Jump to content

Various adware hits


Recommended Posts

Malwarebytes found 14 items, so here are the dds logs:

 

DDS.txt:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16502
Run by Owner at 22:35:39 on 2013-09-03
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1916.425 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\node.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\VoloMedia\VoloMedia Service\VoloMediaService.exe
C:\Windows\twain_32\Dell\MFP1125\Monitor\Stsmon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\RacAgent.exe
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit = userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: ALOT Toolbar Helper: {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files (x86)\alot\bin\alot.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - <orphaned>
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: ALOT Toolbar: {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files (x86)\alot\bin\alot.dll
TB: <No Name>:  - LocalServer32 - <no file>
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [VibeFireAlerts] <no file>
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [hpqSRMon] <no file>
mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{4D36FE6F-5620-4518-B24F-68BBDDC76305} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D88536FD-30BB-4C28-B54D-EDDF8598703F} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - <orphaned>
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-6-13 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-6-13 204880]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-6-13 22600]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-7-9 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-3-24 378944]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-3-24 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-3-24 80816]
R3 CAXHWBS3;CAXHWBS3;C:\Windows\System32\drivers\CAXHWBS3.sys [2008-9-18 286208]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-08-30 07:48:10 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-08-30 07:48:10 64288 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
2013-08-30 07:48:10 59144 ----a-w- C:\Windows\System32\drivers\aswRdr.sys
2013-08-30 07:48:10 378944 ----a-w- C:\Windows\System32\drivers\aswSP.sys
2013-08-30 07:48:10 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-08-30 07:48:10 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-08-30 07:48:09 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-08-30 07:48:09 33400 ----a-w- C:\Windows\System32\drivers\aswFsBlk.sys
2013-08-30 07:47:40 41664 ----a-w- C:\Windows\avastSS.scr
2013-08-30 07:47:14 287840 ----a-w- C:\Windows\System32\aswBoot.exe
2013-08-22 02:13:40 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-22 02:13:40 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-02 14:06:01 1706496 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-02 04:09:35 1548288 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-25 03:54:29 17830400 ----a-w- C:\Windows\System32\mshtml.dll
2013-07-25 03:37:25 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-25 03:35:45 10926080 ----a-w- C:\Windows\System32\ieframe.dll
2013-07-25 03:31:23 1346560 ----a-w- C:\Windows\System32\urlmon.dll
2013-07-25 03:30:49 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-07-25 03:29:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-07-25 03:29:21 237056 ----a-w- C:\Windows\System32\url.dll
2013-07-25 03:29:06 86016 ----a-w- C:\Windows\System32\jsproxy.dll
2013-07-25 03:28:46 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-07-25 03:28:31 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-07-25 03:28:27 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-07-25 03:28:24 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-07-25 03:28:18 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-07-25 03:27:29 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-07-25 03:27:20 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-25 03:26:53 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-07-25 02:40:07 12334080 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-07-25 02:32:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-25 02:30:47 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-07-25 02:26:45 1104384 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-07-25 02:26:10 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-25 02:25:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-07-25 02:24:39 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-07-25 02:24:24 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-07-25 02:23:59 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-07-25 02:23:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-07-25 02:23:51 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-07-25 02:23:30 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-07-25 02:23:27 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-07-25 02:22:47 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-07-25 02:22:35 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-25 02:22:04 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-07-17 20:01:51 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-17 19:41:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-10 09:47:49 677888 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-10 09:42:55 1303552 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 12:04:30 1585256 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 12:04:30 1168088 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-08 04:51:57 4691904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-08 04:20:17 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-08 04:20:04 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-08 04:18:51 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-08 04:16:55 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-08 04:16:55 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-08 04:16:54 992768 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-08 04:16:33 43008 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-08 04:15:39 234496 ----a-w- C:\Windows\System32\wow64.dll
2013-07-08 04:15:25 218624 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-08 04:14:21 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-07-08 04:12:34 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-08 04:12:34 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-08 04:12:34 1276416 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-08 01:39:04 26112 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-08 01:39:03 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-08 01:39:02 2560 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-05 04:45:27 1423808 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-15 13:27:51 20480 ----a-w- C:\Windows\System32\icaapi.dll
2013-06-15 11:38:39 29184 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
.
============= FINISH: 22:37:49.85 ===============
 
Attach.txt:
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 10/16/2008 11:30:41 AM
System Uptime: 9/3/2013 10:16:19 PM (0 hours ago)
.
Motherboard: FOXCONN |  | Irvine
Processor: Intel® Pentium® Dual  CPU  E2180  @ 2.00GHz | Socket 775 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 138.935 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.744 GiB free.
E: is CDROM (CDFS)
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0007
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0007
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: avast! Firewall NDIS Filter Miniport
Device ID: ROOT\SW_ASWNDISMP\0000
Manufacturer: ALWIL Software
Name: avast! Firewall NDIS Filter Miniport
PNP Device ID: ROOT\SW_ASWNDISMP\0000
Service: aswNdis
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
64 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
ALOT Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATT Management Agent
avast! Free Antivirus
Belkin F5D8053 N Wireless USB Adapter
Bonjour
BufferChm
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Compatibility Pack for the 2007 Office system
CustomerResearchQFolder
CyberLink DVD Suite Deluxe
D1500_Help
Dell MFP 1125
Destinations
DeviceDiscovery
DeviceManagementQFolder
DJ_SF_03_D1500_ProductContext
DJ_SF_03_D1500_Software
DJ_SF_03_D1500_Software_Min
DocMgr
DocProc
Download Updater (AOL LLC)
Enhanced Multimedia Keyboard Solution
eSupportQFolder
Fax
Google Chrome
Google Earth
Google Update Helper
GPBaseService
GPBaseService2
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 13.0
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Total Care Advisor
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
HPTCSSetup
iTunes
Java Auto Updater
Java 6 Update 22
Java SE Runtime Environment 6 Update 1
LabelPrint
LightScribe System Software  1.14.17.1
LightScribeTemplateLabeler
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MobileMe Control Panel
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
Network64
NVIDIA Drivers
OCR Software by I.R.I.S. 13.0
PC Tutor™ Learn Windows Vista™
PCIe Soft Data Fax Modem with SmartCP
Power2Go
PowerDirector
PSSWCORE
Python 2.5.2
QuickTime
Realtek High Definition Audio Driver
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Shop for HP Supplies
Skype web features
Skype™ 4.1
SmartWebPrinting
SolutionCenter
Status
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
VideoToolkit01
VLC media player 0.9.2
VoloMedia iTunes plug-in
WebReg
Yahoo! Toolbar
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Hello bandarbalu and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 3
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

Thanks for your help, Borislav.  Before I post the logs, please note that I did a couple iterations of Avast full and boot-time scans, as well as a couple full MBAM scans, after I posted my original message and before you replied.  Let me know if you want me to run DDS again.

 

Here is the JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.8 (09.05.2013:1)
OS: Windows Vista Home Premium x64
Ran by Owner on Thu 09/05/2013 at 21:02:44.49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\bandoocore.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnu.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bandoo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\alottoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\vghd"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\alot"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\zango"
Successfully deleted: [Folder] "C:\Program Files (x86)\alot"
Successfully deleted: [Folder] "C:\Program Files (x86)\free offers from freeze.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\vghd"
Successfully deleted: [Folder] "C:\Program Files (x86)\winferno\registrypowercleaner"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/05/2013 at 21:12:27.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Here is the AdwCleaner log:

 

# AdwCleaner v3.002 - Report created 05/09/2013 at 22:27:29
# Updated 01/09/2013 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeze.com
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeze.com
File Deleted : C:\Windows\Uninstall.exe
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.EasyHideBtn
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.EasyHideBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.Localizer
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.Localizer.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighter
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighter.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighterStatistics
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighterStatistics.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SkypeIEHelper
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SkypeIEHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SNameProxy
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SNameProxy.1
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [AdobeUpdater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{937936AF-28CA-4973-B8AE-F250406149A2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKCU\Software\AppDataLow\Software\alot
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\alotToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16502
 
 
-\\ Google Chrome v29.0.1547.66
 
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4987 octets] - [05/09/2013 22:26:13]
AdwCleaner[s0].txt - [4711 octets] - [05/09/2013 22:27:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4771 octets] ##########
 
 
 
Here is the MBAM log:
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.06.02
 
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]
 
9/5/2013 10:34:32 PM
mbam-log-2013-09-05 (22-34-32).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 251339
Time elapsed: 5 minute(s), 29 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
Link to post
Share on other sites

The system is running smoothly, but the Avast full system scans continue to find a threat that Avast fails to remove.  Sorry, but it appears the Avast logs cannot be cut and pasted, so here is the log entry transcribed:

 

File name                                                                     Severity         Status                                    Action                        Result

C:\Windows\Installer\2b510.msi|>Binary.NewBinary19  High              Threat:JS.ADODB-BT [Expl]  Move to Chest           Error: The operation is not supported for this type of archive. (42111)

 

I have also been updating all the software on the system that I can.

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

Combofix log:

 

ComboFix 13-09-08.02 - Owner 09/08/2013  11:04:20.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1916.837 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_pcCMService
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-08 to 2013-09-08  )))))))))))))))))))))))))))))))
.
.
2013-09-06 10:06 . 2013-09-06 10:06 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-09-06 06:06 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F640F8D2-1761-4AC7-B4E0-4A440050E693}\mpengine.dll
2013-09-06 05:45 . 2013-09-06 05:45 -------- d-----w- c:\users\Owner\AppData\Local\WindowsUpdate
2013-09-06 05:24 . 2013-09-06 05:27 -------- d-----w- C:\AdwCleaner
2013-09-06 04:02 . 2013-09-06 04:02 -------- d-----w- c:\windows\ERUNT
2013-09-05 04:08 . 2013-09-05 04:14 -------- d-----w- c:\program files (x86)\ERUNT
2013-09-04 06:30 . 2013-09-04 06:30 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-09-04 06:30 . 2013-09-04 06:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-09-04 06:30 . 2013-09-04 06:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-09-04 06:30 . 2013-09-04 06:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-09-04 06:30 . 2013-09-04 06:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-09-04 06:29 . 2013-09-04 06:29 -------- d-----w- c:\program files (x86)\QuickTime
2013-09-04 06:22 . 2013-09-04 06:22 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-09-04 06:15 . 2013-09-04 06:20 -------- d-----w- c:\windows\system32\MRT
2013-09-04 06:15 . 2013-09-04 13:56 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-09-04 06:04 . 2013-09-04 06:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-09-04 06:03 . 2013-09-04 06:02 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-09-04 06:03 . 2013-09-04 06:03 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-04 06:02 . 2013-09-04 06:02 -------- d-----w- c:\programdata\McAfee
2013-09-04 05:24 . 2013-09-04 05:24 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2013-09-04 05:23 . 2013-09-04 05:23 -------- d-----w- c:\programdata\Malwarebytes
2013-09-04 05:23 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-04 05:23 . 2013-09-04 05:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-29 15:59 . 2013-08-02 14:06 1706496 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-29 15:59 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-17 00:08 . 2013-07-08 04:16 992768 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-17 00:08 . 2013-07-08 04:12 1276416 ----a-w- c:\windows\system32\crypt32.dll
2013-08-17 00:08 . 2013-07-08 04:16 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-17 00:08 . 2013-07-08 04:15 218624 ----a-w- c:\windows\system32\wintrust.dll
2013-08-17 00:08 . 2013-07-08 04:20 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-17 00:08 . 2013-07-08 04:12 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-17 00:08 . 2013-07-08 04:12 132096 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-17 00:08 . 2013-07-08 04:16 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-16 03:19 . 2013-07-17 20:01 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-16 03:19 . 2013-07-17 19:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-08-16 03:13 . 2013-07-25 03:28 816640 ----a-w- c:\windows\system32\jscript.dll
2013-08-16 03:13 . 2013-07-25 03:28 2147840 ----a-w- c:\windows\system32\iertutil.dll
2013-08-16 03:13 . 2013-07-25 02:25 104448 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2013-08-16 03:13 . 2013-07-25 03:30 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2013-08-16 03:13 . 2013-07-25 02:25 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2013-08-16 03:13 . 2013-07-25 03:30 887808 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2013-08-16 03:13 . 2013-07-25 02:25 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2013-08-16 03:13 . 2013-07-25 03:54 17830400 ----a-w- c:\windows\system32\mshtml.dll
2013-08-16 03:13 . 2013-07-25 03:35 10926080 ----a-w- c:\windows\system32\ieframe.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-04 06:02 . 2010-10-15 01:30 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-08-30 07:48 . 2013-06-13 21:00 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2013-06-13 21:00 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2011-07-10 05:52 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2010-03-25 02:20 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2010-03-25 02:20 59144 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-08-30 07:48 . 2010-03-25 02:20 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2010-03-25 02:20 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2010-03-25 02:20 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2010-10-26 18:38 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2011-01-18 10:16 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-22 02:13 . 2013-01-05 20:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-22 02:13 . 2013-01-05 20:16 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-05 23:14 . 2006-11-02 12:35 78161360 ----a-w- c:\windows\system32\mrt.exe
2013-07-08 04:16 . 2013-08-17 00:17 43008 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"VoloMedia Service"="c:\program files (x86)\VoloMedia\VoloMedia Service\VoloMediaService.exe" [2009-05-07 3965648]
"MFPMonitor"="c:\windows\twain_32\DELL\MFP1125\Monitor\Stsmon.exe" [2007-08-08 2002944]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-08-30 4858968]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-05 04:01 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-05 02:13]
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-19 06:28]
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-19 06:28]
.
2013-09-08 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-09-18 03:03]
.
2013-09-08 c:\windows\Tasks\PCConfidential.job
- c:\program files (x86)\Winferno\PC Confidential\PCConfidential.exe [2009-05-26 21:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 15851040]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-VibeFireAlerts - (no file)
Wow6432Node-HKLM-Run-hpqSRMon - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-DellMFP1125 - c:\windows\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-261273699-3008607065-3077023680-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{23EBC65C-CD94-6282-573F-9611C2B61F5A}*]
@Allowed: (Read) (RestrictedCode)
"jadbogfmaimgagnlpkpm"=hex:62,61,68,6f,00,00
"jadbogfmaimgagnlpkdm"=hex:62,61,61,6f,00,00
"iadacpddekbajedhhi"=hex:6b,61,69,6f,6b,63,63,6c,6e,62,68,61,61,6c,65,6e,6a,70,
   6c,6d,63,6f,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\ATT\8.2.1.6\ma\bin\node.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2013-09-08  12:47:06 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-08 19:47
.
Pre-Run: 148,779,753,472 bytes free
Post-Run: 148,769,640,448 bytes free
.
- - End Of File - - 7FF47A01C2F94CE5B837A4F0BCE6A976
03BA8F890B47C0BE359A4D5A636D214D
 
Link to post
Share on other sites

Also, FYI, this cleanup is for a relative, and since I will be out of town this week, I am removing Combofix, JRT, AdwCleaner, and DDS for now so he can use the computer while I am gone.  If you see anything else I should do, let me know and I will take care of it this coming weekend.  Thanks for now!

Link to post
Share on other sites

I managed to get to this before I left.

 

DDS.txt;

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16502  BrowserJavaVersion: 10.25.2
Run by Owner at 14:55:09 on 2013-09-08
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1916.1138 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\node.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\VoloMedia\VoloMedia Service\VoloMediaService.exe
C:\Windows\twain_32\Dell\MFP1125\Monitor\Stsmon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - <orphaned>
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: <No Name>:  - LocalServer32 - <no file>
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [VoloMedia Service] "C:\Program Files (x86)\VoloMedia\VoloMedia Service\VoloMediaService.exe"
mRun: [MFPMonitor] C:\Windows\twain_32\DELL\MFP1125\Monitor\Stsmon.exe
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [sunJavaUpdateReg] "C:\Windows\System32\jureg.exe" -delete
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{4D36FE6F-5620-4518-B24F-68BBDDC76305} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D88536FD-30BB-4C28-B54D-EDDF8598703F} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - <orphaned>
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-6-13 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-6-13 204880]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-6-13 22600]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-7-9 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-3-24 378944]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-3-24 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-3-24 80816]
R2 ATT MAHostService;ATT MAHostService;C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe [2013-1-23 319488]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-3-24 46808]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-2-3 460288]
R3 CAXHWBS3;CAXHWBS3;C:\Windows\System32\drivers\CAXHWBS3.sys [2008-9-18 286208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1ca807470d0d884;Google Update Service (gupdate1ca807470d0d884);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-18 133104]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-4-19 1022632]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-18 89920]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-09-04 06:03:05 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-04 06:02:56 263592 ----a-w- C:\Windows\SysWow64\javaws.exe
2013-09-04 06:02:56 175016 ----a-w- C:\Windows\SysWow64\javaw.exe
2013-09-04 06:02:55 175016 ----a-w- C:\Windows\SysWow64\java.exe
2013-09-04 06:02:53 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-09-04 06:02:53 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-08-30 07:48:10 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-08-30 07:48:10 64288 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
2013-08-30 07:48:10 59144 ----a-w- C:\Windows\System32\drivers\aswRdr.sys
2013-08-30 07:48:10 378944 ----a-w- C:\Windows\System32\drivers\aswSP.sys
2013-08-30 07:48:10 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-08-30 07:48:10 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-08-30 07:48:09 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-08-30 07:48:09 33400 ----a-w- C:\Windows\System32\drivers\aswFsBlk.sys
2013-08-30 07:47:40 41664 ----a-w- C:\Windows\avastSS.scr
2013-08-30 07:47:14 287840 ----a-w- C:\Windows\System32\aswBoot.exe
2013-08-22 02:13:40 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-22 02:13:40 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-05 23:14:32 78161360 ----a-w- C:\Windows\System32\mrt.exe
2013-08-02 14:06:01 1706496 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-02 04:09:35 1548288 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-25 03:54:29 17830400 ----a-w- C:\Windows\System32\mshtml.dll
2013-07-25 03:37:25 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-25 03:35:45 10926080 ----a-w- C:\Windows\System32\ieframe.dll
2013-07-25 03:31:23 1346560 ----a-w- C:\Windows\System32\urlmon.dll
2013-07-25 03:30:49 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-07-25 03:29:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-07-25 03:29:21 237056 ----a-w- C:\Windows\System32\url.dll
2013-07-25 03:29:06 86016 ----a-w- C:\Windows\System32\jsproxy.dll
2013-07-25 03:28:46 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-07-25 03:28:31 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-07-25 03:28:27 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-07-25 03:28:24 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-07-25 03:28:18 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-07-25 03:27:29 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-07-25 03:27:20 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-25 03:26:53 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-07-25 02:40:07 12334080 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-07-25 02:32:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-25 02:30:47 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-07-25 02:26:45 1104384 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-07-25 02:26:10 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-25 02:25:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-07-25 02:24:39 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-07-25 02:24:24 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-07-25 02:23:59 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-07-25 02:23:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-07-25 02:23:51 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-07-25 02:23:30 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-07-25 02:23:27 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-07-25 02:22:47 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-07-25 02:22:35 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-25 02:22:04 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-07-17 20:01:51 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-17 19:41:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-10 09:47:49 677888 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-10 09:42:55 1303552 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 12:04:30 1585256 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 12:04:30 1168088 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-08 04:51:57 4691904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-08 04:20:17 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-08 04:20:04 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-08 04:18:51 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-08 04:16:55 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-08 04:16:55 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-08 04:16:54 992768 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-08 04:16:33 43008 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-08 04:15:39 234496 ----a-w- C:\Windows\System32\wow64.dll
2013-07-08 04:15:25 218624 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-08 04:14:21 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-07-08 04:12:34 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-08 04:12:34 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-08 04:12:34 1276416 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-08 01:39:04 26112 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-08 01:39:03 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-08 01:39:02 2560 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-05 04:45:27 1423808 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-15 13:27:51 20480 ----a-w- C:\Windows\System32\icaapi.dll
2013-06-15 11:38:39 29184 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
.
============= FINISH: 14:55:52.90 ===============
 
 
 
Attach.txt:
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 10/16/2008 11:30:41 AM
System Uptime: 9/8/2013 2:26:11 PM (0 hours ago)
.
Motherboard: FOXCONN |  | Irvine
Processor: Intel® Pentium® Dual  CPU  E2180  @ 2.00GHz | Socket 775 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 138.772 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.744 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0007
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0007
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: avast! Firewall NDIS Filter Miniport
Device ID: ROOT\SW_ASWNDISMP\0000
Manufacturer: ALWIL Software
Name: avast! Firewall NDIS Filter Miniport
PNP Device ID: ROOT\SW_ASWNDISMP\0000
Service: aswNdis
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
64 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.7)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATT Management Agent
avast! Free Antivirus
Belkin F5D8053 N Wireless USB Adapter
Bonjour
BufferChm
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Compatibility Pack for the 2007 Office system
CustomerResearchQFolder
CyberLink DVD Suite Deluxe
D1500_Help
Dell MFP 1125
Destinations
DeviceDiscovery
DeviceManagementQFolder
DJ_SF_03_D1500_ProductContext
DJ_SF_03_D1500_Software
DJ_SF_03_D1500_Software_Min
DocMgr
DocProc
Enhanced Multimedia Keyboard Solution
eSupportQFolder
Fax
Google Chrome
Google Earth
Google Update Helper
GPBaseService
GPBaseService2
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 13.0
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Total Care Advisor
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
HPTCSSetup
iTunes
Java 7 Update 25
Java Auto Updater
LabelPrint
LightScribe System Software  1.14.17.1
LightScribeTemplateLabeler
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MobileMe Control Panel
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
Network64
NVIDIA Drivers
OCR Software by I.R.I.S. 13.0
PC Tutor™ Learn Windows Vista™
PCIe Soft Data Fax Modem with SmartCP
Power2Go
PowerDirector
PSSWCORE
Python 2.5.2
QuickTime
Realtek High Definition Audio Driver
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Shop for HP Supplies
Skype web features
Skype™ 5.10
SmartWebPrinting
SolutionCenter
Status
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
VideoToolkit01
VLC media player 2.0.8
VoloMedia iTunes plug-in
WebReg
Yahoo! Toolbar
.
==== End Of File ===========================
 
Link to post
Share on other sites

Got Windows Defender running, so here are some new log files:

 

DDS.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16502  BrowserJavaVersion: 10.25.2
Run by Owner at 15:14:56 on 2013-09-08
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1916.867 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\node.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\VoloMedia\VoloMedia Service\VoloMediaService.exe
C:\Windows\twain_32\Dell\MFP1125\Monitor\Stsmon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - <orphaned>
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: <No Name>:  - LocalServer32 - <no file>
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [VoloMedia Service] "C:\Program Files (x86)\VoloMedia\VoloMedia Service\VoloMediaService.exe"
mRun: [MFPMonitor] C:\Windows\twain_32\DELL\MFP1125\Monitor\Stsmon.exe
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [sunJavaUpdateReg] "C:\Windows\System32\jureg.exe" -delete
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{4D36FE6F-5620-4518-B24F-68BBDDC76305} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D88536FD-30BB-4C28-B54D-EDDF8598703F} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - <orphaned>
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-6-13 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-6-13 204880]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-6-13 22600]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-7-9 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-3-24 378944]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-3-24 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-3-24 80816]
R2 ATT MAHostService;ATT MAHostService;C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe [2013-1-23 319488]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-3-24 46808]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-2-3 460288]
R3 CAXHWBS3;CAXHWBS3;C:\Windows\System32\drivers\CAXHWBS3.sys [2008-9-18 286208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1ca807470d0d884;Google Update Service (gupdate1ca807470d0d884);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-18 133104]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-4-19 1022632]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-18 89920]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-09-04 06:03:05 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-04 06:02:56 263592 ----a-w- C:\Windows\SysWow64\javaws.exe
2013-09-04 06:02:56 175016 ----a-w- C:\Windows\SysWow64\javaw.exe
2013-09-04 06:02:55 175016 ----a-w- C:\Windows\SysWow64\java.exe
2013-09-04 06:02:53 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-09-04 06:02:53 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-08-30 07:48:10 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-08-30 07:48:10 64288 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
2013-08-30 07:48:10 59144 ----a-w- C:\Windows\System32\drivers\aswRdr.sys
2013-08-30 07:48:10 378944 ----a-w- C:\Windows\System32\drivers\aswSP.sys
2013-08-30 07:48:10 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-08-30 07:48:10 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-08-30 07:48:09 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-08-30 07:48:09 33400 ----a-w- C:\Windows\System32\drivers\aswFsBlk.sys
2013-08-30 07:47:40 41664 ----a-w- C:\Windows\avastSS.scr
2013-08-30 07:47:14 287840 ----a-w- C:\Windows\System32\aswBoot.exe
2013-08-22 02:13:40 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-22 02:13:40 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-05 23:14:32 78161360 ----a-w- C:\Windows\System32\mrt.exe
2013-08-02 14:06:01 1706496 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-02 04:09:35 1548288 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-25 03:54:29 17830400 ----a-w- C:\Windows\System32\mshtml.dll
2013-07-25 03:37:25 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-25 03:35:45 10926080 ----a-w- C:\Windows\System32\ieframe.dll
2013-07-25 03:31:23 1346560 ----a-w- C:\Windows\System32\urlmon.dll
2013-07-25 03:30:49 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-07-25 03:29:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-07-25 03:29:21 237056 ----a-w- C:\Windows\System32\url.dll
2013-07-25 03:29:06 86016 ----a-w- C:\Windows\System32\jsproxy.dll
2013-07-25 03:28:46 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-07-25 03:28:31 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-07-25 03:28:27 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-07-25 03:28:24 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-07-25 03:28:18 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-07-25 03:27:29 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-07-25 03:27:20 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-25 03:26:53 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-07-25 02:40:07 12334080 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-07-25 02:32:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-25 02:30:47 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-07-25 02:26:45 1104384 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-07-25 02:26:10 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-25 02:25:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-07-25 02:24:39 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-07-25 02:24:24 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-07-25 02:23:59 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-07-25 02:23:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-07-25 02:23:51 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-07-25 02:23:30 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-07-25 02:23:27 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-07-25 02:22:47 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-07-25 02:22:35 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-25 02:22:04 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-07-17 20:01:51 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-17 19:41:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-10 09:47:49 677888 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-10 09:42:55 1303552 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 12:04:30 1585256 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 12:04:30 1168088 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-08 04:51:57 4691904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-08 04:20:17 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-08 04:20:04 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-08 04:18:51 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-08 04:16:55 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-08 04:16:55 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-08 04:16:54 992768 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-08 04:16:33 43008 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-08 04:15:39 234496 ----a-w- C:\Windows\System32\wow64.dll
2013-07-08 04:15:25 218624 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-08 04:14:21 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-07-08 04:12:34 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-08 04:12:34 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-08 04:12:34 1276416 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-08 01:39:04 26112 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-08 01:39:03 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-08 01:39:02 2560 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-05 04:45:27 1423808 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-15 13:27:51 20480 ----a-w- C:\Windows\System32\icaapi.dll
2013-06-15 11:38:39 29184 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
.
============= FINISH: 15:16:41.51 ===============
 
 
 
 
Attach.txt:
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 10/16/2008 11:30:41 AM
System Uptime: 9/8/2013 3:11:44 PM (0 hours ago)
.
Motherboard: FOXCONN |  | Irvine
Processor: Intel® Pentium® Dual  CPU  E2180  @ 2.00GHz | Socket 775 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 138.673 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.744 GiB free.
E: is CDROM (CDFS)
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0007
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0007
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: avast! Firewall NDIS Filter Miniport
Device ID: ROOT\SW_ASWNDISMP\0000
Manufacturer: ALWIL Software
Name: avast! Firewall NDIS Filter Miniport
PNP Device ID: ROOT\SW_ASWNDISMP\0000
Service: aswNdis
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
64 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.7)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATT Management Agent
avast! Free Antivirus
Belkin F5D8053 N Wireless USB Adapter
Bonjour
BufferChm
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Compatibility Pack for the 2007 Office system
CustomerResearchQFolder
CyberLink DVD Suite Deluxe
D1500_Help
Dell MFP 1125
Destinations
DeviceDiscovery
DeviceManagementQFolder
DJ_SF_03_D1500_ProductContext
DJ_SF_03_D1500_Software
DJ_SF_03_D1500_Software_Min
DocMgr
DocProc
Enhanced Multimedia Keyboard Solution
eSupportQFolder
Fax
Google Chrome
Google Earth
Google Update Helper
GPBaseService
GPBaseService2
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 13.0
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Total Care Advisor
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
HPTCSSetup
iTunes
Java 7 Update 25
Java Auto Updater
LabelPrint
LightScribe System Software  1.14.17.1
LightScribeTemplateLabeler
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MobileMe Control Panel
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
Network64
NVIDIA Drivers
OCR Software by I.R.I.S. 13.0
PC Tutor™ Learn Windows Vista™
PCIe Soft Data Fax Modem with SmartCP
Power2Go
PowerDirector
PSSWCORE
Python 2.5.2
QuickTime
Realtek High Definition Audio Driver
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Shop for HP Supplies
Skype web features
Skype™ 5.10
SmartWebPrinting
SolutionCenter
Status
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
VideoToolkit01
VLC media player 2.0.8
VoloMedia iTunes plug-in
WebReg
Yahoo! Toolbar
.
==== End Of File ===========================
 
Link to post
Share on other sites

I did give the computer back to my relative before I left town, so I have to check with him, but in the couple of restarts I did before leaving, everything seemed good.  I'm going to talk to him about getting the paid version of Malwarebytes for future protection.  Do you have any more advice related to the computer's current status?

Link to post
Share on other sites

Yes, some cleanup steps.

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.