v7.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Micrografx Picture Publisher v8.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft FrontPage Express.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft FrontPage.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft Help Workshop.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft HTML Help.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft Office.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft Publisher 2000.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft Send-To Extensions.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft Windows Paint.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft Windows WordPad.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\My Network Places.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Napster Music Community.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\NEATO Labels.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\NeoPlanet v5.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Norton AntiVirus 2000 (v6).eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Norton Antivirus 2003.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Norton File Manager.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Norton Internet Security 2004.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Norton Personal Firewall.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Norton Utilities 2000.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\NoteTab Pro.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Opera Browser.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\PackageForTheWeb.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Personal Ancestral File.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Real Audio Player v6 v7 v8.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Real Download v4.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\RealOne Player.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Roxio Easy CD Creator v6.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\SureThing CD Labeler.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Telnet.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Ulead Gif Animator v4.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Ulead Photo Explorer v4.2.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Ulead Photo Viewer v4.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Ulead PhotoImpact v10.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Ulead PhotoImpact v5.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Ulead PhotoImpact Viewer v4.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\UltraEdit v4.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\UltraEdit v7.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Web Ferret v3.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\WinOnCD.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\WinRar v2.6.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\WinRar v2.70.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\WinRar v3.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\WinZip v7.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\WinZip v8.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Wise Installer.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Yahoo Player.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\ZipMagic 2000.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Zone Alarm.eep
c:\program files\Evidence Eliminator\Data\PlugInSelections.dat
c:\program files\Evidence Eliminator\Data\ScanMasks.dat
c:\program files\Evidence Eliminator\Data\TBChoiceList.dat
c:\program files\Evidence Eliminator\Ee.exe
c:\program files\Evidence Eliminator\Help\ee.chm
c:\program files\Evidence Eliminator\INSTALL.LOG
c:\program files\Evidence Eliminator\License.txt
c:\program files\Evidence Eliminator\ReadMe.txt
c:\program files\Evidence Eliminator\UNWISE.EXE
c:\program files\Evidence Eliminator\UNWISE.INI
c:\windows\system32\AutoRun.inf
c:\windows\system32\msssc.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-28 to 2013-07-30  )))))))))))))))))))))))))))))))
.
.
2013-07-29 21:13 . 2013-07-29 21:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2013-07-16 12:52 . 2013-07-16 12:52 -------- d-----w- c:\program files\Common Files\Java
2013-07-16 12:51 . 2013-07-16 12:51 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-07-16 12:51 . 2013-07-16 12:51 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-12 18:42 . 2013-07-12 18:42 6129024 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-07-12 18:42 . 2013-07-12 18:42 6129024 ----a-w- c:\program files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-16 12:51 . 2013-03-05 19:02 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-07-16 12:51 . 2013-03-05 19:02 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-27 19:50 . 2013-03-05 18:46 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 19:50 . 2012-07-03 14:40 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 19:50 . 2012-07-03 14:40 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-12 16:49 . 2012-04-03 12:22 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 16:49 . 2011-05-17 12:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-08 03:55 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2006-02-28 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2006-02-28 12:00 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2006-02-28 12:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-09 08:59 . 2013-03-05 18:46 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2012-07-03 14:39 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-03-05 18:46 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2012-07-03 15:52 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-05-09 08:59 . 2012-07-03 14:39 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2012-07-03 14:39 204784 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-05-09 08:59 . 2012-07-03 14:40 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2012-07-03 14:40 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-05-09 08:58 . 2012-07-03 14:39 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2012-07-03 14:39 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-09 04:28 . 2006-08-25 02:30 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-05-03 01:30 . 2006-02-28 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"WinFaxAppPortStarter"="wfxsnt40.exe" [1998-07-27 43008]
"Nuance PDF Create 7-reminder"="c:\program files\Nuance\PDF Create 7\Ereg\Ereg.exe" [2010-07-05 333088]
"OneTouch Monitor"="c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2003-11-20 106496]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-09-23 36864]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-31 2595616]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-31 909208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-03-14 286720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABBAC0ATgAwADAAUQAzAC0AMABEAFUARwBTAC0AUQBEAFcATQBSAC0AMgBZADQAVgBLAC0AQgBDAEcAUgBFAA&inst=NwA2AC0ANQAwADYANgA0ADAANAAxADgALQBWAE8AUAArADMALQBVADkAMAArADEALQBYAE8AMwA2ACsAMQAtAE4AMQBEACsAMQAtAFQAQgA5ACsAMgAtAFAATAArADkA∏=51&ver=9.0.872" [?]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\Symantec\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Controller.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Controller.LNK
backup=c:\windows\pss\Controller.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GA311 Smart Wizard Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GA311 Smart Wizard Utility.lnk
backup=c:\windows\pss\GA311 Smart Wizard Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RealDownload.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RealDownload.lnk
backup=c:\windows\pss\RealDownload.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-10-31 00:07 140568 -c--a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-01-30 03:34 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ------w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2002-09-23 14:25 45108 ------w- c:\program files\Scansoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
2004-02-03 19:13 49152 -c----w- c:\progra~1\Pinnacle\PPE\PPE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF7 Registry Controller]
2010-08-18 07:11 121120 -c--a-w- c:\program files\Nuance\PDF Create 7\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2010-08-18 07:11 1275168 ----a-w- c:\program files\Nuance\PDF Create 7\PdfCreate7Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-03-14 18:26 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 13:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-05-04 20:10 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
2003-11-18 21:20 45056 -c----w- c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"_IOMEGA_ACTIVE_DISK_SERVICE_"=2 (0x2)
"mnmsrvc"=3 (0x3)
"LightScribeService"=2 (0x2)
"Iomega App Services"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcpswx.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\DRIVERS\LANPkt.sys [x]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-07-12 3289472]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 Diag69xp;Diag69xp;c:\windows\system32\Drivers\Diag69xp.sys [x]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2007-11-23 3768]
R3 NetgearGA311;NETGEAR GA311 Gigabit Adapter Driver;c:\windows\system32\DRIVERS\G311N6.sys [2007-01-22 70144]
R3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [x]
R4 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe [x]
S0 aswKbd;aswKbd; [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-09-07 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2013-05-09 137960]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S3 GT680xNT;Visioneer OneTouch 7300 Driver;c:\windows\system32\drivers\gt680x.sys [2003-08-29 17376]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 qic157;qic157;c:\windows\system32\DRIVERS\qic157.sys [2008-04-13 6016]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ    getPlusHelper
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ    HPSLPSVC
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 16:49]
.
2013-07-30 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-03 08:58]
.
2013-07-30 c:\windows\Tasks\dsmonitor.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2013-03-13 18:47]
.
2013-07-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-1547161642-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2013-07-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-1547161642-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
Trusted Zone: adobe.com\www
Trusted Zone: newport-pleasure.com\www
Trusted Zone: sportsmansguide.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Customer\Application Data\Mozilla\Firefox\Profiles\5iz62msn.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-Evidence Eliminator - c:\progra~1\EVIDEN~1\ee.exe
MSConfigStartUp-ADUserMon - c:\program files\Iomega\AutoDisk\ADUserMon.exe
MSConfigStartUp-Deskup - c:\program files\Iomega\DriveIcons\deskup.exe
MSConfigStartUp-Iomega Drive Icons - c:\program files\Iomega\DriveIcons\ImgIcon.exe
MSConfigStartUp-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
MSConfigStartUp-SpyBlockerPro - c:\program files\SpyStopper Pro\spyblocker.exe
MSConfigStartUp-SpyStopperPro - c:\program files\SpyStopper Pro\ssp.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
MSConfigStartUp-VERIZONDM - c:\program files\VERIZONDM\bin\sprtcmd.exe
AddRemove-Evidence Eliminator - c:\progra~1\EVIDEN~1\UNWISE.EXE
AddRemove-HijackThis - f:\usb utilities\KEY BASIC PROGRAMS\A A For Customers\TrendMicro HiJackThis Ver2.0.2 for Win98-ME-2K-XP-Vista\HijackThis.exe
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-30 13:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1214440339-1547161642-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1040)
c:\windows\system32\relog_ap.dll
.
Completion time: 2013-07-30  13:50:47
ComboFix-quarantined-files.txt  2013-07-30 17:50
.
Pre-Run: 20,505,600,000 bytes free
Post-Run: 20,818,563,072 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 04A5E779D83B525D0DC6D13D3738A4F4
8F558EB6672622401DA993E1E865C861
 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites
shinglhed

shinglhed

Posted
  • Author
Posted

WOW, was that a long scan! Here is the results -

 

C:\Documents and Settings\Customer\Start Menu\My Documents\MISC\fun\farter.exe a variant of Win32/Joke.ScreenMate.AA application cleaned by deleting - quarantined
C:\Documents and Settings\Customer\Start Menu\My Documents\programs\FoxitReader531.0606_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Documents and Settings\Customer\Start Menu\My Documents\programs\WinZip170.exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CE9F27B3-E21A-4C4B-A88B-24A581023893}\RP1223\A0305167.lnk Win32/Reveton.M trojan cleaned by deleting - quarantined
 

Link to post
Share on other sites
shinglhed

shinglhed

Posted
  • Author
Posted

Everything, for the most part, seems to be ok. A few things are running slow but that could be that I need to do a good cleanimg.

Two problems - 1) Avast does not load on start up. I've rebooted 3 times, checked msconfig and AvastARM is checked off, but it doesn't load on start up

2) Evidence Eliminator is gone - if this just part of the clean up process I can always just reload it as I've used this utility to help[ keep my computer "clean" and running well.

 

I'll be off line until about 8:00 AM EST tomorrow.

 

Thank you for all your help.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Two problems - 1) Avast does not load on start up. I've rebooted 3 times, checked msconfig and AvastARM is checked off, but it doesn't load on start up

May be damaged. Please re-install it.

2) Evidence Eliminator is gone - if this just part of the clean up process I can always just reload it as I've used this utility to help[ keep my computer "clean" and running well.

Cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis. The company went out of business in June 2012, just for your information. If you want it, reinstall it.

When you are ready let me know for my last instructions for you.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Well done! :)

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2

Please uninstall ESET Online Scanner

Step 3

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites
shinglhed

shinglhed

Posted
  • Author
Posted

First off...thank you very much for all of the help.

 

Before I uninstall the ESNET Scanner, after it was done scanning there was a message that if I uninstall it the files that were quarantined would no longer be quarantined. Should I be worried about that?

Thanks again

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept