Jump to content

Hijacked browser


Recommended Posts

  • Staff

Hello cooldragon

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-09-2013 01

Ran by John at 2013-09-10 17:56:21

Running from C:\Documents and Settings\John\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Installed Programs =======================

 

Adobe AIR (Version: 3.7.0.1530)

Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)

Amazon Kindle

Apple Application Support (Version: 2.3)

Apple Software Update (Version: 2.1.3.127)

Avanquest update (Version: 1.05)

Avira Free Antivirus (Version: 13.0.0.4052)

Belarc Advisor 8.3 (Version: 8.3.2.0)

Big Fish: Game Manager (Version: 3.2.0.6)

BrowserDefender

Convert PDF to EPUB 1.6.8 (Version: 1.6.8)

Corel PaintShop Pro X5 (Version: 15.0.0.183)

Corel PaintShop Pro X5 (Version: 15.2.0.12)

Coupon Printer for Windows (Version: 5.0.0.0)

CrazyTalk Cam Suite PRO (Version: 3.0)

Dark Manor: A Hidden Object Mystery

DefaultTab (Version: 2.2.8.0)

DefaultTab Chrome (Version: 1.1.25)

Doom 3 (Version: 1.00.0000)

Dropbox (HKCU Version: 2.0.8)

Dropsend Direct beta version 4.0.3 (Version: 4.0.3)

Duke Nukem - Manhattan Project

Echoes of the Past: The Kingdom of Despair Collector's Edition

Eye 312 (Version: 1.0.0.14)

Facebook Video Calling 1.2.0.287 (Version: 1.2.287)

Fearful Tales: Hansel and Gretel Collector's Edition

Final Cut: Encore Collector's Edition

FinePixViewer Ver.4.2

Free Mp3 Wma Converter V 2.2 (Version: 2.2.0.0)

FUJIFILM MyFinePix Studio 1.0

FUJIFILM USB Driver

GIMP 2.8.6 (Version: 2.8.6)

Google Chrome (HKCU Version: 29.0.1547.66)

Google Drive (Version: 1.11.4865.2530)

Google Earth (Version: 7.1.1.1888)

Google Talk Plugin (Version: 4.5.3.14917)

Google Update Helper (Version: 1.3.21.153)

Grim Tales: Bloody Mary Collector's Edition

Haunted Legends: The Bronze Horseman

HP Deskjet 1050 J410 series Basic Device Software (Version: 22.50.231.0)

HP Deskjet 1050 J410 series Help (Version: 140.0.66.66)

HP Deskjet 1050 J410 series Product Improvement Study (Version: 22.50.231.0)

HP Photo Creations (Version: 1.0.0.3781)

HP Update (Version: 5.002.006.003)

HPDiagnosticAlert (Version: 1.00.0000)

ICA (Version: 15.0.0.183)

ImageMixer VCD2 for FinePix

IPM_PSP_COM (Version: 15.0.0.183)

Jasc Paint Shop Pro 8 (Version: 8.00.0000)

Java 7 Update 25 (Version: 7.0.250)

Java Auto Updater (Version: 2.1.9.5)

jZip

lucky leap 3.0.0 (Version: 3.0.0)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

McAfee Security Scan Plus (Version: 3.0.318.3)

Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)

Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6012.5000)

Microsoft Choice Guard (Version: 2.0.48.0)

Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Publisher 2000 SR-1 (Version: 9.00.3821)

Microsoft Silverlight (Version: 5.1.20513.0)

Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000)

Microsoft Text-to-Speech Engine 4.0 (English)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

MicroStaff WINASPI

Motor Town: Soul of the Machine

Motorola Phone Tools (Version: 4.1 12-9-2005)

MSVCRT (Version: 14.0.1468.721)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

Mystery Case Files®: Escape from Ravenhearst™ Collector's Edition

Nearwood Collector's Edition

Nightmares from the Deep: The Siren's Call Collector's Edition

NVIDIA Control Panel 307.83 (Version: 307.83)

NVIDIA Display Control Panel (Version: 6.14.11.9713)

NVIDIA Drivers (Version: 1.10.57.35)

NVIDIA Graphics Driver 307.83 (Version: 307.83)

NVIDIA Install Application (Version: 2.1002.109.706)

NVIDIA nView 136.53 (Version: 136.53)

NVIDIA nView Desktop Manager (Version: 6.14.10.00)

NVIDIA Update 1.10.8 (Version: 1.10.8)

NVIDIA Update Components (Version: 1.10.8)

Ocean Express

Paint Shop Pro 6 Digital Camera Support

Paint Shop Pro 6.0 (CD-ROM)

PDF to ePub Converter 3.0.6

Personal Ancestral File 5

Phenomenon: Meteorite

PhotoFiltre

PSPPContent (Version: 15.2.0.12)

PSPPHelp (Version: 15.0.0.183)

Quake 4 (Version: 1.0)

QuickTime (Version: 7.73.80.64)

RAW FILE CONVERTER LE

Realtek High Definition Audio Driver (Version: 5.10.0.6438)

Safari (Version: 5.34.57.2)

Segoe UI (Version: 14.0.4327.805)

Setup (Version: 15.0.0.183)

Skype Click to Call (Version: 6.11.13348)

Skype™ 6.6 (Version: 6.6.106)

SugarSync (Version: 2.0.27.114357)

SumatraPDF 2.3.2 (Version: 2.3.2)

swMSM (Version: 12.0.0.1)

The Chronicles of Riddick - Assault on Dark Athena

Total Immersion D'Fusion Web Plugin

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition

Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)

Update for Windows XP (KB2345886) (Version: 1)

Update for Windows XP (KB2467659) (Version: 1)

Update for Windows XP (KB2541763) (Version: 1)

Update for Windows XP (KB2607712) (Version: 1)

Update for Windows XP (KB2616676) (Version: 1)

Update for Windows XP (KB2641690) (Version: 1)

Update for Windows XP (KB2661254-v2) (Version: 2)

Update for Windows XP (KB2718704) (Version: 1)

Update for Windows XP (KB2736233) (Version: 1)

Update for Windows XP (KB2749655) (Version: 1)

Update for Windows XP (KB2863058) (Version: 1)

Update for Windows XP (KB898461) (Version: 1)

Update for Windows XP (KB951978) (Version: 1)

Update for Windows XP (KB955759) (Version: 1)

Update for Windows XP (KB961503) (Version: 1)

Update for Windows XP (KB968389) (Version: 1)

Update for Windows XP (KB971029) (Version: 1)

Update for Windows XP (KB971737) (Version: 1)

Update for Windows XP (KB973687) (Version: 1)

Update for Windows XP (KB973815) (Version: 1)

Vacation Quest: Australia

VLC media player 2.0.5 (Version: 2.0.5)

WebFldrs XP (Version: 9.50.6513)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)

Windows Internet Explorer 8 (Version: 20090308.140743)

Windows Live Call (Version: 14.0.8117.0416)

Windows Live Communications Platform (Version: 14.0.8117.416)

Windows Live Essentials (Version: 14.0.8117.0416)

Windows Live Essentials (Version: 14.0.8117.416)

Windows Live Messenger (Version: 14.0.8117.0416)

Windows Live Sign-in Assistant (Version: 5.000.818.5)

Windows Live Upload Tool (Version: 14.0.8014.1029)

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3 (Version: 20080414.031525)

World Clock 2001

 

 

==================== Restore Points  =========================

 

12-06-2013 20:00:38 Software Distribution Service 3.0

13-06-2013 22:04:04 System Checkpoint

15-06-2013 00:55:31 System Checkpoint

16-06-2013 05:19:54 System Checkpoint

17-06-2013 22:19:08 System Checkpoint

19-06-2013 00:25:33 System Checkpoint

20-06-2013 03:35:42 System Checkpoint

20-06-2013 07:37:12 Installed Driver Manager.

20-06-2013 20:18:17 Removed Driver Manager.

20-06-2013 20:19:25 Installed Java 7 Update 25

22-06-2013 01:10:39 System Checkpoint

24-06-2013 01:14:21 System Checkpoint

25-06-2013 03:28:51 System Checkpoint

27-06-2013 01:12:10 System Checkpoint

28-06-2013 02:53:47 System Checkpoint

28-06-2013 07:21:09 Removed FishEye

29-06-2013 22:12:09 System Checkpoint

01-07-2013 21:49:21 System Checkpoint

02-07-2013 06:23:05 Installed Jasc Paint Shop Pro 8

03-07-2013 14:13:54 System Checkpoint

05-07-2013 03:44:07 System Checkpoint

06-07-2013 21:24:45 System Checkpoint

08-07-2013 20:41:44 System Checkpoint

09-07-2013 20:51:15 System Checkpoint

10-07-2013 20:00:29 Software Distribution Service 3.0

11-07-2013 21:25:10 System Checkpoint

12-07-2013 12:17:39 Software Distribution Service 3.0

13-07-2013 21:22:22 System Checkpoint

14-07-2013 22:01:32 System Checkpoint

15-07-2013 23:19:18 System Checkpoint

17-07-2013 00:11:20 Installed Driver Manager.

17-07-2013 00:14:44 Removed Driver Manager.

18-07-2013 00:51:19 System Checkpoint

19-07-2013 21:35:30 System Checkpoint

21-07-2013 00:07:47 System Checkpoint

22-07-2013 01:58:35 System Checkpoint

23-07-2013 07:24:37 System Checkpoint

24-07-2013 21:24:30 System Checkpoint

25-07-2013 21:34:00 System Checkpoint

27-07-2013 06:11:50 System Checkpoint

28-07-2013 21:51:22 System Checkpoint

29-07-2013 22:49:18 System Checkpoint

30-07-2013 23:08:47 System Checkpoint

01-08-2013 05:11:22 System Checkpoint

02-08-2013 00:31:28 Removed HP Deskjet 1050 J410 series Basic Device Software

02-08-2013 00:32:04 Removed HP Deskjet 1050 J410 series Basic Device Software

02-08-2013 00:32:39 Removed HP Deskjet 1050 J410 series Help

02-08-2013 00:33:05 Removed HP Deskjet 1050 J410 series Product Improvement Study

02-08-2013 00:33:48 Removed HP Update.

02-08-2013 20:00:18 Software Distribution Service 3.0

03-08-2013 22:00:13 System Checkpoint

04-08-2013 22:40:49 System Checkpoint

05-08-2013 22:52:37 System Checkpoint

06-08-2013 23:24:58 System Checkpoint

08-08-2013 04:56:19 System Checkpoint

09-08-2013 05:37:56 System Checkpoint

10-08-2013 21:03:30 System Checkpoint

11-08-2013 21:19:49 System Checkpoint

12-08-2013 21:32:01 System Checkpoint

13-08-2013 22:38:25 System Checkpoint

14-08-2013 11:33:24 Software Distribution Service 3.0

15-08-2013 23:37:00 Restore Operation

16-08-2013 02:31:35 Software Distribution Service 3.0

17-08-2013 20:37:01 System Checkpoint

18-08-2013 21:21:10 System Checkpoint

19-08-2013 21:38:37 System Checkpoint

21-08-2013 08:12:01 System Checkpoint

22-08-2013 22:13:27 System Checkpoint

24-08-2013 00:17:35 Installed DirectX

25-08-2013 03:49:21 System Checkpoint

26-08-2013 21:37:06 System Checkpoint

27-08-2013 23:04:35 System Checkpoint

28-08-2013 06:44:23 Software Distribution Service 3.0

29-08-2013 20:45:47 System Checkpoint

30-08-2013 23:17:56 System Checkpoint

01-09-2013 01:57:59 System Checkpoint

02-09-2013 04:28:00 System Checkpoint

03-09-2013 04:58:56 System Checkpoint

04-09-2013 05:40:13 System Checkpoint

04-09-2013 21:32:02 Installed DirectX

05-09-2013 22:32:31 System Checkpoint

07-09-2013 01:05:27 System Checkpoint

08-09-2013 02:01:17 System Checkpoint

09-09-2013 02:48:50 System Checkpoint

10-09-2013 00:22:44 Installed Convert PDF to EPUB 1.6.8.

 

==================== Hosts content: ==========================

 

2003-04-01 00:00 - 2013-04-24 12:23 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe

Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe

Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe

Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe

Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe

Task: C:\WINDOWS\Tasks\EPUpdater.job => C:\DOCUME~1\John\APPLIC~1\BABSOL~1\Shared\BabMaint.exe

Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004Core.job => C:\Documents and Settings\John\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe

Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004UA.job => C:\Documents and Settings\John\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004Core.job => C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004UA.job => C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2003-04-01 00:00 - 2009-02-27 16:56 - 00177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfime.ime

2013-04-25 05:59 - 2013-04-25 05:59 - 00130736 _____ (Dropbox, Inc.) C:\Documents and Settings\John\Application Data\Dropbox\bin\DropboxExt.19.dll

2013-06-18 09:53 - 2013-01-30 13:12 - 00159488 _____ (EldoS Corporation) C:\WINDOWS\system32\SSCbFsMntNtf3.dll

2013-06-18 09:53 - 2013-01-30 13:12 - 00225024 _____ (EldoS Corporation) C:\WINDOWS\system32\SSCbFsNetRdr3.dll

2013-06-06 07:22 - 2013-06-27 05:22 - 02090848 _____ (SugarSync, Inc.) C:\Program Files\SugarSync\SugarSyncShellExt.dll

2011-11-02 17:58 - 2010-12-30 15:32 - 00616960 _____ () C:\Program Files\Dropsend Direct beta\shellExt.dll

2012-02-12 10:32 - 2011-12-18 08:38 - 00548752 _____ (Bandoo media inc) C:\Program Files\jZip\jZipShell.dll

2013-01-09 12:16 - 2013-01-09 12:16 - 00085320 _____ (Corel Software, Inc.) c:\Program Files\Corel\Corel PaintShop Pro X5\PSPContextMenu.dll

2011-09-16 13:38 - 2009-03-17 05:00 - 00272384 _____ (CANON INC.) C:\WINDOWS\system32\CNMLM9X.DLL

2013-08-02 12:38 - 2010-11-17 11:55 - 00267112 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinksts8911LM.dll

2001-11-16 05:00 - 2001-11-16 05:00 - 00114744 _____ (HP) C:\WINDOWS\system32\hpzlnt04.dll

2011-09-18 08:02 - 2008-07-07 00:06 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll

2011-09-16 12:56 - 2006-10-26 19:56 - 00033104 _____ (Microsoft Corporation) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\msonpppr.dll

2011-09-18 08:02 - 2008-07-07 00:06 - 00744960 _____ (Microsoft Corporation) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL

2013-02-25 09:49 - 2013-02-25 09:44 - 00397704 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll

2010-03-16 03:37 - 2013-01-31 21:02 - 00108832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvMCTray.dll

2011-09-13 12:40 - 2013-02-08 05:02 - 02389504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi.dll

2012-04-14 03:44 - 2012-04-14 03:44 - 02512896 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\SugarSync\QtCore4.dll

2012-04-14 04:00 - 2012-04-14 04:00 - 08351744 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\SugarSync\QtGui4.dll

2012-04-14 03:51 - 2012-04-14 03:51 - 01778688 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\SugarSync\QtNetwork4.dll

2012-04-14 05:48 - 2012-04-14 05:48 - 13110784 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\SugarSync\QtWebKit4.dll

2012-04-14 03:44 - 2012-04-14 03:44 - 00355840 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\SugarSync\QtXml4.dll

2012-04-14 04:11 - 2012-04-14 04:11 - 01341440 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\SugarSync\QtScript4.dll

2012-04-14 05:50 - 2012-04-14 05:50 - 00026624 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\SugarSync\imageformats\qgif4.dll

2012-04-14 05:51 - 2012-04-14 05:51 - 00028672 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\SugarSync\imageformats\qico4.dll

2012-04-14 05:50 - 2012-04-14 05:50 - 00201216 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\SugarSync\imageformats\qjpeg4.dll

2013-02-25 09:49 - 2013-06-27 20:23 - 00154112 _____ (Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\apcfile.dll

2013-02-25 09:49 - 2013-02-25 09:46 - 00257536 _____ (The cURL library, http://curl.haxx.se/) C:\Program Files\Avira\AntiVir Desktop\libcurl.dll

2013-08-02 12:38 - 2010-11-17 11:55 - 01792872 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\HPScanMiniDrv_DJ1050_J410.dll

2013-09-06 09:02 - 2013-09-10 07:43 - 00014112 _____ (lucky leap) C:\Program Files\lucky leap\luckyleap.Common.dll

2013-09-10 12:23 - 2013-08-31 01:03 - 02699232 _____ () C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.221\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll

2013-09-04 18:02 - 2013-09-03 08:34 - 47074256 _____ (Google Inc.) C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\chrome.dll

2013-09-04 18:02 - 2013-09-03 08:35 - 09962960 _____ (The ICU Project) C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\icudt.dll

2003-04-01 00:00 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll

2003-04-01 00:00 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

2013-09-04 18:02 - 2013-09-03 08:35 - 04053456 _____ () C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\pdf.dll

2013-09-04 18:02 - 2013-09-03 08:35 - 00410576 _____ () C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll

2013-09-04 18:02 - 2013-09-03 08:35 - 02110928 _____ (Google Inc.) C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\libpeerconnection.dll

2013-09-04 18:02 - 2013-09-03 08:35 - 01604560 _____ () C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll

2013-09-04 18:02 - 2013-09-03 08:35 - 13599184 _____ () C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) ==========

 

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:120E44A4

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1A15E356

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1A259A13

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1EC13383

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2636DE16

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2CB9631F

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:398D2775

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:3ADE134E

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:3B71586E

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:401CAF8F

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4B6A9FDA

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5008417E

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:58B3FE52

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:69F562A6

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6EE8565A

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7D938C9B

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7FA0D639

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:88FB7F72

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8A620099

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A391510C

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A7C40691

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A8369371

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A9223B61

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A9F13D2D

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B33464A5

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B602AC45

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B9F8237A

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BCFEA004

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BF1E0621

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C0D23A2F

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C370B84F

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C5340FA1

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C8E3A625

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CB5AA1E6

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CBAF0C30

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E4272706

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E4FD113F

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:EDF12A30

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F1174C93

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (09/09/2013 09:45:47 PM) (Source: Application Error) (User: )

Description: Faulting application bfgclient.exe, version 3.2.0.6, faulting module bfgclient.exe, version 3.2.0.6, fault address 0x001ee3bb.

Processing media-specific event for [bfgclient.exe!ws!]

 

Error: (09/08/2013 00:10:06 PM) (Source: Application Error) (User: )

Description: Faulting application chrome.exe, version 29.0.1547.66, faulting module chrome.dll, version 29.0.1547.66, fault address 0x0067d20c.

Processing media-specific event for [chrome.exe!ws!]

 

Error: (09/06/2013 08:48:06 PM) (Source: Application Error) (User: )

Description: Faulting application bfgclient.exe, version 3.2.0.6, faulting module bfgclient.exe, version 3.2.0.6, fault address 0x001ee3bb.

Processing media-specific event for [bfgclient.exe!ws!]

 

Error: (09/06/2013 08:14:25 PM) (Source: Application Hang) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (09/06/2013 04:18:21 PM) (Source: Application Hang) (User: )

Description: Fault bucket 1180947459.

 

Error: (09/06/2013 04:18:14 PM) (Source: Application Hang) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (09/06/2013 00:15:36 PM) (Source: Application Hang) (User: )

Description: Fault bucket 1180947459.

 

Error: (09/06/2013 00:15:33 PM) (Source: Application Hang) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (09/06/2013 00:14:16 PM) (Source: Application Hang) (User: )

Description: Fault bucket 1180947459.

 

Error: (09/06/2013 00:14:07 PM) (Source: Application Hang) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

 

System errors:

=============

Error: (09/07/2013 00:39:41 PM) (Source: Service Control Manager) (User: )

Description: The Update lucky leap service failed to start due to the following error: 

%%1053

 

Error: (09/07/2013 00:39:41 PM) (Source: Service Control Manager) (User: )

Description: Timeout (30000 milliseconds) waiting for the Update lucky leap service to connect.

 

Error: (09/07/2013 07:25:11 AM) (Source: Service Control Manager) (User: )

Description: The Update lucky leap service failed to start due to the following error: 

%%1053

 

Error: (09/07/2013 07:25:11 AM) (Source: Service Control Manager) (User: )

Description: Timeout (30000 milliseconds) waiting for the Update lucky leap service to connect.

 

Error: (09/02/2013 07:35:14 AM) (Source: Print) (User: NT AUTHORITY)

Description: Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer2.

 

Error: (08/28/2013 02:26:07 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: The server {D61A27C6-8F53-11D0-BFA0-00A024151983} did not register with DCOM within the required timeout.

 

Error: (08/26/2013 07:40:36 AM) (Source: Service Control Manager) (User: )

Description: The Computer Backup (MyPC Backup) service failed to start due to the following error: 

%%1053

 

Error: (08/26/2013 07:40:36 AM) (Source: Service Control Manager) (User: )

Description: Timeout (30000 milliseconds) waiting for the Computer Backup (MyPC Backup) service to connect.

 

 

Microsoft Office Sessions:

=========================

Error: (01/25/2012 07:43:28 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2140 seconds with 960 seconds of active time.  This session ended with a crash.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 26%

Total physical RAM: 3519.48 MB

Available physical RAM: 2587.17 MB

Total Pagefile: 5402.66 MB

Available Pagefile: 4419.91 MB

Total Virtual: 2047.88 MB

Available Virtual: 1938.86 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:465.75 GB) (Free:384.75 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive d: (QUAKE4) (CDROM) (Total:2.7 GB) (Free:0 GB) UDF

Drive e: () (Fixed) (Total:149.01 GB) (Free:85.58 GB) FAT32

Drive s: (SugarSync Drive) (Fixed) (Total:5.75 GB) (Free:5.36 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 83FA83FA)

Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 149 GB) (Disk ID: D066BE06)

Partition 1: (Active) - (Size=149 GB) - (Type=0C)

 

==================== End Of Log ====

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013 01

Ran by John (administrator) on JOHNSPC on 10-09-2013 17:53:39

Running from C:\Documents and Settings\John\Desktop

Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

 

==================== Processes (Whitelisted) ===================

 

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(PixArt Imaging Incorporation) C:\WINDOWS\PixArt\PAC7302\Monitor.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

(SugarSync, Inc.) C:\Program Files\SugarSync\SugarSync.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

() C:\Documents and Settings\John\Application Data\DefaultTab\DefaultTab\DTUpdate.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(lucky leap) C:\Program Files\lucky leap\updateluckyleap.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

() C:\Program Files\DefaultTab\DefaultTabSearch.exe

() C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.221\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe

() C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.221\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe

(Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe

(Google Inc.) C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [20055144 2011-08-09] (Realtek Semiconductor Corp.)

HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [PAC7302_Monitor] - C:\WINDOWS\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)

HKLM\...\Run: [REGSHAVE] - C:\Program Files\REGSHAVE\REGSHAVE.EXE [53248 2002-02-04] (FUJI PHOTO FILM CO., LTD.)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-06] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [FolderTransfer] - C:\Program Files\FolderTransfer\FolderTransfer.exe h

HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [NvMediaCenter] - RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1982312 2013-01-31] ()

HKLM\...\Run: [HPDJ Taskbar Utility] - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [196608 2001-11-16] (HP)

HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

HKLM\...\Run: [] - [x]

HKLM\...\Policies\Explorer: [NoDrives] 0

HKCU\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)

HKCU\...\Run: [Facebook Update] - C:\Documents and Settings\John\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2013-05-11] (Facebook Inc.)

HKCU\...\Run: [Google Update] - C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-06-20] (Google Inc.)

HKCU\...\Run: [sugarSync] - C:\Program Files\SugarSync\SugarSync.exe [12419424 2013-06-27] (SugarSync, Inc.)

HKCU\...\Run: [updateMyDrivers] - C:\Program Files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss

HKCU\...\Policies\Explorer: [NoDrives] 0

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\John\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\MyPC Backup.lnk

ShortcutTarget: MyPC Backup.lnk -> C:\Avenger\MyPC Backup.exe (No File)

Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()

Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\World Clock 2001.LNK

ShortcutTarget: World Clock 2001.LNK -> C:\Program Files\Zada Solutions\World Clock\zsWldClk.exe (Zada Solutions)

SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\WINDOWS\system32\SSCbFsMntNtf3.dll (EldoS Corporation)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.co.nz/

HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.holasearch.com/?babsrc=HP_ss&mntrId=E4E600241D0677A4&affID=121962&tsp=5001


SearchScopes: HKLM - Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}


SearchScopes: HKCU - Backup.Old.DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233}

SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.holasearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=E4E600241D0677A4&affID=121962&tsp=5001

SearchScopes: HKCU - {56F49C0F-5D79-4DDD-B856-8BAAF9D15832} URL = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}


SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101} URL = 

SearchScopes: HKCU - {D7ECBE8E-69D9-4328-BDBE-1E2B614A086B} URL = http://www.mysearchresults.com/search?c=2408&t=14&q={searchTerms}

BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\John\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)

BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: lucky leap - {d77aa852-def3-43cb-a3f5-bd679de72f32} - C:\Program Files\lucky leap\luckyleapbho.dll (luckyleap)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU -No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab





Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

Chrome: 

=======

CHR Extension: (lucky leap) - C:\DOCUME~1\John\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_0

CHR Extension: (DefaultTab) - C:\DOCUME~1\John\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.27_0

CHR Extension: (Skype Click to Call) - C:\DOCUME~1\John\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0

CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\John\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0

CHR HKLM\...\Chrome\Extension: [bbffdhejhaoiflnpooogkckfdcmmjppn] - C:\Program Files\FTDownloader.com\FTDownloader10.crx

CHR HKLM\...\Chrome\Extension: [eiimolhnbbbdagljikeckdkldgemmmlj] - C:\Program Files\lucky leap\eiimolhnbbbdagljikeckdkldgemmmlj.crx

CHR HKLM\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files\DefaultTab\DefaultTab.crx

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

CHR HKLM\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files\Gophoto.it\gophotoit14.crx

CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

 

========================== Services (Whitelisted) =================

 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-06] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-06] (Avira Operations GmbH & Co. KG)

R2 BrowserDefendert; C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.221\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2838496 2013-08-31] ()

R2 DefaultTabSearch; C:\Program Files\DefaultTab\DefaultTabSearch.exe [573952 2013-09-10] ()

R2 DefaultTabUpdate; C:\Documents and Settings\John\Application Data\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-09-06] ()

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-06] (McAfee, Inc.)

R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3291008 2013-08-14] (Skype Technologies S.A.)

R2 Update lucky leap; C:\Program Files\lucky leap\updateluckyleap.exe [206624 2013-08-30] (lucky leap)

R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

 

==================== Drivers (Whitelisted) ====================

 

S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-06] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-06] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-29] (Avira Operations GmbH & Co. KG)

R1 BANTExt; C:\Windows\System32\Drivers\BANTExt.sys [3840 2011-08-09] ()

R3 CamSuiteVAC; C:\Windows\System32\DRIVERS\CamSuiteVAC.sys [37560 2008-09-20] ()

R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)

R2 MASPINT; C:\Windows\System32\Drivers\MASPINT.sys [8096 2000-03-29] (MicroStaff Co.,Ltd.)

S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)

S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)

R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation)

R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation)

S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [457856 2007-06-14] (PixArt Imaging Inc.)

R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)

R3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [295936 2013-01-30] (EldoS Corporation)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-25] (Avira GmbH)

S3 usbsermpt; C:\Windows\System32\DRIVERS\usbsermpt.sys [22768 2012-10-08] (Microsoft Corporation)

S4 IntelIde; No ImagePath

U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

U3 TlntSvr; 

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-09-10 17:52 - 2013-09-10 17:53 - 01082349 _____ (Farbar) C:\Documents and Settings\John\Desktop\FRST.exe

2013-09-10 12:26 - 2013-09-10 12:26 - 00000000 ____D C:\Documents and Settings\John\Application Data\calibre

2013-09-10 12:25 - 2013-09-10 12:25 - 00000000 ____D C:\Documents and Settings\John\My Documents\Anicesoft

2013-09-10 12:25 - 2013-09-10 12:25 - 00000000 ____D C:\Documents and Settings\John\Local Settings\Application Data\avgchrome

2013-09-10 12:25 - 2013-09-10 12:25 - 00000000 ____D C:\Documents and Settings\John\Application Data\Anicesoft

2013-09-10 12:23 - 2013-09-10 15:13 - 00002507 _____ C:\Documents and Settings\All Users\Desktop\Convert PDF to EPUB.lnk

2013-09-10 12:23 - 2013-09-10 12:25 - 00000000 ____D C:\Documents and Settings\John\Application Data\PerformerSoft

2013-09-10 12:23 - 2013-09-10 12:23 - 00000262 _____ C:\WINDOWS\Tasks\EPUpdater.job

2013-09-10 12:23 - 2013-09-10 12:23 - 00000000 ____D C:\WINDOWS\system32\searchplugins

2013-09-10 12:23 - 2013-09-10 12:23 - 00000000 ____D C:\WINDOWS\system32\Extensions

2013-09-10 12:23 - 2013-09-10 12:23 - 00000000 ____D C:\Documents and Settings\John\Start Menu\Programs\BrowserDefender

2013-09-10 12:23 - 2013-09-10 12:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IBUpdaterService

2013-09-10 12:23 - 2013-09-10 12:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\BrowserDefender

2013-09-10 12:22 - 2013-09-10 12:22 - 00000000 ____D C:\Program Files\AniceSoft

2013-09-10 12:22 - 2013-09-10 12:22 - 00000000 ____D C:\Documents and Settings\John\Application Data\Babylon

2013-09-10 12:22 - 2013-09-10 12:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Babylon

2013-09-10 12:15 - 2013-09-10 12:22 - 54048177 _____ C:\Documents and Settings\John\Desktop\convert-pdf-to-epub.zip

2013-09-10 12:14 - 2013-09-10 12:14 - 00392024 _____ (Softonic                                        ) C:\Program Files\SoftonicDownloader_for_convert-pdf-to-epub.exe

2013-09-10 12:05 - 2013-09-10 12:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVS4YOU

2013-09-10 12:04 - 2013-09-10 12:08 - 00000000 ____D C:\Program Files\Common Files\AVSMedia

2013-09-10 12:04 - 2013-09-10 12:08 - 00000000 ____D C:\Program Files\AVS4YOU

2013-09-10 12:04 - 2010-07-21 14:31 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3a.dll

2013-09-10 12:02 - 2013-09-10 12:04 - 30433416 _____ (Online Media Technologies Ltd.                              ) C:\Program Files\AVSDocumentConverter.exe

2013-09-10 07:46 - 2013-09-10 13:46 - 96851172 _____ C:\WINDOWS\system32\匢L

2013-09-09 18:34 - 2013-09-09 18:34 - 00187901 _____ C:\Documents and Settings\John\Desktop\Dropbox - Fast Friends Forever.htm

2013-09-09 18:34 - 2013-09-09 18:34 - 00000000 ____D C:\Documents and Settings\John\Desktop\Dropbox - Fast Friends Forever_files

2013-09-06 20:23 - 2013-09-06 20:23 - 00000000 ____D C:\Documents and Settings\John\Application Data\Big Fish Games

2013-09-06 16:21 - 2013-09-06 16:21 - 00000000 ____D C:\Program Files\Dropbox

2013-09-06 16:21 - 2013-09-06 16:21 - 00000000 ____D C:\Documents and Settings\John\Start Menu\Programs\Dropbox

2013-09-06 10:39 - 2013-09-06 10:39 - 20059524 _____ C:\Documents and Settings\John\My Documents\BC9_11 hires 9.epub

2013-09-06 09:02 - 2013-09-10 09:03 - 00000000 ____D C:\Program Files\DefaultTab

2013-09-06 09:02 - 2013-09-06 09:02 - 00000000 ____D C:\Program Files\PDF to ePub Converter

2013-09-06 09:02 - 2013-09-06 09:02 - 00000000 ____D C:\Program Files\lucky leap

2013-09-06 09:02 - 2013-09-06 09:02 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

2013-09-06 09:02 - 2013-09-06 09:02 - 00000000 ____D C:\Documents and Settings\John\Application Data\DefaultTab

2013-09-05 09:31 - 2013-09-05 09:31 - 00002088 _____ C:\Documents and Settings\All Users\Desktop\Play Mystery Case Files - Escape from Ravenhearst Collector's Edition.lnk

2013-09-05 09:29 - 2013-09-05 09:32 - 00000000 ____D C:\Program Files\Mystery Case Files - Escape from Ravenhearst Collector's Edition

2013-09-01 22:12 - 2013-09-01 22:12 - 00000000 ____D C:\Documents and Settings\John\Desktop\Self publishing

2013-09-01 21:42 - 2013-09-01 21:42 - 00000734 _____ C:\Documents and Settings\John\Desktop\GIMP 2.lnk

2013-09-01 21:40 - 2013-09-01 21:40 - 00001496 _____ C:\Documents and Settings\John\Local Settings\Application Data\recently-used.xbel

2013-09-01 21:38 - 2013-09-01 21:40 - 00000000 ____D C:\Documents and Settings\John\Local Settings\Application Data\gtk-2.0

2013-09-01 21:38 - 2013-09-01 21:38 - 00000000 ____D C:\Documents and Settings\John\.thumbnails

2013-09-01 21:36 - 2013-09-01 21:43 - 00000000 ____D C:\Documents and Settings\John\.gimp-2.8

2013-09-01 21:35 - 2013-09-01 21:35 - 00000000 ____D C:\Documents and Settings\John\Local Settings\Application Data\gegl-0.2

2013-09-01 21:32 - 2013-09-01 21:35 - 00000000 ____D C:\Program Files\GIMP 2

2013-09-01 21:26 - 2013-09-01 21:31 - 90139696 _____ (The GIMP Team                                               ) C:\Program Files\gimp-2.8.6-setup.exe

2013-09-01 21:21 - 2013-09-01 21:21 - 00000000 ____D C:\Program Files\FramePhotoEditor

2013-09-01 21:21 - 2013-09-01 21:21 - 00000000 ____D C:\Documents and Settings\John\Start Menu\Programs\FramePhotoEditor

2013-09-01 11:53 - 2013-09-01 11:53 - 00003398 _____ C:\Documents and Settings\John\Desktop\Cauliflower Fritters Recipe - Taste.com.au.url

2013-09-01 08:04 - 2013-09-01 08:05 - 00000000 ____D C:\Program Files\Fearful Tales - Hansel and Gretel Collectors Edition

2013-08-31 13:35 - 2013-08-31 13:35 - 00000000 ____D C:\Documents and Settings\John\Desktop\Sent to Hesp

2013-08-31 13:32 - 2013-08-31 13:34 - 00000000 ____D C:\Documents and Settings\John\Desktop\Sent to Bruce

2013-08-28 18:44 - 2013-08-28 18:44 - 00005602 _____ C:\WINDOWS\KB2834904-v2.log

2013-08-28 18:44 - 2013-08-28 18:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$

2013-08-27 08:20 - 2013-08-28 07:06 - 00000000 ____D C:\Avenger

2013-08-25 10:50 - 2013-08-25 10:50 - 00000000 ____D C:\Documents and Settings\John\Start Menu\Programs\MyPC Backup

2013-08-25 10:47 - 2013-08-25 10:56 - 00000000 ____D C:\Documents and Settings\John\Application Data\Systweak

2013-08-25 10:47 - 2013-06-19 14:58 - 00017920 _____ (PerformerSoft LLC) C:\WINDOWS\system32\roboot.exe

2013-08-24 23:21 - 2013-08-24 23:23 - 00000000 ____D C:\Documents and Settings\John\Application Data\DarkManor

2013-08-24 12:15 - 2013-08-24 23:22 - 00000000 ____D C:\Program Files\Dark Manor - A Hidden Object Mystery

2013-08-24 07:45 - 2013-08-24 07:45 - 00000000 __SHD C:\Documents and Settings\UpdatusUser\IETldCache

2013-08-19 16:52 - 2013-08-19 16:56 - 00000000 ____D C:\Program Files\Phenomenon - Meteorite

2013-08-19 15:46 - 2013-08-19 15:47 - 00000000 ____D C:\Program Files\Grim Tales - Bloody Mary Collectors Edition

2013-08-19 10:12 - 2013-08-19 10:12 - 00000995 _____ C:\Documents and Settings\John\Desktop\SpiffoSpeaks • Retired Greyhounds Adopted by Famous-Infamous People.url

2013-08-17 10:49 - 2013-08-17 10:49 - 00000000 ____D C:\Program Files\Echoes of the Past - The Kingdom of Despair Collectors Edition

2013-08-16 07:12 - 2013-08-16 07:12 - 00090112 _____ C:\WINDOWS\Minidump\Mini081613-01.dmp

2013-08-15 11:56 - 2013-08-16 11:37 - 00000000 ____D C:\Program Files\Clockwork Tales - Of Glass and Ink Collector's Edition

2013-08-14 23:50 - 2013-08-16 14:52 - 00025741 _____ C:\WINDOWS\KB2862772-IE8.log

2013-08-14 23:37 - 2013-08-16 14:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$

2013-08-14 23:37 - 2013-08-16 14:35 - 00010654 _____ C:\WINDOWS\KB2863058.log

2013-08-14 23:37 - 2013-08-16 14:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$

2013-08-14 23:37 - 2013-08-16 14:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$

2013-08-14 23:37 - 2013-08-16 14:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$

2013-08-14 08:04 - 2013-08-16 14:36 - 00018703 _____ C:\WINDOWS\KB2850869.log

2013-08-14 08:04 - 2013-08-16 14:35 - 00021163 _____ C:\WINDOWS\KB2859537.log

2013-08-11 23:25 - 2013-08-11 23:25 - 00000000 ____D C:\Documents and Settings\John\Local Settings\Application Data\WarThunder

2013-08-11 23:25 - 2013-08-11 23:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WarThunder

2013-08-11 16:22 - 2013-08-11 16:24 - 00000000 ____D C:\Program Files\Haunted Legends - The Bronze Horseman

2013-08-11 15:11 - 2013-08-11 15:13 - 00000000 ____D C:\Program Files\Nightmares from the Deep - The Siren's Call Collector's Edition

2013-08-11 09:35 - 2013-08-11 09:35 - 00000000 ____D C:\Documents and Settings\John\My Documents\Nearwood CE

2013-08-11 08:48 - 2013-08-11 08:49 - 00000000 ____D C:\Program Files\Nearwood Collector's Edition

 

==================== One Month Modified Files and Folders =======

 

2013-09-10 17:53 - 2013-09-10 17:53 - 00000000 ____D C:\FRST

2013-09-10 17:53 - 2013-09-10 17:52 - 01082349 _____ (Farbar) C:\Documents and Settings\John\Desktop\FRST.exe

2013-09-10 17:07 - 2011-10-02 21:21 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2013-09-10 16:58 - 2013-04-27 17:59 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2013-09-10 16:57 - 2012-06-20 08:21 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004UA.job

2013-09-10 15:41 - 2011-09-13 12:16 - 02057175 _____ C:\WINDOWS\WindowsUpdate.log

2013-09-10 15:31 - 2013-05-11 18:26 - 00000994 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004UA.job

2013-09-10 15:13 - 2013-09-10 12:23 - 00002507 _____ C:\Documents and Settings\All Users\Desktop\Convert PDF to EPUB.lnk

2013-09-10 14:57 - 2012-06-20 08:21 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004Core.job

2013-09-10 14:00 - 2013-08-02 12:38 - 00000464 _____ C:\WINDOWS\Tasks\At4.job

2013-09-10 13:46 - 2013-09-10 07:46 - 96851172 _____ C:\WINDOWS\system32\匢L

2013-09-10 12:38 - 2013-08-02 12:38 - 00000464 _____ C:\WINDOWS\Tasks\At3.job

2013-09-10 12:26 - 2013-09-10 12:26 - 00000000 ____D C:\Documents and Settings\John\Application Data\calibre

2013-09-10 12:25 - 2013-09-10 12:25 - 00000000 ____D C:\Documents and Settings\John\My Documents\Anicesoft

2013-09-10 12:25 - 2013-09-10 12:25 - 00000000 ____D C:\Documents and Settings\John\Local Settings\Application Data\avgchrome

2013-09-10 12:25 - 2013-09-10 12:25 - 00000000 ____D C:\Documents and Settings\John\Application Data\Anicesoft

2013-09-10 12:25 - 2013-09-10 12:23 - 00000000 ____D C:\Documents and Settings\John\Application Data\PerformerSoft

2013-09-10 12:23 - 2013-09-10 12:23 - 00000262 _____ C:\WINDOWS\Tasks\EPUpdater.job

2013-09-10 12:23 - 2013-09-10 12:23 - 00000000 ____D C:\WINDOWS\system32\searchplugins

2013-09-10 12:23 - 2013-09-10 12:23 - 00000000 ____D C:\WINDOWS\system32\Extensions

2013-09-10 12:23 - 2013-09-10 12:23 - 00000000 ____D C:\Documents and Settings\John\Start Menu\Programs\BrowserDefender

2013-09-10 12:23 - 2013-09-10 12:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IBUpdaterService

2013-09-10 12:23 - 2013-09-10 12:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\BrowserDefender

2013-09-10 12:23 - 2013-04-27 09:44 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-09-10 12:22 - 2013-09-10 12:22 - 00000000 ____D C:\Program Files\AniceSoft

2013-09-10 12:22 - 2013-09-10 12:22 - 00000000 ____D C:\Documents and Settings\John\Application Data\Babylon

2013-09-10 12:22 - 2013-09-10 12:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Babylon

2013-09-10 12:22 - 2013-09-10 12:15 - 54048177 _____ C:\Documents and Settings\John\Desktop\convert-pdf-to-epub.zip

2013-09-10 12:14 - 2013-09-10 12:14 - 00392024 _____ (Softonic                                        ) C:\Program Files\SoftonicDownloader_for_convert-pdf-to-epub.exe

2013-09-10 12:08 - 2013-09-10 12:04 - 00000000 ____D C:\Program Files\Common Files\AVSMedia

2013-09-10 12:08 - 2013-09-10 12:04 - 00000000 ____D C:\Program Files\AVS4YOU

2013-09-10 12:05 - 2013-09-10 12:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVS4YOU

2013-09-10 12:04 - 2013-09-10 12:02 - 30433416 _____ (Online Media Technologies Ltd.                              ) C:\Program Files\AVSDocumentConverter.exe

2013-09-10 10:10 - 2013-08-02 12:38 - 00000464 _____ C:\WINDOWS\Tasks\At1.job

2013-09-10 09:12 - 2011-09-13 23:40 - 00000211 _____ C:\WINDOWS\wiadebug.log

2013-09-10 09:03 - 2013-09-06 09:02 - 00000000 ____D C:\Program Files\DefaultTab

2013-09-10 08:38 - 2011-09-17 06:43 - 00000000 ____D C:\Documents and Settings\John\Application Data\Skype

2013-09-10 08:07 - 2011-10-02 21:21 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2013-09-10 07:45 - 2012-10-07 17:47 - 00000000 ____D C:\Documents and Settings\John\Application Data\Dropbox

2013-09-10 07:43 - 2011-09-13 23:40 - 00000049 _____ C:\WINDOWS\wiaservc.log

2013-09-10 07:43 - 2011-09-13 11:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2013-09-10 07:43 - 2003-04-01 00:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl

2013-09-09 21:49 - 2011-09-13 11:56 - 00000178 ___SH C:\Documents and Settings\John\ntuser.ini

2013-09-09 21:49 - 2011-09-13 11:56 - 00000000 ____D C:\Documents and Settings\John

2013-09-09 21:49 - 2011-09-13 11:55 - 00032372 _____ C:\WINDOWS\SchedLgU.Txt

2013-09-09 20:40 - 2013-08-02 12:38 - 00000464 _____ C:\WINDOWS\Tasks\At2.job

2013-09-09 18:34 - 2013-09-09 18:34 - 00187901 _____ C:\Documents and Settings\John\Desktop\Dropbox - Fast Friends Forever.htm

2013-09-09 18:34 - 2013-09-09 18:34 - 00000000 ____D C:\Documents and Settings\John\Desktop\Dropbox - Fast Friends Forever_files

2013-09-09 18:31 - 2013-05-11 18:26 - 00000972 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004Core.job

2013-09-09 18:12 - 2011-09-16 13:27 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2013-09-06 20:23 - 2013-09-06 20:23 - 00000000 ____D C:\Documents and Settings\John\Application Data\Big Fish Games

2013-09-06 16:21 - 2013-09-06 16:21 - 00000000 ____D C:\Program Files\Dropbox

2013-09-06 16:21 - 2013-09-06 16:21 - 00000000 ____D C:\Documents and Settings\John\Start Menu\Programs\Dropbox

2013-09-06 16:13 - 2013-06-15 21:41 - 00000000 ____D C:\Documents and Settings\John\Desktop\The kids 15.6.13

2013-09-06 10:39 - 2013-09-06 10:39 - 20059524 _____ C:\Documents and Settings\John\My Documents\BC9_11 hires 9.epub

2013-09-06 09:02 - 2013-09-06 09:02 - 00000000 ____D C:\Program Files\PDF to ePub Converter

2013-09-06 09:02 - 2013-09-06 09:02 - 00000000 ____D C:\Program Files\lucky leap

2013-09-06 09:02 - 2013-09-06 09:02 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

2013-09-06 09:02 - 2013-09-06 09:02 - 00000000 ____D C:\Documents and Settings\John\Application Data\DefaultTab

2013-09-06 08:04 - 2013-04-30 21:40 - 00000000 ____D C:\Documents and Settings\John\Desktop\John Tracie book

2013-09-06 07:22 - 2013-02-25 09:49 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys

2013-09-06 07:22 - 2013-02-25 09:49 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys

2013-09-05 18:54 - 2011-09-13 23:38 - 00162579 _____ C:\WINDOWS\setupact.log

2013-09-05 09:32 - 2013-09-05 09:29 - 00000000 ____D C:\Program Files\Mystery Case Files - Escape from Ravenhearst Collector's Edition

2013-09-05 09:32 - 2013-03-14 21:17 - 00123136 _____ C:\WINDOWS\setupapi.log

2013-09-05 09:32 - 2011-09-13 11:51 - 00000000 ____D C:\WINDOWS\system32\DirectX

2013-09-05 09:31 - 2013-09-05 09:31 - 00002088 _____ C:\Documents and Settings\All Users\Desktop\Play Mystery Case Files - Escape from Ravenhearst Collector's Edition.lnk

2013-09-04 20:40 - 2013-05-01 12:50 - 00000000 ____D C:\Documents and Settings\John\Desktop\Poem of the Day May 2013

2013-09-02 20:59 - 2013-06-02 07:17 - 00000000 ____D C:\Documents and Settings\John\Desktop\Fast Friends Forever

2013-09-02 13:05 - 2011-09-16 12:59 - 00037888 _____ C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-09-01 22:17 - 2013-07-25 12:59 - 00000000 ____D C:\Documents and Settings\John\Desktop\New Folder

2013-09-01 22:12 - 2013-09-01 22:12 - 00000000 ____D C:\Documents and Settings\John\Desktop\Self publishing

2013-09-01 21:43 - 2013-09-01 21:36 - 00000000 ____D C:\Documents and Settings\John\.gimp-2.8

2013-09-01 21:42 - 2013-09-01 21:42 - 00000734 _____ C:\Documents and Settings\John\Desktop\GIMP 2.lnk

2013-09-01 21:40 - 2013-09-01 21:40 - 00001496 _____ C:\Documents and Settings\John\Local Settings\Application Data\recently-used.xbel

2013-09-01 21:40 - 2013-09-01 21:38 - 00000000 ____D C:\Documents and Settings\John\Local Settings\Application Data\gtk-2.0

2013-09-01 21:38 - 2013-09-01 21:38 - 00000000 ____D C:\Documents and Settings\John\.thumbnails

2013-09-01 21:35 - 2013-09-01 21:35 - 00000000 ____D C:\Documents and Settings\John\Local Settings\Application Data\gegl-0.2

2013-09-01 21:35 - 2013-09-01 21:32 - 00000000 ____D C:\Program Files\GIMP 2

2013-09-01 21:31 - 2013-09-01 21:26 - 90139696 _____ (The GIMP Team                                               ) C:\Program Files\gimp-2.8.6-setup.exe

2013-09-01 21:23 - 2011-12-24 04:41 - 00000000 ____D C:\Program Files\Amazon

2013-09-01 21:21 - 2013-09-01 21:21 - 00000000 ____D C:\Program Files\FramePhotoEditor

2013-09-01 21:21 - 2013-09-01 21:21 - 00000000 ____D C:\Documents and Settings\John\Start Menu\Programs\FramePhotoEditor

2013-09-01 11:53 - 2013-09-01 11:53 - 00003398 _____ C:\Documents and Settings\John\Desktop\Cauliflower Fritters Recipe - Taste.com.au.url

2013-09-01 08:05 - 2013-09-01 08:04 - 00000000 ____D C:\Program Files\Fearful Tales - Hansel and Gretel Collectors Edition

2013-09-01 07:41 - 2013-02-13 16:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Big Fish

2013-09-01 07:41 - 2011-09-16 19:13 - 00000000 ____D C:\Program Files\bfgclient

2013-08-31 13:35 - 2013-08-31 13:35 - 00000000 ____D C:\Documents and Settings\John\Desktop\Sent to Hesp

2013-08-31 13:34 - 2013-08-31 13:32 - 00000000 ____D C:\Documents and Settings\John\Desktop\Sent to Bruce

2013-08-31 07:58 - 2013-08-02 08:58 - 00000000 ____D C:\Documents and Settings\John\Application Data\Mozilla

2013-08-31 07:26 - 2013-06-07 15:00 - 00000000 ____D C:\Documents and Settings\John\Desktop\John Hesp Bruce book

2013-08-30 09:57 - 2011-09-13 12:16 - 00061733 _____ C:\WINDOWS\wmsetup.log

2013-08-28 18:44 - 2013-08-28 18:44 - 00005602 _____ C:\WINDOWS\KB2834904-v2.log

2013-08-28 18:44 - 2013-08-28 18:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$

2013-08-28 18:44 - 2011-09-13 23:39 - 01448103 _____ C:\WINDOWS\FaxSetup.log

2013-08-28 18:44 - 2011-09-13 23:39 - 00729739 _____ C:\WINDOWS\ocgen.log

2013-08-28 18:44 - 2011-09-13 23:39 - 00561829 _____ C:\WINDOWS\tsoc.log

2013-08-28 18:44 - 2011-09-13 23:39 - 00493438 _____ C:\WINDOWS\comsetup.log

2013-08-28 18:44 - 2011-09-13 23:39 - 00300004 _____ C:\WINDOWS\ntdtcsetup.log

2013-08-28 18:44 - 2011-09-13 23:39 - 00226870 _____ C:\WINDOWS\iis6.log

2013-08-28 18:44 - 2011-09-13 23:39 - 00081043 _____ C:\WINDOWS\ocmsn.log

2013-08-28 18:44 - 2011-09-13 23:39 - 00073540 _____ C:\WINDOWS\msgsocm.log

2013-08-28 18:44 - 2011-09-13 23:39 - 00001374 _____ C:\WINDOWS\imsins.log

2013-08-28 07:08 - 2013-04-27 16:15 - 00000000 ____D C:\Documents and Settings\John\Start Menu\Programs\PC Utility Kit

2013-08-28 07:08 - 2013-04-27 16:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PC Utility Kit

2013-08-28 07:06 - 2013-08-27 08:20 - 00000000 ____D C:\Avenger

2013-08-28 04:42 - 2012-04-29 07:45 - 00000000 ____D C:\WINDOWS\system32\NtmsData

2013-08-28 01:59 - 2011-09-13 11:49 - 00000000 ____D C:\WINDOWS\Registration

2013-08-27 08:24 - 2013-04-29 01:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\FolderTransfer

2013-08-27 08:18 - 2011-09-13 13:41 - 00000000 ____D C:\WINDOWS\ie8updates

2013-08-26 14:26 - 2011-09-16 14:21 - 00064968 ___HC C:\WINDOWS\system32\mlfcache.dat

2013-08-26 11:27 - 2013-06-17 01:00 - 00000000 ____D C:\Documents and Settings\John\Desktop\Colville Live Poetry August 2013

2013-08-25 10:56 - 2013-08-25 10:47 - 00000000 ____D C:\Documents and Settings\John\Application Data\Systweak

2013-08-25 10:50 - 2013-08-25 10:50 - 00000000 ____D C:\Documents and Settings\John\Start Menu\Programs\MyPC Backup

2013-08-24 23:23 - 2013-08-24 23:21 - 00000000 ____D C:\Documents and Settings\John\Application Data\DarkManor

2013-08-24 23:22 - 2013-08-24 12:15 - 00000000 ____D C:\Program Files\Dark Manor - A Hidden Object Mystery

2013-08-24 07:46 - 2013-03-31 12:15 - 00000000 ___RD C:\Program Files\Skype

2013-08-24 07:45 - 2013-08-24 07:45 - 00000000 __SHD C:\Documents and Settings\UpdatusUser\IETldCache

2013-08-23 12:42 - 2013-06-25 10:25 - 00000000 ____D C:\Documents and Settings\John\Desktop\Krissy

2013-08-22 12:08 - 2011-09-16 13:34 - 00000000 ____D C:\Program Files\Paint Shop Pro 6

2013-08-19 20:26 - 2012-06-16 20:01 - 00000000 ____D C:\Documents and Settings\John\Application Data\Elephant Games

2013-08-19 16:56 - 2013-08-19 16:52 - 00000000 ____D C:\Program Files\Phenomenon - Meteorite

2013-08-19 15:47 - 2013-08-19 15:46 - 00000000 ____D C:\Program Files\Grim Tales - Bloody Mary Collectors Edition

2013-08-19 11:13 - 2013-08-10 20:47 - 00000000 ____D C:\Documents and Settings\John\Desktop\Poems 2013

2013-08-19 10:12 - 2013-08-19 10:12 - 00000995 _____ C:\Documents and Settings\John\Desktop\SpiffoSpeaks • Retired Greyhounds Adopted by Famous-Infamous People.url

2013-08-17 21:21 - 2012-08-03 00:04 - 00000000 ____D C:\Documents and Settings\John\Application Data\Orneon

2013-08-17 16:02 - 2011-09-16 12:56 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt

2013-08-17 10:49 - 2013-08-17 10:49 - 00000000 ____D C:\Program Files\Echoes of the Past - The Kingdom of Despair Collectors Edition

2013-08-17 07:28 - 2013-06-18 09:53 - 00000000 ____D C:\Documents and Settings\John\Local Settings\Application Data\SugarSync

2013-08-16 17:59 - 2011-09-16 13:49 - 00000000 ____D C:\WINDOWS\Microsoft.NET

2013-08-16 14:52 - 2013-08-14 23:50 - 00025741 _____ C:\WINDOWS\KB2862772-IE8.log

2013-08-16 14:52 - 2013-07-13 00:17 - 00000000 ____D C:\WINDOWS\system32\MRT

2013-08-16 14:52 - 2011-09-13 23:39 - 00001374 _____ C:\WINDOWS\imsins.BAK

2013-08-16 14:52 - 2011-09-13 12:03 - 00185845 _____ C:\WINDOWS\updspapi.log

2013-08-16 14:47 - 2011-09-16 12:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help

2013-08-16 14:47 - 2011-09-13 13:38 - 75778376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2013-08-16 14:39 - 2011-09-13 23:39 - 00661410 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2013-08-16 14:36 - 2013-08-14 23:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$

2013-08-16 14:36 - 2013-08-14 08:04 - 00018703 _____ C:\WINDOWS\KB2850869.log

2013-08-16 14:35 - 2013-08-14 23:37 - 00010654 _____ C:\WINDOWS\KB2863058.log

2013-08-16 14:35 - 2013-08-14 23:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$

2013-08-16 14:35 - 2013-08-14 23:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$

2013-08-16 14:35 - 2013-08-14 23:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$

2013-08-16 14:35 - 2013-08-14 08:04 - 00021163 _____ C:\WINDOWS\KB2859537.log

2013-08-16 14:35 - 2011-09-13 13:47 - 00033912 _____ C:\WINDOWS\system32\TZLog.log

2013-08-16 11:40 - 2011-09-13 11:55 - 00000000 __SHD C:\Documents and Settings\NetworkService

2013-08-16 11:40 - 2011-09-13 11:55 - 00000000 __SHD C:\Documents and Settings\LocalService

2013-08-16 11:37 - 2013-08-15 11:56 - 00000000 ____D C:\Program Files\Clockwork Tales - Of Glass and Ink Collector's Edition

2013-08-16 07:12 - 2013-08-16 07:12 - 00090112 _____ C:\WINDOWS\Minidump\Mini081613-01.dmp

2013-08-16 07:12 - 2011-10-02 13:41 - 00000000 ____D C:\WINDOWS\Minidump

2013-08-15 19:40 - 2012-07-05 20:30 - 00000000 ____D C:\Documents and Settings\John\Application Data\Artifex Mundi

2013-08-13 11:57 - 2011-10-05 15:29 - 00000465 _____ C:\WINDOWS\nsw.log

2013-08-12 20:57 - 2012-08-05 23:09 - 00000000 ____D C:\Documents and Settings\John\Application Data\ERS Game Studios

2013-08-11 23:25 - 2013-08-11 23:25 - 00000000 ____D C:\Documents and Settings\John\Local Settings\Application Data\WarThunder

2013-08-11 23:25 - 2013-08-11 23:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WarThunder

2013-08-11 20:10 - 2013-08-10 20:47 - 00000000 ____D C:\Documents and Settings\John\Desktop\Stories 2013

2013-08-11 16:24 - 2013-08-11 16:22 - 00000000 ____D C:\Program Files\Haunted Legends - The Bronze Horseman

2013-08-11 15:13 - 2013-08-11 15:11 - 00000000 ____D C:\Program Files\Nightmares from the Deep - The Siren's Call Collector's Edition

2013-08-11 13:57 - 2013-07-13 21:53 - 00000000 ____D C:\Documents and Settings\John\Desktop\Cancer poetry comp

2013-08-11 09:35 - 2013-08-11 09:35 - 00000000 ____D C:\Documents and Settings\John\My Documents\Nearwood CE

2013-08-11 08:49 - 2013-08-11 08:48 - 00000000 ____D C:\Program Files\Nearwood Collector's Edition

 

Files to move or delete:

====================

C:\Documents and Settings\John\jagex_cl_loginapplet_LIVE.dat

C:\Documents and Settings\John\random.dat

C:\DOCUME~1\John\LOCALS~1\Temp\BackupSetup.exe

C:\DOCUME~1\John\LOCALS~1\Temp\bfguni.exe

C:\DOCUME~1\John\LOCALS~1\Temp\MSN1076.exe

C:\DOCUME~1\John\LOCALS~1\Temp\PCPSetup-1-.exe

C:\DOCUME~1\John\LOCALS~1\Temp\uninst1.exe

C:\Windows\Tasks\At1.job

C:\Windows\Tasks\At2.job

C:\Windows\Tasks\At3.job

C:\Windows\Tasks\At4.job

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== End Of Log ============================

Link to post
Share on other sites

  • Staff

Hello cooldragon

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites

Morning,Gringo... JRT wouldn't run properly on my PC. Here is the log for ADW Cleaner:

 

 

 

# AdwCleaner v3.003 - Report created 11/09/2013 at 07:24:59
# Updated 07/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : John - JOHNSPC
# Running from : C:\Documents and Settings\John\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : BrowserDefendert
Service Deleted : DefaultTabSearch
Service Deleted : DefaultTabUpdate
[#] Service Deleted : Update lucky leap
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
[!] Folder Deleted : C:\Documents and Settings\All Users\Application Data\BrowserDefender
Folder Deleted : C:\Documents and Settings\All Users\Application Data\IBUpdaterService
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\jZip
Folder Deleted : C:\Program Files\DefaultTab
Folder Deleted : C:\Program Files\jZip
Folder Deleted : C:\Program Files\lucky leap
Folder Deleted : C:\Documents and Settings\John\IECompatCache
Folder Deleted : C:\Documents and Settings\John\Local Settings\Application Data\iac
Folder Deleted : C:\Documents and Settings\John\Local Settings\Application Data\jZip
Folder Deleted : C:\Documents and Settings\John\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\John\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\John\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\John\Application Data\PerformerSoft
Folder Deleted : C:\Documents and Settings\John\Application Data\SpeedMaxPc
Folder Deleted : C:\Documents and Settings\John\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\John\Start Menu\Programs\BrowserDefender
Folder Deleted : C:\Documents and Settings\John\Start Menu\Programs\MyPC Backup 
[!] Folder Deleted : C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj
[!] Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
[!] Folder Deleted : C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
File Deleted : C:\END
File Deleted : C:\WINDOWS\system32\roboot.exe
File Deleted : C:\Documents and Settings\John\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\WINDOWS\Tasks\EPUpdater.job
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [backup.old.Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\FTDownloader
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\e28bdfb13fef41
Key Deleted : HKLM\SOFTWARE\e28bdfb13fef41
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C3C45C5F-2F1B-4012-A854-F89DC99F2335}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{84DC9F6C-C9A5-4C64-AB67-D6EF60F963C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{84DC9F6C-C9A5-4C64-AB67-D6EF60F963C8}
Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\lucky leap
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SpeedMaxPC
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\jZip
Key Deleted : HKLM\Software\SearchquSRTB
Key Deleted : HKLM\Software\SpeedMaxPC
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lucky leap
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\jZip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\lucky leap
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs]
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [14729 octets] - [11/09/2013 07:23:17]
AdwCleaner[s0].txt - [14804 octets] - [11/09/2013 07:24:59]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [14865 octets] ##########
Link to post
Share on other sites

  • Staff

Hello cooldragon

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
Link to post
Share on other sites

Hello cooldragon

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo

 

My PC is running slower now....
 
**
 
ComboFix 13-09-10.03 - John 09/12/2013   9:06.14.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3519.2957 [GMT 12:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-11 to 2013-09-11  )))))))))))))))))))))))))))))))
.
.
2013-09-11 20:52 . 2013-09-11 20:52 -------- d-sh--w- c:\documents and settings\John\IECompatCache
2013-09-11 10:01 . 2013-09-11 10:01 -------- d-----w- c:\documents and settings\John\Application Data\Big Fish Games
2013-09-10 19:21 . 2013-09-10 19:25 -------- d-----w- C:\AdwCleaner
2013-09-10 05:53 . 2013-09-10 05:53 -------- d-----w- C:\FRST
2013-09-10 00:26 . 2013-09-10 00:26 -------- d-----w- c:\documents and settings\John\Application Data\calibre
2013-09-10 00:25 . 2013-09-10 00:25 -------- d-----w- c:\documents and settings\John\Application Data\Anicesoft
2013-09-10 00:25 . 2013-09-10 00:25 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\avgchrome
2013-09-10 00:23 . 2013-09-10 00:23 -------- d-----w- c:\windows\system32\Extensions
2013-09-10 00:23 . 2013-09-10 00:23 -------- d-----w- c:\windows\system32\searchplugins
2013-09-10 00:22 . 2013-09-10 00:22 -------- d-----w- c:\program files\AniceSoft
2013-09-10 00:14 . 2013-09-10 00:14 392024 ----a-w- c:\program files\SoftonicDownloader_for_convert-pdf-to-epub.exe
2013-09-10 00:05 . 2013-09-10 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2013-09-10 00:04 . 2013-09-10 00:08 -------- d-----w- c:\program files\Common Files\AVSMedia
2013-09-10 00:04 . 2013-09-10 00:08 -------- d-----w- c:\program files\AVS4YOU
2013-09-10 00:04 . 2010-07-21 02:31 24576 ----a-w- c:\windows\system32\msxml3a.dll
2013-09-10 00:02 . 2013-09-10 00:04 30433416 ----a-w- c:\program files\AVSDocumentConverter.exe
2013-09-06 04:21 . 2013-09-06 04:21 -------- d-----w- c:\program files\Dropbox
2013-09-05 21:02 . 2013-09-05 21:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2013-09-05 21:02 . 2013-09-05 21:02 -------- d-----w- c:\program files\PDF to ePub Converter
2013-09-04 21:29 . 2013-09-04 21:32 -------- d-----w- c:\program files\Mystery Case Files - Escape from Ravenhearst Collector's Edition
2013-09-01 09:38 . 2013-09-01 09:40 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\gtk-2.0
2013-09-01 09:38 . 2013-09-01 09:38 -------- d-----w- c:\documents and settings\John\.thumbnails
2013-09-01 09:36 . 2013-09-01 09:43 -------- d-----w- c:\documents and settings\John\.gimp-2.8
2013-09-01 09:35 . 2013-09-01 09:35 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\gegl-0.2
2013-09-01 09:32 . 2013-09-01 09:35 -------- d-----w- c:\program files\GIMP 2
2013-09-01 09:26 . 2013-09-01 09:31 90139696 ----a-w- c:\program files\gimp-2.8.6-setup.exe
2013-09-01 09:21 . 2013-09-01 09:21 -------- d-----w- c:\program files\FramePhotoEditor
2013-08-31 20:04 . 2013-08-31 20:05 -------- d-----w- c:\program files\Fearful Tales - Hansel and Gretel Collectors Edition
2013-08-24 11:21 . 2013-08-24 11:23 -------- d-----w- c:\documents and settings\John\Application Data\DarkManor
2013-08-24 00:15 . 2013-08-24 11:22 -------- d-----w- c:\program files\Dark Manor - A Hidden Object Mystery
2013-08-23 19:45 . 2013-08-23 19:45 -------- d-sh--w- c:\documents and settings\UpdatusUser\IETldCache
2013-08-19 04:52 . 2013-08-19 04:56 -------- d-----w- c:\program files\Phenomenon - Meteorite
2013-08-19 03:46 . 2013-08-19 03:47 -------- d-----w- c:\program files\Grim Tales - Bloody Mary Collectors Edition
2013-08-16 22:49 . 2013-08-16 22:49 -------- d-----w- c:\program files\Echoes of the Past - The Kingdom of Despair Collectors Edition
2013-08-15 23:40 . 2013-08-15 23:40 -------- d-----w- c:\windows\system32\wbem\Repository
2013-08-14 23:56 . 2013-08-15 23:37 -------- d-----w- c:\program files\Clockwork Tales - Of Glass and Ink Collector's Edition
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-11 06:58 . 2013-04-27 05:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-11 06:58 . 2013-04-27 05:59 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-05 19:22 . 2013-02-24 21:49 88840 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-09-05 19:22 . 2013-02-24 21:49 136672 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-08-03 02:18 . 2006-10-18 08:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-26 02:47 . 2003-03-31 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47 . 2003-03-31 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52 . 2011-09-13 00:05 385024 ------w- c:\windows\system32\html.iec
2013-07-10 11:25 . 2013-07-10 10:14 808970536 ----a-w- c:\program files\Lightroom_4_LS11_win_4_3.exe
2013-07-10 10:37 . 2003-03-31 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 02:59 . 2003-03-31 12:00 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2002-08-29 01:04 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-20 07:35 . 2013-06-20 07:35 2013672 ----a-w- c:\program files\DriverManager.exe
2013-06-17 21:52 . 2013-06-17 21:51 20909312 ----a-w- c:\program files\SugarSyncSetup.exe
2013-05-26 23:27 . 2013-05-26 23:22 56512440 ----a-w- c:\program files\psp800ev.exe
2013-05-04 20:11 . 2013-05-04 20:08 34111016 ----a-w- c:\program files\Dropbox 2.0.8.exe
2013-04-27 22:57 . 2013-04-27 22:57 4987488 ----a-w- c:\program files\SumatraPDF-2.2.1-install.exe
2013-04-26 23:53 . 2013-04-26 23:53 4419192 ----a-w- c:\program files\SumatraPDF-2.1.1-install.exe
2012-11-19 23:51 . 2012-11-19 23:38 145320240 ----a-w- c:\program files\PSPX5_TBYB30.exe
2012-05-08 09:56 . 2012-05-08 09:34 295206264 ----a-w- c:\program files\PSPX4_TBYB30EN.exe
2012-04-23 07:39 . 2012-04-23 07:39 6674008 ----a-w- c:\program files\Shockwave_Installer_Slim.exe
2012-02-16 06:29 . 2012-02-16 06:25 85868856 ----a-w- c:\program files\cfw_installer.exe
2012-02-16 03:09 . 2012-02-16 03:09 944264 ----a-w- c:\program files\SkypeSetup.exe
2011-12-23 16:41 . 2011-12-23 16:42 24334368 ----a-w- c:\program files\KindleForPC-installer (1).exe
2011-12-23 16:41 . 2011-12-23 16:40 24334368 ----a-w- c:\program files\KindleForPC-installer.exe
2011-10-15 07:36 . 2011-10-15 07:37 300408 ----a-w- c:\program files\SoftonicDownloader_for_photofiltre.exe
2011-10-02 09:21 . 2011-10-02 09:21 604488 ----a-w- c:\program files\GoogleEarthSetup.exe
2008-10-11 03:03 . 2013-07-02 02:22 24576 ----a-w- c:\program files\memtest.exe
2004-03-17 04:13 . 2004-03-17 04:13 1028368 ----a-w- c:\program files\vbrun60sp6.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 130736 ----a-w- c:\documents and settings\John\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 130736 ----a-w- c:\documents and settings\John\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 130736 ----a-w- c:\documents and settings\John\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 130736 ----a-w- c:\documents and settings\John\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2013-01-30 01:12 159488 ----a-w- c:\windows\system32\SSCbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 04:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 04:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 04:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 04:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 04:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 04:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2013-06-26 17:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2013-06-26 17:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{39D54CC2-69CF-43b4-B167-577D25E7F496}"
[HKEY_CLASSES_ROOT\CLSID\{39D54CC2-69CF-43b4-B167-577D25E7F496}]
2013-06-26 17:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2013-06-26 17:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncSharedPending]
@="{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}"
[HKEY_CLASSES_ROOT\CLSID\{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}]
2013-06-26 17:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-20 19875432]
"Facebook Update"="c:\documents and settings\John\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2013-05-11 138096]
"SugarSync"="c:\program files\SugarSync\SugarSync.exe" [2013-06-26 12419424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-08-09 20055144]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-02 319488]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-24 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-09-05 347192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-01-31 15517472]
"NvMediaCenter"="NvMCTray.dll" [2013-01-31 108832]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-01-31 1982312]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 196608]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
.
c:\documents and settings\John\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\John\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-4-25 28499304]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
OneNote Table Of Contents.onetoc2 [2013-6-4 3656]
World Clock 2001.LNK - c:\program files\Zada Solutions\World Clock\zsWldClk.exe [2000-8-23 684032]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-6 272248]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\system32\SSCbFsMntNtf3.dll" [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator"= {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\system32\SSCbFsMntNtf3.dll [2013-01-30 159488]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Documents and Settings\\John\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Documents and Settings\\John\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\John\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:War Thunder
"20010:UDP"= 20010:UDP:War Thunder
"3478:UDP"= 3478:UDP:War Thunder
"7850:TCP"= 7850:TCP:War Thunder
"27022:TCP"= 27022:TCP:War Thunder
"6881:TCP"= 6881:TCP:War Thunder
"33333:TCP"= 33333:TCP:War Thunder
"20443:TCP"= 20443:TCP:War Thunder
"8090:TCP"= 8090:TCP:War Thunder
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2/25/2013 9:49 AM 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/25/2013 9:49 AM 84024]
R3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\drivers\CamSuiteVAC.sys [9/21/2011 12:29 PM 37560]
R3 SSCBFS3;SugarSync CallBack File System driver v3;c:\windows\system32\drivers\sscbfs3.sys [6/18/2013 9:53 AM 295936]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [8/14/2013 11:10 AM 3291008]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/21/2013 9:53 AM 162408]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/13/2011 1:06 PM 1691480]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2/6/2013 3:48 AM 235216]
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-27 06:58]
.
2013-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 05:57]
.
2013-09-10 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16 09:12]
.
2013-09-11 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16 09:12]
.
2013-09-11 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16 09:12]
.
2013-09-11 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16 09:12]
.
2013-09-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004Core.job
- c:\documents and settings\John\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-05-11 06:26]
.
2013-09-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004UA.job
- c:\documents and settings\John\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-05-11 06:26]
.
2013-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-02 09:21]
.
2013-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-02 09:21]
.
2013-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004Core.job
- c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-19 20:21]
.
2013-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004UA.job
- c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-19 20:21]
.
.
------- Supplementary Scan -------
.
mStart Page = 
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-UpdateMyDrivers - c:\program files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe
HKLM-Run-FolderTransfer - c:\program files\FolderTransfer\FolderTransfer.exe
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files\Coupons\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-12 09:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Completion time: 2013-09-12  10:01:38
ComboFix-quarantined-files.txt  2013-09-11 22:01
.
Pre-Run: 413,600,993,280 bytes free
Post-Run: 415,403,089,920 bytes free
.
- - End Of File - - 909BD1936D81534BE6CF4F46463A218A
8F558EB6672622401DA993E1E865C861
Link to post
Share on other sites

  • Staff

Hello cooldragon

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
Link to post
Share on other sites

ComboFix 13-09-10.03 - John 09/13/2013 11:38:14.15.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3519.2903 [GMT 12:00]

Running from: c:\documents and settings\John\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\John\Desktop\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

.

.

((((((((((((((((((((((((( Files Created from 2013-08-12 to 2013-09-12 )))))))))))))))))))))))))))))))

.

.

2013-09-11 20:52 . 2013-09-11 20:52 -------- d-sh--w- c:\documents and settings\John\IECompatCache

2013-09-11 10:01 . 2013-09-11 10:01 -------- d-----w- c:\documents and settings\John\Application Data\Big Fish Games

2013-09-10 19:21 . 2013-09-10 19:25 -------- d-----w- C:\AdwCleaner

2013-09-10 05:53 . 2013-09-10 05:53 -------- d-----w- C:\FRST

2013-09-10 00:26 . 2013-09-10 00:26 -------- d-----w- c:\documents and settings\John\Application Data\calibre

2013-09-10 00:25 . 2013-09-10 00:25 -------- d-----w- c:\documents and settings\John\Application Data\Anicesoft

2013-09-10 00:25 . 2013-09-10 00:25 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\avgchrome

2013-09-10 00:23 . 2013-09-10 00:23 -------- d-----w- c:\windows\system32\Extensions

2013-09-10 00:23 . 2013-09-10 00:23 -------- d-----w- c:\windows\system32\searchplugins

2013-09-10 00:22 . 2013-09-10 00:22 -------- d-----w- c:\program files\AniceSoft

2013-09-10 00:14 . 2013-09-10 00:14 392024 ----a-w- c:\program files\SoftonicDownloader_for_convert-pdf-to-epub.exe

2013-09-10 00:05 . 2013-09-10 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU

2013-09-10 00:04 . 2013-09-10 00:08 -------- d-----w- c:\program files\Common Files\AVSMedia

2013-09-10 00:04 . 2013-09-10 00:08 -------- d-----w- c:\program files\AVS4YOU

2013-09-10 00:04 . 2010-07-21 02:31 24576 ----a-w- c:\windows\system32\msxml3a.dll

2013-09-10 00:02 . 2013-09-10 00:04 30433416 ----a-w- c:\program files\AVSDocumentConverter.exe

2013-09-06 04:21 . 2013-09-06 04:21 -------- d-----w- c:\program files\Dropbox

2013-09-05 21:02 . 2013-09-05 21:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2013-09-05 21:02 . 2013-09-05 21:02 -------- d-----w- c:\program files\PDF to ePub Converter

2013-09-04 21:29 . 2013-09-04 21:32 -------- d-----w- c:\program files\Mystery Case Files - Escape from Ravenhearst Collector's Edition

2013-09-01 09:38 . 2013-09-01 09:40 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\gtk-2.0

2013-09-01 09:38 . 2013-09-01 09:38 -------- d-----w- c:\documents and settings\John\.thumbnails

2013-09-01 09:36 . 2013-09-01 09:43 -------- d-----w- c:\documents and settings\John\.gimp-2.8

2013-09-01 09:35 . 2013-09-01 09:35 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\gegl-0.2

2013-09-01 09:32 . 2013-09-01 09:35 -------- d-----w- c:\program files\GIMP 2

2013-09-01 09:26 . 2013-09-01 09:31 90139696 ----a-w- c:\program files\gimp-2.8.6-setup.exe

2013-09-01 09:21 . 2013-09-01 09:21 -------- d-----w- c:\program files\FramePhotoEditor

2013-08-31 20:04 . 2013-08-31 20:05 -------- d-----w- c:\program files\Fearful Tales - Hansel and Gretel Collectors Edition

2013-08-24 11:21 . 2013-08-24 11:23 -------- d-----w- c:\documents and settings\John\Application Data\DarkManor

2013-08-24 00:15 . 2013-08-24 11:22 -------- d-----w- c:\program files\Dark Manor - A Hidden Object Mystery

2013-08-23 19:45 . 2013-08-23 19:45 -------- d-sh--w- c:\documents and settings\UpdatusUser\IETldCache

2013-08-19 04:52 . 2013-08-19 04:56 -------- d-----w- c:\program files\Phenomenon - Meteorite

2013-08-19 03:46 . 2013-08-19 03:47 -------- d-----w- c:\program files\Grim Tales - Bloody Mary Collectors Edition

2013-08-16 22:49 . 2013-08-16 22:49 -------- d-----w- c:\program files\Echoes of the Past - The Kingdom of Despair Collectors Edition

2013-08-15 23:40 . 2013-08-15 23:40 -------- d-----w- c:\windows\system32\wbem\Repository

2013-08-14 23:56 . 2013-08-15 23:37 -------- d-----w- c:\program files\Clockwork Tales - Of Glass and Ink Collector's Edition

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-11 06:58 . 2013-04-27 05:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-09-11 06:58 . 2013-04-27 05:59 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-09-05 19:22 . 2013-02-24 21:49 88840 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2013-09-05 19:22 . 2013-02-24 21:49 136672 ----a-w- c:\windows\system32\drivers\avipbb.sys

2013-08-09 01:56 . 2003-03-31 12:00 386560 ----a-w- c:\windows\system32\themeui.dll

2013-08-08 06:05 . 2003-03-31 12:00 920064 ----a-w- c:\windows\system32\wininet.dll

2013-08-08 06:05 . 2003-03-31 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2013-08-08 06:05 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-08-08 06:05 . 2003-03-31 12:00 18944 ----a-w- c:\windows\system32\corpol.dll

2013-08-08 01:27 . 2003-03-31 12:00 1877760 ----a-w- c:\windows\system32\win32k.sys

2013-08-08 00:02 . 2011-09-13 00:05 385024 ------w- c:\windows\system32\html.iec

2013-08-05 13:30 . 2003-03-31 12:00 1289728 ----a-w- c:\windows\system32\ole32.dll

2013-08-03 02:18 . 2006-10-18 08:47 1543680 ------w- c:\windows\system32\wmvdecod.dll

2013-07-10 11:25 . 2013-07-10 10:14 808970536 ----a-w- c:\program files\Lightroom_4_LS11_win_4_3.exe

2013-07-10 10:37 . 2003-03-31 12:00 406016 ----a-w- c:\windows\system32\usp10.dll

2013-07-04 02:59 . 2003-03-31 12:00 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-07-04 02:08 . 2002-08-29 01:04 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-06-20 07:35 . 2013-06-20 07:35 2013672 ----a-w- c:\program files\DriverManager.exe

2013-06-17 21:52 . 2013-06-17 21:51 20909312 ----a-w- c:\program files\SugarSyncSetup.exe

2013-05-26 23:27 . 2013-05-26 23:22 56512440 ----a-w- c:\program files\psp800ev.exe

2013-05-04 20:11 . 2013-05-04 20:08 34111016 ----a-w- c:\program files\Dropbox 2.0.8.exe

2013-04-27 22:57 . 2013-04-27 22:57 4987488 ----a-w- c:\program files\SumatraPDF-2.2.1-install.exe

2013-04-26 23:53 . 2013-04-26 23:53 4419192 ----a-w- c:\program files\SumatraPDF-2.1.1-install.exe

2012-11-19 23:51 . 2012-11-19 23:38 145320240 ----a-w- c:\program files\PSPX5_TBYB30.exe

2012-05-08 09:56 . 2012-05-08 09:34 295206264 ----a-w- c:\program files\PSPX4_TBYB30EN.exe

2012-04-23 07:39 . 2012-04-23 07:39 6674008 ----a-w- c:\program files\Shockwave_Installer_Slim.exe

2012-02-16 06:29 . 2012-02-16 06:25 85868856 ----a-w- c:\program files\cfw_installer.exe

2012-02-16 03:09 . 2012-02-16 03:09 944264 ----a-w- c:\program files\SkypeSetup.exe

2011-12-23 16:41 . 2011-12-23 16:42 24334368 ----a-w- c:\program files\KindleForPC-installer (1).exe

2011-12-23 16:41 . 2011-12-23 16:40 24334368 ----a-w- c:\program files\KindleForPC-installer.exe

2011-10-15 07:36 . 2011-10-15 07:37 300408 ----a-w- c:\program files\SoftonicDownloader_for_photofiltre.exe

2011-10-02 09:21 . 2011-10-02 09:21 604488 ----a-w- c:\program files\GoogleEarthSetup.exe

2008-10-11 03:03 . 2013-07-02 02:22 24576 ----a-w- c:\program files\memtest.exe

2004-03-17 04:13 . 2004-03-17 04:13 1028368 ----a-w- c:\program files\vbrun60sp6.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 130736 ----a-w- c:\documents and settings\John\Application Data\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 130736 ----a-w- c:\documents and settings\John\Application Data\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 130736 ----a-w- c:\documents and settings\John\Application Data\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 130736 ----a-w- c:\documents and settings\John\Application Data\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]

@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"

[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]

2013-01-30 01:12 159488 ----a-w- c:\windows\system32\SSCbFsMntNtf3.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-06-27 04:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-27 04:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-27 04:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-06-27 04:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-06-27 04:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-06-27 04:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]

@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"

[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]

2013-06-26 17:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]

@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"

[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]

2013-06-26 17:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]

@="{39D54CC2-69CF-43b4-B167-577D25E7F496}"

[HKEY_CLASSES_ROOT\CLSID\{39D54CC2-69CF-43b4-B167-577D25E7F496}]

2013-06-26 17:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]

@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"

[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]

2013-06-26 17:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncSharedPending]

@="{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}"

[HKEY_CLASSES_ROOT\CLSID\{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}]

2013-06-26 17:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-20 19875432]

"Facebook Update"="c:\documents and settings\John\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2013-05-11 138096]

"SugarSync"="c:\program files\SugarSync\SugarSync.exe" [2013-06-26 12419424]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2011-08-09 20055144]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-02 319488]

"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-24 421888]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-09-05 347192]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-01-31 15517472]

"NvMediaCenter"="NvMCTray.dll" [2013-01-31 108832]

"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-01-31 1982312]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 196608]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]

.

c:\documents and settings\John\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\John\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-4-25 28499304]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

OneNote Table Of Contents.onetoc2 [2013-6-4 3656]

World Clock 2001.LNK - c:\program files\Zada Solutions\World Clock\zsWldClk.exe [2000-8-23 684032]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-6 272248]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\system32\SSCbFsMntNtf3.dll" [2013-01-30 159488]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"EldosMountNotificator"= {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\system32\SSCbFsMntNtf3.dll [2013-01-30 159488]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=

"c:\\Documents and Settings\\John\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=

"c:\\Documents and Settings\\John\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Documents and Settings\\John\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"443:TCP"= 443:TCP:War Thunder

"20010:UDP"= 20010:UDP:War Thunder

"3478:UDP"= 3478:UDP:War Thunder

"7850:TCP"= 7850:TCP:War Thunder

"27022:TCP"= 27022:TCP:War Thunder

"6881:TCP"= 6881:TCP:War Thunder

"33333:TCP"= 33333:TCP:War Thunder

"20443:TCP"= 20443:TCP:War Thunder

"8090:TCP"= 8090:TCP:War Thunder

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2/25/2013 9:49 AM 37352]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/25/2013 9:49 AM 84024]

R3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\drivers\CamSuiteVAC.sys [9/21/2011 12:29 PM 37560]

R3 SSCBFS3;SugarSync CallBack File System driver v3;c:\windows\system32\drivers\sscbfs3.sys [6/18/2013 9:53 AM 295936]

S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [8/14/2013 11:10 AM 3291008]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/21/2013 9:53 AM 162408]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/13/2011 1:06 PM 1691480]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2/6/2013 3:48 AM 235216]

.

Contents of the 'Scheduled Tasks' folder

.

2013-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-27 06:58]

.

2013-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 05:57]

.

2013-09-12 c:\windows\Tasks\At1.job

- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16 09:12]

.

2013-09-12 c:\windows\Tasks\At2.job

- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16 09:12]

.

2013-09-12 c:\windows\Tasks\At3.job

- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16 09:12]

.

2013-09-12 c:\windows\Tasks\At4.job

- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16 09:12]

.

2013-09-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004Core.job

- c:\documents and settings\John\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-05-11 06:26]

.

2013-09-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004UA.job

- c:\documents and settings\John\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-05-11 06:26]

.

2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-02 09:21]

.

2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-02 09:21]

.

2013-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004Core.job

- c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-19 20:21]

.

2013-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004UA.job

- c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-19 20:21]

.

.

------- Supplementary Scan -------

.

mStart Page =

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-09-13 11:51

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

Completion time: 2013-09-13 11:54:12

ComboFix-quarantined-files.txt 2013-09-12 23:53

ComboFix2.txt 2013-09-11 22:01

.

Pre-Run: 414,732,419,072 bytes free

Post-Run: 414,722,703,360 bytes free

.

- - End Of File - - 37B9AF2F4DF8398DF1D74F2EDB8F31A1

8F558EB6672622401DA993E1E865C861

Link to post
Share on other sites

  • Staff

Hello cooldragon

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo

Link to post
Share on other sites

Hello cooldragon

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo

 

Adobe AIR
Adobe Flash Player 11 ActiveX
Amazon Kindle
Apple Application Support
Apple Software Update
Avanquest update
Avira Free Antivirus
Belarc Advisor 8.3
Big Fish: Game Manager
Convert PDF to EPUB 1.6.8
Corel PaintShop Pro X5
CrazyTalk Cam Suite PRO
Dark Manor: A Hidden Object Mystery
Doom 3
Dropbox
Dropsend Direct beta version 4.0.3
Duke Nukem - Manhattan Project
Echoes of the Past: The Kingdom of Despair Collector's Edition
Eye 312
Facebook Video Calling 1.2.0.287
Fearful Tales: Hansel and Gretel Collector's Edition
Final Cut: Encore Collector's Edition
FinePixViewer Ver.4.2
Free Mp3 Wma Converter V 2.2
FUJIFILM MyFinePix Studio 1.0
FUJIFILM USB Driver
GIMP 2.8.6
Google Chrome
Google Drive
Google Earth
Google Talk Plugin
Google Update Helper
Grim Tales: Bloody Mary Collector's Edition
Haunted Legends: The Bronze Horseman
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Deskjet 1050 J410 series Product Improvement Study
HP Photo Creations
HP Update
HPDiagnosticAlert
ICA
ImageMixer VCD2 for FinePix
IPM_PSP_COM
Jasc Paint Shop Pro 8
Java 7 Update 25
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Publisher 2000 SR-1
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MicroStaff WINASPI
Motor Town: Soul of the Machine
Motorola Phone Tools
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files®: Escape from Ravenhearst™ Collector's Edition
Nearwood Collector's Edition
Nightmares from the Deep: The Siren's Call Collector's Edition
NVIDIA Control Panel 307.83
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
NVIDIA nView 136.53
NVIDIA nView Desktop Manager
NVIDIA Update 1.10.8
NVIDIA Update Components
Ocean Express
Paint Shop Pro 6 Digital Camera Support
Paint Shop Pro 6.0 (CD-ROM)
PDF to ePub Converter 3.0.6
Personal Ancestral File 5
Phenomenon: Meteorite
PhotoFiltre
PSPPContent
PSPPHelp
Quake 4
QuickTime
RAW FILE CONVERTER LE
Realtek High Definition Audio Driver
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition 
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
Setup
Skype Click to Call
Skype™ 6.6
SugarSync
SumatraPDF 2.3.2
swMSM
The Chronicles of Riddick - Assault on Dark Athena
Total Immersion D'Fusion Web Plugin
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vacation Quest: Australia
VLC media player 2.0.5
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
World Clock 2001
Link to post
Share on other sites

  • Staff

Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner

    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. default settings are fine
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.09.13.11

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

John :: JOHNSPC [administrator]

 

9/14/2013 1:49:52 PM

mbam-log-2013-09-14 (13-49-52).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 241001

Time elapsed: 20 minute(s), 13 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 9

HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

HKCR\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

HKCR\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 4

C:\Documents and Settings\John\My Documents\Downloads\installer_ccleaner_English.exe (PUP.Optional.VIT) -> Quarantined and deleted successfully.

C:\Program Files\SoftonicDownloader_for_convert-pdf-to-epub.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.

C:\Documents and Settings\John\Local Settings\temp\1379122974itinstallerp.exe (PUP.Optional.VIT) -> Quarantined and deleted successfully.

C:\Documents and Settings\John\Local Settings\temp\instloffer.exe (PUP.Optional.VIT.A) -> Quarantined and deleted successfully.

 

(end)
Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:29:03 PM, on 9/14/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\PixArt\PAC7302\Monitor.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\SugarSync\SugarSync.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Documents and Settings\John\Desktop\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\John\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [sugarSync] "C:\Program Files\SugarSync\SugarSync.exe" -startInTray -usedelay=true

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Dropbox.lnk = C:\Documents and Settings\John\Application Data\Dropbox\bin\Dropbox.exe

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: OneNote Table Of Contents.onetoc2

O4 - Startup: World Clock 2001.LNK = C:\Program Files\Zada Solutions\World Clock\zsWldClk.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe






O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349666813921

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} (CDFusionActiveXCtl Object) - http://www.ologyworld.com/AR/plugin/DFusionHomeWebPlugIn.Installer.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O21 - SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\WINDOWS\system32\SSCbFsMntNtf3.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\WINDOWS\system32\SSCbFsMntNtf3.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

 

--

End of file - 9528 bytes
Link to post
Share on other sites

  • Staff

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional

These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):
    • O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

      O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe

      O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

      O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

      O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

      O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet

      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

      O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

      O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\John\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

      O4 - HKCU\..\Run: [sugarSync] "C:\Program Files\SugarSync\SugarSync.exe" -startInTray -usedelay=true

      O4 - Startup: Dropbox.lnk = C:\Documents and Settings\John\Application Data\Dropbox\bin\Dropbox.exe

      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

      O4 - Startup: OneNote Table Of Contents.onetoc2

      O4 - Startup: World Clock 2001.LNK = C:\Program Files\Zada Solutions\World Clock\zsWldClk.exe

      O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    • NOTE**You can research each of those lines >here< and see if you want to keep them or not

      just copy the name between the brackets and paste into the search space

      O4 - HKLM\..\Run: [IntelliPoint]

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here
Gringo
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.