bandarbalu Posted September 4, 2013 ID:725048 Share Posted September 4, 2013 Malwarebytes found 14 items, so here are the dds logs: DDS.txt: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16502Run by Owner at 22:35:39 on 2013-09-03Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1916.425 [GMT -7:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exeC:\Windows\system32\Dwm.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exeC:\Windows\Explorer.EXEC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Program Files (x86)\ATT\8.2.1.6\ma\bin\node.exeC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\system32\taskeng.exec:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\Common Files\Motive\pcCMService.exeC:\Program Files\Common Files\Motive\pcCMService.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\DRIVERS\xaudio64.exeC:\Windows\system32\svchost.exe -k HPServiceC:\Windows\System32\WUDFHost.exeC:\Windows\System32\mobsync.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\ehome\ehtray.exeC:\hp\support\hpsysdrv.exeC:\Program Files (x86)\VoloMedia\VoloMedia Service\VoloMediaService.exeC:\Windows\twain_32\Dell\MFP1125\Monitor\Stsmon.exeC:\Program Files\Alwil Software\Avast5\AvastUI.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\ehome\ehmsas.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationc:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\wuauclt.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\system32\msiexec.exeC:\Windows\system32\vssvc.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\System32\svchost.exe -k swprvC:\Windows\system32\taskeng.exeC:\Windows\system32\RacAgent.exeC:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dllmWinlogon: Userinit = userinit.exeBHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dllBHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: ALOT Toolbar Helper: {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files (x86)\alot\bin\alot.dllBHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dllBHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - <orphaned>BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTB: ALOT Toolbar: {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files (x86)\alot\bin\alot.dllTB: <No Name>: - LocalServer32 - <no file>TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dllTB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dlluRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [ehTray.exe] C:\Windows\ehome\ehTray.exeuRun: [VibeFireAlerts] <no file>mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exemRun: [hpqSRMon] <no file>mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silentmPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllIE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTCP: NameServer = 192.168.0.1TCP: Interfaces\{4D36FE6F-5620-4518-B24F-68BBDDC76305} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{D88536FD-30BB-4C28-B54D-EDDF8598703F} : DHCPNameServer = 192.168.0.1Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgx64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dllx64-BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - <orphaned>x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dllx64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hidex64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartupx64-mPolicies-Explorer: NoActiveDesktop = dword:1x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0x64-mPolicies-System: EnableUIADesktopToggle = dword:0x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>.============= SERVICES / DRIVERS ===============.R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-6-13 65336]R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-6-13 204880]R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-6-13 22600]R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-7-9 1030952]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-3-24 378944]R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-3-24 33400]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-3-24 80816]R3 CAXHWBS3;CAXHWBS3;C:\Windows\System32\drivers\CAXHWBS3.sys [2008-9-18 286208].=============== File Associations ===============.FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*.=============== Created Last 30 ================..==================== Find3M ====================.2013-08-30 07:48:10 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys2013-08-30 07:48:10 64288 ----a-w- C:\Windows\System32\drivers\aswTdi.sys2013-08-30 07:48:10 59144 ----a-w- C:\Windows\System32\drivers\aswRdr.sys2013-08-30 07:48:10 378944 ----a-w- C:\Windows\System32\drivers\aswSP.sys2013-08-30 07:48:10 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2013-08-30 07:48:10 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2013-08-30 07:48:09 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2013-08-30 07:48:09 33400 ----a-w- C:\Windows\System32\drivers\aswFsBlk.sys2013-08-30 07:47:40 41664 ----a-w- C:\Windows\avastSS.scr2013-08-30 07:47:14 287840 ----a-w- C:\Windows\System32\aswBoot.exe2013-08-22 02:13:40 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-08-22 02:13:40 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-08-02 14:06:01 1706496 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-08-02 04:09:35 1548288 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-25 03:54:29 17830400 ----a-w- C:\Windows\System32\mshtml.dll2013-07-25 03:37:25 2312704 ----a-w- C:\Windows\System32\jscript9.dll2013-07-25 03:35:45 10926080 ----a-w- C:\Windows\System32\ieframe.dll2013-07-25 03:31:23 1346560 ----a-w- C:\Windows\System32\urlmon.dll2013-07-25 03:30:49 1392128 ----a-w- C:\Windows\System32\wininet.dll2013-07-25 03:29:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2013-07-25 03:29:21 237056 ----a-w- C:\Windows\System32\url.dll2013-07-25 03:29:06 86016 ----a-w- C:\Windows\System32\jsproxy.dll2013-07-25 03:28:46 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2013-07-25 03:28:31 599040 ----a-w- C:\Windows\System32\vbscript.dll2013-07-25 03:28:27 816640 ----a-w- C:\Windows\System32\jscript.dll2013-07-25 03:28:24 2147840 ----a-w- C:\Windows\System32\iertutil.dll2013-07-25 03:28:18 729088 ----a-w- C:\Windows\System32\msfeeds.dll2013-07-25 03:27:29 96768 ----a-w- C:\Windows\System32\mshtmled.dll2013-07-25 03:27:20 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2013-07-25 03:26:53 248320 ----a-w- C:\Windows\System32\ieui.dll2013-07-25 02:40:07 12334080 ----a-w- C:\Windows\SysWow64\mshtml.dll2013-07-25 02:32:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-07-25 02:30:47 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll2013-07-25 02:26:45 1104384 ----a-w- C:\Windows\SysWow64\urlmon.dll2013-07-25 02:26:10 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2013-07-25 02:25:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-07-25 02:24:39 231936 ----a-w- C:\Windows\SysWow64\url.dll2013-07-25 02:24:24 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll2013-07-25 02:23:59 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2013-07-25 02:23:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2013-07-25 02:23:51 717824 ----a-w- C:\Windows\SysWow64\jscript.dll2013-07-25 02:23:30 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll2013-07-25 02:23:27 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll2013-07-25 02:22:47 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll2013-07-25 02:22:35 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-07-25 02:22:04 176640 ----a-w- C:\Windows\SysWow64\ieui.dll2013-07-17 20:01:51 2048 ----a-w- C:\Windows\System32\tzres.dll2013-07-17 19:41:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-07-10 09:47:49 677888 ----a-w- C:\Windows\SysWow64\rpcrt4.dll2013-07-10 09:42:55 1303552 ----a-w- C:\Windows\System32\rpcrt4.dll2013-07-09 12:04:30 1585256 ----a-w- C:\Windows\System32\ntdll.dll2013-07-09 12:04:30 1168088 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-07-08 04:51:57 4691904 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-07-08 04:20:17 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-07-08 04:20:04 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll2013-07-08 04:18:51 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-07-08 04:16:55 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-07-08 04:16:55 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-07-08 04:16:54 992768 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-07-08 04:16:33 43008 ----a-w- C:\Windows\apppatch\acwow64.dll2013-07-08 04:15:39 234496 ----a-w- C:\Windows\System32\wow64.dll2013-07-08 04:15:25 218624 ----a-w- C:\Windows\System32\wintrust.dll2013-07-08 04:14:21 16384 ----a-w- C:\Windows\System32\ntvdm64.dll2013-07-08 04:12:34 174592 ----a-w- C:\Windows\System32\cryptsvc.dll2013-07-08 04:12:34 132096 ----a-w- C:\Windows\System32\cryptnet.dll2013-07-08 04:12:34 1276416 ----a-w- C:\Windows\System32\crypt32.dll2013-07-08 01:39:04 26112 ----a-w- C:\Windows\SysWow64\setup16.exe2013-07-08 01:39:03 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-07-08 01:39:02 2560 ----a-w- C:\Windows\SysWow64\user.exe2013-07-05 04:45:27 1423808 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-06-15 13:27:51 20480 ----a-w- C:\Windows\System32\icaapi.dll2013-06-15 11:38:39 29184 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys.============= FINISH: 22:37:49.85 =============== Attach.txt: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 10/16/2008 11:30:41 AMSystem Uptime: 9/3/2013 10:16:19 PM (0 hours ago).Motherboard: FOXCONN | | IrvineProcessor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz | Socket 775 | 2000/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 220 GiB total, 138.935 GiB free.D: is FIXED (NTFS) - 13 GiB total, 1.744 GiB free.E: is CDROM (CDFS)G: is RemovableH: is RemovableI: is RemovableJ: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft 6to4 AdapterDevice ID: ROOT\*6TO4MP\0007Manufacturer: MicrosoftName: Microsoft 6to4 Adapter #2PNP Device ID: ROOT\*6TO4MP\0007Service: tunnel.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft ISATAP AdapterDevice ID: ROOT\*ISATAP\0000Manufacturer: MicrosoftName: Microsoft ISATAP AdapterPNP Device ID: ROOT\*ISATAP\0000Service: tunnel.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: avast! Firewall NDIS Filter MiniportDevice ID: ROOT\SW_ASWNDISMP\0000Manufacturer: ALWIL SoftwareName: avast! Firewall NDIS Filter MiniportPNP Device ID: ROOT\SW_ASWNDISMP\0000Service: aswNdis.==== System Restore Points ===================..==== Installed Programs ======================.4500_G510nz_Help4500G510nz4500G510nz_Software_Min64 Bit HP CIO Components InstallerAdobe Flash Player 11 ActiveXALOT ToolbarApple Application SupportApple Mobile Device SupportApple Software UpdateATT Management Agentavast! Free AntivirusBelkin F5D8053 N Wireless USB AdapterBonjourBufferChmCards_Calendar_OrderGift_DoMorePlugoutCCleanerCompatibility Pack for the 2007 Office systemCustomerResearchQFolderCyberLink DVD Suite DeluxeD1500_HelpDell MFP 1125DestinationsDeviceDiscoveryDeviceManagementQFolderDJ_SF_03_D1500_ProductContextDJ_SF_03_D1500_SoftwareDJ_SF_03_D1500_Software_MinDocMgrDocProcDownload Updater (AOL LLC)Enhanced Multimedia Keyboard SolutioneSupportQFolderFaxGoogle ChromeGoogle EarthGoogle Update HelperGPBaseServiceGPBaseService2Hewlett-Packard Active Check for Health CheckHewlett-Packard Asset Agent for Health CheckHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)HP Active Support LibraryHP Customer Experience EnhancementsHP Customer FeedbackHP Customer Participation Program 13.0HP Deskjet D1500 Printer Driver Software 10.0 Rel .3HP Document Manager 2.0HP Imaging Device Functions 13.0HP Officejet 4500 G510n-zHP Photosmart Essential 2.5HP Photosmart Essential 3.0HP Picasso Media Center Add-InHP Recovery Manager RSSHP Smart Web Printing 4.5HP Solution Center 13.0HP Total Care AdvisorHP UpdateHPPhotoSmartPhotobookWebPack1HPProductAssistantHPSSupplyHPTCSSetupiTunesJava Auto UpdaterJava 6 Update 22Java SE Runtime Environment 6 Update 1LabelPrintLightScribe System Software 1.14.17.1LightScribeTemplateLabelerMalwarebytes Anti-Malware version 1.75.0.1300MarketResearchMicrosoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Office PowerPoint Viewer 2007 (English)Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft WorksMobileMe Control PanelMSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)muvee autoProducer 6.1My HP GamesNetwork64NVIDIA DriversOCR Software by I.R.I.S. 13.0PC Tutor™ Learn Windows Vista™PCIe Soft Data Fax Modem with SmartCPPower2GoPowerDirectorPSSWCOREPython 2.5.2QuickTimeRealtek High Definition Audio DriverScanSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Shop for HP SuppliesSkype web featuresSkype™ 4.1SmartWebPrintingSolutionCenterStatusToolboxTrayAppUnloadSupportUpdate for Microsoft .NET Framework 3.5 SP1 (KB2836940)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)VideoToolkit01VLC media player 0.9.2VoloMedia iTunes plug-inWebRegYahoo! Toolbar.==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted September 5, 2013 ID:725434 Share Posted September 5, 2013 Hello bandarbalu and ! My name is Borislav and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Step 1 Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 2 Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Clean.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[s1].txt as well.Step 3Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately. In your next reply, post the following log files:Junkware Removal Tool logAdwCleaner logMalwarebytes' Anti-Malware log Link to post Share on other sites More sharing options...
bandarbalu Posted September 6, 2013 Author ID:725923 Share Posted September 6, 2013 Thanks for your help, Borislav. Before I post the logs, please note that I did a couple iterations of Avast full and boot-time scans, as well as a couple full MBAM scans, after I posted my original message and before you replied. Let me know if you want me to run DDS again. Here is the JRT log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.5.8 (09.05.2013:1)OS: Windows Vista Home Premium x64Ran by Owner on Thu 09/05/2013 at 21:02:44.49~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URLSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\bandoocore.exeSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnu.exeSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\freeze.comSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bandooSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.comSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdateSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowserSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontrollerSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\alottoolbarSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} ~~~ Files Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk" ~~~ Folders Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\vghd"Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\alot"Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\zango"Successfully deleted: [Folder] "C:\Program Files (x86)\alot"Successfully deleted: [Folder] "C:\Program Files (x86)\free offers from freeze.com"Successfully deleted: [Folder] "C:\Program Files (x86)\vghd"Successfully deleted: [Folder] "C:\Program Files (x86)\winferno\registrypowercleaner"Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Thu 09/05/2013 at 21:12:27.78End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
bandarbalu Posted September 6, 2013 Author ID:725924 Share Posted September 6, 2013 Here is the AdwCleaner log: # AdwCleaner v3.002 - Report created 05/09/2013 at 22:27:29# Updated 01/09/2013 by Xplode# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)# Username : Owner - OWNER-PC# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** [!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeze.com[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeze.comFile Deleted : C:\Windows\Uninstall.exe ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.EasyHideBtnKey Deleted : HKLM\SOFTWARE\Classes\ToolBand.EasyHideBtn.1Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.LocalizerKey Deleted : HKLM\SOFTWARE\Classes\ToolBand.Localizer.1Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighterKey Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighter.1Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighterStatisticsKey Deleted : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighterStatistics.1Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SkypeIEHelperKey Deleted : HKLM\SOFTWARE\Classes\ToolBand.SkypeIEHelper.1Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.SNameProxyKey Deleted : HKLM\SOFTWARE\Classes\ToolBand.SNameProxy.1Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [AdobeUpdater]Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{937936AF-28CA-4973-B8AE-F250406149A2}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}Key Deleted : HKCU\Software\AppDataLow\Software\alotKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtilityKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\alotToolbarKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16502 -\\ Google Chrome v29.0.1547.66 [ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [4987 octets] - [05/09/2013 22:26:13]AdwCleaner[s0].txt - [4711 octets] - [05/09/2013 22:27:29] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4771 octets] ########## Here is the MBAM log: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.09.06.02 Windows Vista Service Pack 2 x64 NTFSInternet Explorer 9.0.8112.16421Owner :: OWNER-PC [administrator] 9/5/2013 10:34:32 PMmbam-log-2013-09-05 (22-34-32).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 251339Time elapsed: 5 minute(s), 29 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
Maniac Posted September 6, 2013 ID:725967 Share Posted September 6, 2013 Avast is not able to find those kind of malware. How are things now? Link to post Share on other sites More sharing options...
bandarbalu Posted September 6, 2013 Author ID:726092 Share Posted September 6, 2013 The system is running smoothly, but the Avast full system scans continue to find a threat that Avast fails to remove. Sorry, but it appears the Avast logs cannot be cut and pasted, so here is the log entry transcribed: File name Severity Status Action ResultC:\Windows\Installer\2b510.msi|>Binary.NewBinary19 High Threat:JS.ADODB-BT [Expl] Move to Chest Error: The operation is not supported for this type of archive. (42111) I have also been updating all the software on the system that I can. Link to post Share on other sites More sharing options...
Maniac Posted September 7, 2013 ID:726495 Share Posted September 7, 2013 Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here Please visit this webpage and read the ComboFix User's Guide:Once you've read the article and are ready to use the program you can download it directly from the link below.Important! - Please make sure you save combofix to your desktop and do not run it from your browserDirect download link for: ComboFix.exePlease make sure you disable your security applications before running ComboFix.Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.Please copy/paste the contents or attach that log file to your next reply.If needed the file can be located here: C:\combofix.txtNOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer. Link to post Share on other sites More sharing options...
bandarbalu Posted September 8, 2013 Author ID:727201 Share Posted September 8, 2013 Combofix log: ComboFix 13-09-08.02 - Owner 09/08/2013 11:04:20.1.2 - x64Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1916.837 [GMT -7:00]Running from: c:\users\Owner\Desktop\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))...((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_pcCMService..((((((((((((((((((((((((( Files Created from 2013-08-08 to 2013-09-08 )))))))))))))))))))))))))))))))..2013-09-06 10:06 . 2013-09-06 10:06 -------- d-----w- c:\program files (x86)\Common Files\Skype2013-09-06 06:06 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F640F8D2-1761-4AC7-B4E0-4A440050E693}\mpengine.dll2013-09-06 05:45 . 2013-09-06 05:45 -------- d-----w- c:\users\Owner\AppData\Local\WindowsUpdate2013-09-06 05:24 . 2013-09-06 05:27 -------- d-----w- C:\AdwCleaner2013-09-06 04:02 . 2013-09-06 04:02 -------- d-----w- c:\windows\ERUNT2013-09-05 04:08 . 2013-09-05 04:14 -------- d-----w- c:\program files (x86)\ERUNT2013-09-04 06:30 . 2013-09-04 06:30 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll2013-09-04 06:30 . 2013-09-04 06:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll2013-09-04 06:30 . 2013-09-04 06:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll2013-09-04 06:30 . 2013-09-04 06:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll2013-09-04 06:30 . 2013-09-04 06:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll2013-09-04 06:29 . 2013-09-04 06:29 -------- d-----w- c:\program files (x86)\QuickTime2013-09-04 06:22 . 2013-09-04 06:22 -------- d-----w- c:\program files (x86)\Apple Software Update2013-09-04 06:15 . 2013-09-04 06:20 -------- d-----w- c:\windows\system32\MRT2013-09-04 06:15 . 2013-09-04 13:56 -------- d-----w- c:\program files (x86)\Common Files\Adobe2013-09-04 06:04 . 2013-09-04 06:04 -------- d-----w- c:\program files (x86)\Common Files\Java2013-09-04 06:03 . 2013-09-04 06:02 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-09-04 06:03 . 2013-09-04 06:03 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-09-04 06:02 . 2013-09-04 06:02 -------- d-----w- c:\programdata\McAfee2013-09-04 05:24 . 2013-09-04 05:24 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes2013-09-04 05:23 . 2013-09-04 05:23 -------- d-----w- c:\programdata\Malwarebytes2013-09-04 05:23 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-09-04 05:23 . 2013-09-04 05:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-08-29 15:59 . 2013-08-02 14:06 1706496 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-08-29 15:59 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL2013-08-17 00:08 . 2013-07-08 04:16 992768 ----a-w- c:\windows\SysWow64\crypt32.dll2013-08-17 00:08 . 2013-07-08 04:12 1276416 ----a-w- c:\windows\system32\crypt32.dll2013-08-17 00:08 . 2013-07-08 04:16 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll2013-08-17 00:08 . 2013-07-08 04:15 218624 ----a-w- c:\windows\system32\wintrust.dll2013-08-17 00:08 . 2013-07-08 04:20 172544 ----a-w- c:\windows\SysWow64\wintrust.dll2013-08-17 00:08 . 2013-07-08 04:12 174592 ----a-w- c:\windows\system32\cryptsvc.dll2013-08-17 00:08 . 2013-07-08 04:12 132096 ----a-w- c:\windows\system32\cryptnet.dll2013-08-17 00:08 . 2013-07-08 04:16 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll2013-08-16 03:19 . 2013-07-17 20:01 2048 ----a-w- c:\windows\system32\tzres.dll2013-08-16 03:19 . 2013-07-17 19:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll2013-08-16 03:13 . 2013-07-25 03:28 816640 ----a-w- c:\windows\system32\jscript.dll2013-08-16 03:13 . 2013-07-25 03:28 2147840 ----a-w- c:\windows\system32\iertutil.dll2013-08-16 03:13 . 2013-07-25 02:25 104448 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll2013-08-16 03:13 . 2013-07-25 03:30 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll2013-08-16 03:13 . 2013-07-25 02:25 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll2013-08-16 03:13 . 2013-07-25 03:30 887808 ----a-w- c:\program files\Internet Explorer\iedvtool.dll2013-08-16 03:13 . 2013-07-25 02:25 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll2013-08-16 03:13 . 2013-07-25 03:54 17830400 ----a-w- c:\windows\system32\mshtml.dll2013-08-16 03:13 . 2013-07-25 03:35 10926080 ----a-w- c:\windows\system32\ieframe.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-09-04 06:02 . 2010-10-15 01:30 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-08-30 07:48 . 2013-06-13 21:00 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys2013-08-30 07:48 . 2013-06-13 21:00 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys2013-08-30 07:48 . 2011-07-10 05:52 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys2013-08-30 07:48 . 2010-03-25 02:20 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys2013-08-30 07:48 . 2010-03-25 02:20 59144 ----a-w- c:\windows\system32\drivers\aswRdr.sys2013-08-30 07:48 . 2010-03-25 02:20 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys2013-08-30 07:48 . 2010-03-25 02:20 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys2013-08-30 07:48 . 2010-03-25 02:20 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2013-08-30 07:47 . 2010-10-26 18:38 41664 ----a-w- c:\windows\avastSS.scr2013-08-30 07:47 . 2011-01-18 10:16 287840 ----a-w- c:\windows\system32\aswBoot.exe2013-08-22 02:13 . 2013-01-05 20:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-08-22 02:13 . 2013-01-05 20:16 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-08-05 23:14 . 2006-11-02 12:35 78161360 ----a-w- c:\windows\system32\mrt.exe2013-07-08 04:16 . 2013-08-17 00:17 43008 ----a-w- c:\windows\apppatch\acwow64.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]"VoloMedia Service"="c:\program files (x86)\VoloMedia\VoloMedia Service\VoloMediaService.exe" [2009-05-07 3965648]"MFPMonitor"="c:\windows\twain_32\DELL\MFP1125\Monitor\Stsmon.exe" [2007-08-08 2002944]"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-08-30 4858968]"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@="Service".--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsThemes.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-09-05 04:01 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-05 02:13].2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-19 06:28].2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-19 06:28].2013-09-08 c:\windows\Tasks\HPCeeScheduleForOwner.job- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-09-18 03:03].2013-09-08 c:\windows\Tasks\PCConfidential.job- c:\program files (x86)\Winferno\PC Confidential\PCConfidential.exe [2009-05-26 21:10]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2013-08-30 07:47 133840 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 15851040].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmTCP: DhcpNameServer = 192.168.0.1.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKCU-Run-VibeFireAlerts - (no file)Wow6432Node-HKLM-Run-hpqSRMon - (no file)SafeBoot-WudfPfSafeBoot-WudfRdAddRemove-DellMFP1125 - c:\windows\Uninstall.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-261273699-3008607065-3077023680-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{23EBC65C-CD94-6282-573F-9611C2B61F5A}*]@Allowed: (Read) (RestrictedCode)"jadbogfmaimgagnlpkpm"=hex:62,61,68,6f,00,00"jadbogfmaimgagnlpkdm"=hex:62,61,61,6f,00,00"iadacpddekbajedhhi"=hex:6b,61,69,6f,6b,63,63,6c,6e,62,68,61,61,6c,65,6e,6a,70, 6c,6d,63,6f,00,00.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]@Denied: (A 2) (Everyone).[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]@="Shockwave Flash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]@Denied: (A 2) (Everyone)@="".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]@="FlashBroker".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.------------------------ Other Running Processes ------------------------.c:\program files\Alwil Software\Avast5\AvastSvc.exec:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\program files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exec:\program files (x86)\Bonjour\mDNSResponder.exec:\program files (x86)\ATT\8.2.1.6\ma\bin\node.exec:\program files (x86)\Common Files\LightScribe\LSSrvc.exe.**************************************************************************.Completion time: 2013-09-08 12:47:06 - machine was rebootedComboFix-quarantined-files.txt 2013-09-08 19:47.Pre-Run: 148,779,753,472 bytes freePost-Run: 148,769,640,448 bytes free.- - End Of File - - 7FF47A01C2F94CE5B837A4F0BCE6A97603BA8F890B47C0BE359A4D5A636D214D Link to post Share on other sites More sharing options...
bandarbalu Posted September 8, 2013 Author ID:727204 Share Posted September 8, 2013 Also, FYI, this cleanup is for a relative, and since I will be out of town this week, I am removing Combofix, JRT, AdwCleaner, and DDS for now so he can use the computer while I am gone. If you see anything else I should do, let me know and I will take care of it this coming weekend. Thanks for now! Link to post Share on other sites More sharing options...
Maniac Posted September 8, 2013 ID:727244 Share Posted September 8, 2013 We still have work to do. When you are coming back, generate and post a new fresh DDS log file. Link to post Share on other sites More sharing options...
bandarbalu Posted September 8, 2013 Author ID:727298 Share Posted September 8, 2013 I managed to get to this before I left. DDS.txt; DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16502 BrowserJavaVersion: 10.25.2Run by Owner at 14:55:09 on 2013-09-08Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1916.1138 [GMT -7:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exeC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtc:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Program Files (x86)\ATT\8.2.1.6\ma\bin\node.exeC:\Program Files\Common Files\Motive\pcCMService.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\DRIVERS\xaudio64.exeC:\Windows\System32\WUDFHost.exeC:\Windows\system32\svchost.exe -k HPServiceC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationc:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\ehome\ehtray.exeC:\hp\support\hpsysdrv.exeC:\Program Files (x86)\VoloMedia\VoloMedia Service\VoloMediaService.exeC:\Windows\twain_32\Dell\MFP1125\Monitor\Stsmon.exeC:\Program Files\Alwil Software\Avast5\AvastUI.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\ehome\ehmsas.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dllBHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - <orphaned>BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTB: <No Name>: - LocalServer32 - <no file>TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dlluRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [ehTray.exe] C:\Windows\ehome\ehTray.exemRun: [hpsysdrv] c:\hp\support\hpsysdrv.exemRun: [VoloMedia Service] "C:\Program Files (x86)\VoloMedia\VoloMedia Service\VoloMediaService.exe"mRun: [MFPMonitor] C:\Windows\twain_32\DELL\MFP1125\Monitor\Stsmon.exemRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /noguimRun: [sunJavaUpdateReg] "C:\Windows\System32\jureg.exe" -deletemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeuPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllIE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTCP: NameServer = 192.168.0.1TCP: Interfaces\{4D36FE6F-5620-4518-B24F-68BBDDC76305} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{D88536FD-30BB-4C28-B54D-EDDF8598703F} : DHCPNameServer = 192.168.0.1Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dllx64-BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - <orphaned>x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dllx64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartupx64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0x64-mPolicies-Explorer: NoDrives = dword:0x64-mPolicies-System: EnableUIADesktopToggle = dword:0x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>.============= SERVICES / DRIVERS ===============.R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-6-13 65336]R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-6-13 204880]R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-6-13 22600]R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-7-9 1030952]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-3-24 378944]R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-3-24 33400]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-3-24 80816]R2 ATT MAHostService;ATT MAHostService;C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe [2013-1-23 319488]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-3-24 46808]R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-2-3 460288]R3 CAXHWBS3;CAXHWBS3;C:\Windows\System32\drivers\CAXHWBS3.sys [2008-9-18 286208]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate1ca807470d0d884;Google Update Service (gupdate1ca807470d0d884);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-18 133104]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-8-28 49152]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-4-19 1022632]S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-18 89920].=============== File Associations ===============.FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*.=============== Created Last 30 ================..==================== Find3M ====================.2013-09-04 06:03:05 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-09-04 06:02:56 263592 ----a-w- C:\Windows\SysWow64\javaws.exe2013-09-04 06:02:56 175016 ----a-w- C:\Windows\SysWow64\javaw.exe2013-09-04 06:02:55 175016 ----a-w- C:\Windows\SysWow64\java.exe2013-09-04 06:02:53 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-09-04 06:02:53 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-08-30 07:48:10 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys2013-08-30 07:48:10 64288 ----a-w- C:\Windows\System32\drivers\aswTdi.sys2013-08-30 07:48:10 59144 ----a-w- C:\Windows\System32\drivers\aswRdr.sys2013-08-30 07:48:10 378944 ----a-w- C:\Windows\System32\drivers\aswSP.sys2013-08-30 07:48:10 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2013-08-30 07:48:10 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2013-08-30 07:48:09 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2013-08-30 07:48:09 33400 ----a-w- C:\Windows\System32\drivers\aswFsBlk.sys2013-08-30 07:47:40 41664 ----a-w- C:\Windows\avastSS.scr2013-08-30 07:47:14 287840 ----a-w- C:\Windows\System32\aswBoot.exe2013-08-22 02:13:40 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-08-22 02:13:40 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-08-05 23:14:32 78161360 ----a-w- C:\Windows\System32\mrt.exe2013-08-02 14:06:01 1706496 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-08-02 04:09:35 1548288 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-25 03:54:29 17830400 ----a-w- C:\Windows\System32\mshtml.dll2013-07-25 03:37:25 2312704 ----a-w- C:\Windows\System32\jscript9.dll2013-07-25 03:35:45 10926080 ----a-w- C:\Windows\System32\ieframe.dll2013-07-25 03:31:23 1346560 ----a-w- C:\Windows\System32\urlmon.dll2013-07-25 03:30:49 1392128 ----a-w- C:\Windows\System32\wininet.dll2013-07-25 03:29:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2013-07-25 03:29:21 237056 ----a-w- C:\Windows\System32\url.dll2013-07-25 03:29:06 86016 ----a-w- C:\Windows\System32\jsproxy.dll2013-07-25 03:28:46 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2013-07-25 03:28:31 599040 ----a-w- C:\Windows\System32\vbscript.dll2013-07-25 03:28:27 816640 ----a-w- C:\Windows\System32\jscript.dll2013-07-25 03:28:24 2147840 ----a-w- C:\Windows\System32\iertutil.dll2013-07-25 03:28:18 729088 ----a-w- C:\Windows\System32\msfeeds.dll2013-07-25 03:27:29 96768 ----a-w- C:\Windows\System32\mshtmled.dll2013-07-25 03:27:20 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2013-07-25 03:26:53 248320 ----a-w- C:\Windows\System32\ieui.dll2013-07-25 02:40:07 12334080 ----a-w- C:\Windows\SysWow64\mshtml.dll2013-07-25 02:32:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-07-25 02:30:47 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll2013-07-25 02:26:45 1104384 ----a-w- C:\Windows\SysWow64\urlmon.dll2013-07-25 02:26:10 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2013-07-25 02:25:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-07-25 02:24:39 231936 ----a-w- C:\Windows\SysWow64\url.dll2013-07-25 02:24:24 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll2013-07-25 02:23:59 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2013-07-25 02:23:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2013-07-25 02:23:51 717824 ----a-w- C:\Windows\SysWow64\jscript.dll2013-07-25 02:23:30 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll2013-07-25 02:23:27 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll2013-07-25 02:22:47 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll2013-07-25 02:22:35 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-07-25 02:22:04 176640 ----a-w- C:\Windows\SysWow64\ieui.dll2013-07-17 20:01:51 2048 ----a-w- C:\Windows\System32\tzres.dll2013-07-17 19:41:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-07-10 09:47:49 677888 ----a-w- C:\Windows\SysWow64\rpcrt4.dll2013-07-10 09:42:55 1303552 ----a-w- C:\Windows\System32\rpcrt4.dll2013-07-09 12:04:30 1585256 ----a-w- C:\Windows\System32\ntdll.dll2013-07-09 12:04:30 1168088 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-07-08 04:51:57 4691904 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-07-08 04:20:17 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-07-08 04:20:04 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll2013-07-08 04:18:51 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-07-08 04:16:55 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-07-08 04:16:55 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-07-08 04:16:54 992768 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-07-08 04:16:33 43008 ----a-w- C:\Windows\apppatch\acwow64.dll2013-07-08 04:15:39 234496 ----a-w- C:\Windows\System32\wow64.dll2013-07-08 04:15:25 218624 ----a-w- C:\Windows\System32\wintrust.dll2013-07-08 04:14:21 16384 ----a-w- C:\Windows\System32\ntvdm64.dll2013-07-08 04:12:34 174592 ----a-w- C:\Windows\System32\cryptsvc.dll2013-07-08 04:12:34 132096 ----a-w- C:\Windows\System32\cryptnet.dll2013-07-08 04:12:34 1276416 ----a-w- C:\Windows\System32\crypt32.dll2013-07-08 01:39:04 26112 ----a-w- C:\Windows\SysWow64\setup16.exe2013-07-08 01:39:03 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-07-08 01:39:02 2560 ----a-w- C:\Windows\SysWow64\user.exe2013-07-05 04:45:27 1423808 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-06-15 13:27:51 20480 ----a-w- C:\Windows\System32\icaapi.dll2013-06-15 11:38:39 29184 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys.============= FINISH: 14:55:52.90 =============== Attach.txt: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 10/16/2008 11:30:41 AMSystem Uptime: 9/8/2013 2:26:11 PM (0 hours ago).Motherboard: FOXCONN | | IrvineProcessor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz | Socket 775 | 2000/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 220 GiB total, 138.772 GiB free.D: is FIXED (NTFS) - 13 GiB total, 1.744 GiB free.E: is CDROM ()G: is RemovableH: is RemovableI: is RemovableJ: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft 6to4 AdapterDevice ID: ROOT\*6TO4MP\0007Manufacturer: MicrosoftName: Microsoft 6to4 Adapter #2PNP Device ID: ROOT\*6TO4MP\0007Service: tunnel.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft ISATAP AdapterDevice ID: ROOT\*ISATAP\0000Manufacturer: MicrosoftName: Microsoft ISATAP AdapterPNP Device ID: ROOT\*ISATAP\0000Service: tunnel.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: avast! Firewall NDIS Filter MiniportDevice ID: ROOT\SW_ASWNDISMP\0000Manufacturer: ALWIL SoftwareName: avast! Firewall NDIS Filter MiniportPNP Device ID: ROOT\SW_ASWNDISMP\0000Service: aswNdis.==== System Restore Points ===================..==== Installed Programs ======================.4500_G510nz_Help4500G510nz4500G510nz_Software_Min64 Bit HP CIO Components InstallerAdobe Flash Player 11 ActiveXAdobe Reader X (10.1.7)Apple Application SupportApple Mobile Device SupportApple Software UpdateATT Management Agentavast! Free AntivirusBelkin F5D8053 N Wireless USB AdapterBonjourBufferChmCards_Calendar_OrderGift_DoMorePlugoutCCleanerCompatibility Pack for the 2007 Office systemCustomerResearchQFolderCyberLink DVD Suite DeluxeD1500_HelpDell MFP 1125DestinationsDeviceDiscoveryDeviceManagementQFolderDJ_SF_03_D1500_ProductContextDJ_SF_03_D1500_SoftwareDJ_SF_03_D1500_Software_MinDocMgrDocProcEnhanced Multimedia Keyboard SolutioneSupportQFolderFaxGoogle ChromeGoogle EarthGoogle Update HelperGPBaseServiceGPBaseService2Hewlett-Packard Active Check for Health CheckHewlett-Packard Asset Agent for Health CheckHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)HP Active Support LibraryHP Customer Experience EnhancementsHP Customer FeedbackHP Customer Participation Program 13.0HP Deskjet D1500 Printer Driver Software 10.0 Rel .3HP Document Manager 2.0HP Imaging Device Functions 13.0HP Officejet 4500 G510n-zHP Photosmart Essential 2.5HP Photosmart Essential 3.0HP Picasso Media Center Add-InHP Recovery Manager RSSHP Smart Web Printing 4.5HP Solution Center 13.0HP Total Care AdvisorHP UpdateHPPhotoSmartPhotobookWebPack1HPProductAssistantHPSSupplyHPTCSSetupiTunesJava 7 Update 25Java Auto UpdaterLabelPrintLightScribe System Software 1.14.17.1LightScribeTemplateLabelerMalwarebytes Anti-Malware version 1.75.0.1300MarketResearchMicrosoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Office PowerPoint Viewer 2007 (English)Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft WorksMobileMe Control PanelMSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)muvee autoProducer 6.1My HP GamesNetwork64NVIDIA DriversOCR Software by I.R.I.S. 13.0PC Tutor™ Learn Windows Vista™PCIe Soft Data Fax Modem with SmartCPPower2GoPowerDirectorPSSWCOREPython 2.5.2QuickTimeRealtek High Definition Audio DriverScanSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Shop for HP SuppliesSkype web featuresSkype™ 5.10SmartWebPrintingSolutionCenterStatusToolboxTrayAppUnloadSupportUpdate for Microsoft .NET Framework 3.5 SP1 (KB2836940)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)VideoToolkit01VLC media player 2.0.8VoloMedia iTunes plug-inWebRegYahoo! Toolbar.==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted September 8, 2013 ID:727299 Share Posted September 8, 2013 No, I need when we start working again, because I would like to see what was changed. Link to post Share on other sites More sharing options...
bandarbalu Posted September 8, 2013 Author ID:727311 Share Posted September 8, 2013 Got Windows Defender running, so here are some new log files: DDS.txt: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16502 BrowserJavaVersion: 10.25.2Run by Owner at 15:14:56 on 2013-09-08Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1916.867 [GMT -7:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exeC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Program Files (x86)\ATT\8.2.1.6\ma\bin\node.exec:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\Common Files\Motive\pcCMService.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\DRIVERS\xaudio64.exeC:\Windows\System32\WUDFHost.exeC:\Windows\system32\svchost.exe -k HPServiceC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\ehome\ehtray.exeC:\hp\support\hpsysdrv.exeC:\Program Files (x86)\VoloMedia\VoloMedia Service\VoloMediaService.exeC:\Windows\twain_32\Dell\MFP1125\Monitor\Stsmon.exeC:\Program Files\Alwil Software\Avast5\AvastUI.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\ehome\ehmsas.exeC:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationc:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dllBHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - <orphaned>BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTB: <No Name>: - LocalServer32 - <no file>TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dlluRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [ehTray.exe] C:\Windows\ehome\ehTray.exemRun: [hpsysdrv] c:\hp\support\hpsysdrv.exemRun: [VoloMedia Service] "C:\Program Files (x86)\VoloMedia\VoloMedia Service\VoloMediaService.exe"mRun: [MFPMonitor] C:\Windows\twain_32\DELL\MFP1125\Monitor\Stsmon.exemRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /noguimRun: [sunJavaUpdateReg] "C:\Windows\System32\jureg.exe" -deletemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeuPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllIE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTCP: NameServer = 192.168.0.1TCP: Interfaces\{4D36FE6F-5620-4518-B24F-68BBDDC76305} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{D88536FD-30BB-4C28-B54D-EDDF8598703F} : DHCPNameServer = 192.168.0.1Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dllx64-BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - <orphaned>x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dllx64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartupx64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0x64-mPolicies-Explorer: NoDrives = dword:0x64-mPolicies-System: EnableUIADesktopToggle = dword:0x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>.============= SERVICES / DRIVERS ===============.R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-6-13 65336]R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-6-13 204880]R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-6-13 22600]R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-7-9 1030952]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-3-24 378944]R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-3-24 33400]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-3-24 80816]R2 ATT MAHostService;ATT MAHostService;C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe [2013-1-23 319488]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-3-24 46808]R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-2-3 460288]R3 CAXHWBS3;CAXHWBS3;C:\Windows\System32\drivers\CAXHWBS3.sys [2008-9-18 286208]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate1ca807470d0d884;Google Update Service (gupdate1ca807470d0d884);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-18 133104]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-8-28 49152]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-4-19 1022632]S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-18 89920].=============== File Associations ===============.FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*.=============== Created Last 30 ================..==================== Find3M ====================.2013-09-04 06:03:05 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-09-04 06:02:56 263592 ----a-w- C:\Windows\SysWow64\javaws.exe2013-09-04 06:02:56 175016 ----a-w- C:\Windows\SysWow64\javaw.exe2013-09-04 06:02:55 175016 ----a-w- C:\Windows\SysWow64\java.exe2013-09-04 06:02:53 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-09-04 06:02:53 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-08-30 07:48:10 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys2013-08-30 07:48:10 64288 ----a-w- C:\Windows\System32\drivers\aswTdi.sys2013-08-30 07:48:10 59144 ----a-w- C:\Windows\System32\drivers\aswRdr.sys2013-08-30 07:48:10 378944 ----a-w- C:\Windows\System32\drivers\aswSP.sys2013-08-30 07:48:10 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2013-08-30 07:48:10 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2013-08-30 07:48:09 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2013-08-30 07:48:09 33400 ----a-w- C:\Windows\System32\drivers\aswFsBlk.sys2013-08-30 07:47:40 41664 ----a-w- C:\Windows\avastSS.scr2013-08-30 07:47:14 287840 ----a-w- C:\Windows\System32\aswBoot.exe2013-08-22 02:13:40 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-08-22 02:13:40 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-08-05 23:14:32 78161360 ----a-w- C:\Windows\System32\mrt.exe2013-08-02 14:06:01 1706496 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-08-02 04:09:35 1548288 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-25 03:54:29 17830400 ----a-w- C:\Windows\System32\mshtml.dll2013-07-25 03:37:25 2312704 ----a-w- C:\Windows\System32\jscript9.dll2013-07-25 03:35:45 10926080 ----a-w- C:\Windows\System32\ieframe.dll2013-07-25 03:31:23 1346560 ----a-w- C:\Windows\System32\urlmon.dll2013-07-25 03:30:49 1392128 ----a-w- C:\Windows\System32\wininet.dll2013-07-25 03:29:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2013-07-25 03:29:21 237056 ----a-w- C:\Windows\System32\url.dll2013-07-25 03:29:06 86016 ----a-w- C:\Windows\System32\jsproxy.dll2013-07-25 03:28:46 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2013-07-25 03:28:31 599040 ----a-w- C:\Windows\System32\vbscript.dll2013-07-25 03:28:27 816640 ----a-w- C:\Windows\System32\jscript.dll2013-07-25 03:28:24 2147840 ----a-w- C:\Windows\System32\iertutil.dll2013-07-25 03:28:18 729088 ----a-w- C:\Windows\System32\msfeeds.dll2013-07-25 03:27:29 96768 ----a-w- C:\Windows\System32\mshtmled.dll2013-07-25 03:27:20 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2013-07-25 03:26:53 248320 ----a-w- C:\Windows\System32\ieui.dll2013-07-25 02:40:07 12334080 ----a-w- C:\Windows\SysWow64\mshtml.dll2013-07-25 02:32:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-07-25 02:30:47 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll2013-07-25 02:26:45 1104384 ----a-w- C:\Windows\SysWow64\urlmon.dll2013-07-25 02:26:10 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2013-07-25 02:25:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-07-25 02:24:39 231936 ----a-w- C:\Windows\SysWow64\url.dll2013-07-25 02:24:24 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll2013-07-25 02:23:59 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2013-07-25 02:23:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2013-07-25 02:23:51 717824 ----a-w- C:\Windows\SysWow64\jscript.dll2013-07-25 02:23:30 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll2013-07-25 02:23:27 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll2013-07-25 02:22:47 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll2013-07-25 02:22:35 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-07-25 02:22:04 176640 ----a-w- C:\Windows\SysWow64\ieui.dll2013-07-17 20:01:51 2048 ----a-w- C:\Windows\System32\tzres.dll2013-07-17 19:41:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-07-10 09:47:49 677888 ----a-w- C:\Windows\SysWow64\rpcrt4.dll2013-07-10 09:42:55 1303552 ----a-w- C:\Windows\System32\rpcrt4.dll2013-07-09 12:04:30 1585256 ----a-w- C:\Windows\System32\ntdll.dll2013-07-09 12:04:30 1168088 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-07-08 04:51:57 4691904 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-07-08 04:20:17 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-07-08 04:20:04 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll2013-07-08 04:18:51 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-07-08 04:16:55 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-07-08 04:16:55 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-07-08 04:16:54 992768 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-07-08 04:16:33 43008 ----a-w- C:\Windows\apppatch\acwow64.dll2013-07-08 04:15:39 234496 ----a-w- C:\Windows\System32\wow64.dll2013-07-08 04:15:25 218624 ----a-w- C:\Windows\System32\wintrust.dll2013-07-08 04:14:21 16384 ----a-w- C:\Windows\System32\ntvdm64.dll2013-07-08 04:12:34 174592 ----a-w- C:\Windows\System32\cryptsvc.dll2013-07-08 04:12:34 132096 ----a-w- C:\Windows\System32\cryptnet.dll2013-07-08 04:12:34 1276416 ----a-w- C:\Windows\System32\crypt32.dll2013-07-08 01:39:04 26112 ----a-w- C:\Windows\SysWow64\setup16.exe2013-07-08 01:39:03 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-07-08 01:39:02 2560 ----a-w- C:\Windows\SysWow64\user.exe2013-07-05 04:45:27 1423808 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-06-15 13:27:51 20480 ----a-w- C:\Windows\System32\icaapi.dll2013-06-15 11:38:39 29184 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys.============= FINISH: 15:16:41.51 =============== Attach.txt: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 10/16/2008 11:30:41 AMSystem Uptime: 9/8/2013 3:11:44 PM (0 hours ago).Motherboard: FOXCONN | | IrvineProcessor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz | Socket 775 | 2000/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 220 GiB total, 138.673 GiB free.D: is FIXED (NTFS) - 13 GiB total, 1.744 GiB free.E: is CDROM (CDFS)G: is RemovableH: is RemovableI: is RemovableJ: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft 6to4 AdapterDevice ID: ROOT\*6TO4MP\0007Manufacturer: MicrosoftName: Microsoft 6to4 Adapter #2PNP Device ID: ROOT\*6TO4MP\0007Service: tunnel.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft ISATAP AdapterDevice ID: ROOT\*ISATAP\0000Manufacturer: MicrosoftName: Microsoft ISATAP AdapterPNP Device ID: ROOT\*ISATAP\0000Service: tunnel.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: avast! Firewall NDIS Filter MiniportDevice ID: ROOT\SW_ASWNDISMP\0000Manufacturer: ALWIL SoftwareName: avast! Firewall NDIS Filter MiniportPNP Device ID: ROOT\SW_ASWNDISMP\0000Service: aswNdis.==== System Restore Points ===================..==== Installed Programs ======================.4500_G510nz_Help4500G510nz4500G510nz_Software_Min64 Bit HP CIO Components InstallerAdobe Flash Player 11 ActiveXAdobe Reader X (10.1.7)Apple Application SupportApple Mobile Device SupportApple Software UpdateATT Management Agentavast! Free AntivirusBelkin F5D8053 N Wireless USB AdapterBonjourBufferChmCards_Calendar_OrderGift_DoMorePlugoutCCleanerCompatibility Pack for the 2007 Office systemCustomerResearchQFolderCyberLink DVD Suite DeluxeD1500_HelpDell MFP 1125DestinationsDeviceDiscoveryDeviceManagementQFolderDJ_SF_03_D1500_ProductContextDJ_SF_03_D1500_SoftwareDJ_SF_03_D1500_Software_MinDocMgrDocProcEnhanced Multimedia Keyboard SolutioneSupportQFolderFaxGoogle ChromeGoogle EarthGoogle Update HelperGPBaseServiceGPBaseService2Hewlett-Packard Active Check for Health CheckHewlett-Packard Asset Agent for Health CheckHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)HP Active Support LibraryHP Customer Experience EnhancementsHP Customer FeedbackHP Customer Participation Program 13.0HP Deskjet D1500 Printer Driver Software 10.0 Rel .3HP Document Manager 2.0HP Imaging Device Functions 13.0HP Officejet 4500 G510n-zHP Photosmart Essential 2.5HP Photosmart Essential 3.0HP Picasso Media Center Add-InHP Recovery Manager RSSHP Smart Web Printing 4.5HP Solution Center 13.0HP Total Care AdvisorHP UpdateHPPhotoSmartPhotobookWebPack1HPProductAssistantHPSSupplyHPTCSSetupiTunesJava 7 Update 25Java Auto UpdaterLabelPrintLightScribe System Software 1.14.17.1LightScribeTemplateLabelerMalwarebytes Anti-Malware version 1.75.0.1300MarketResearchMicrosoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Office PowerPoint Viewer 2007 (English)Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft WorksMobileMe Control PanelMSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)muvee autoProducer 6.1My HP GamesNetwork64NVIDIA DriversOCR Software by I.R.I.S. 13.0PC Tutor™ Learn Windows Vista™PCIe Soft Data Fax Modem with SmartCPPower2GoPowerDirectorPSSWCOREPython 2.5.2QuickTimeRealtek High Definition Audio DriverScanSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Shop for HP SuppliesSkype web featuresSkype™ 5.10SmartWebPrintingSolutionCenterStatusToolboxTrayAppUnloadSupportUpdate for Microsoft .NET Framework 3.5 SP1 (KB2836940)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)VideoToolkit01VLC media player 2.0.8VoloMedia iTunes plug-inWebRegYahoo! Toolbar.==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted September 9, 2013 ID:727550 Share Posted September 9, 2013 How are things now? Link to post Share on other sites More sharing options...
bandarbalu Posted September 14, 2013 Author ID:730041 Share Posted September 14, 2013 I did give the computer back to my relative before I left town, so I have to check with him, but in the couple of restarts I did before leaving, everything seemed good. I'm going to talk to him about getting the paid version of Malwarebytes for future protection. Do you have any more advice related to the computer's current status? Link to post Share on other sites More sharing options...
Maniac Posted September 15, 2013 ID:730185 Share Posted September 15, 2013 Yes, some cleanup steps. Step 1Download OTC to your desktop and run itClick Yes to beginning the Cleanup process and remove these components, including this application.You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.Step 2Double click on AdwCleaner.exe to run the tool.Click on UninstallConfirm with YesStep 3 Some malware prevention tips: users.telenet.be/bluepatchy/miekiemoes/prevention.html Safe surfing! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 18, 2013 Root Admin ID:731450 Share Posted September 18, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts