Jump to content

Can't start Malwarebytes due to software permission issue


atx
 Share

Recommended Posts

Hi,

I am unable to run Malwarebytes Anti-Malware (or avast! anti-virus). I get a pop up telling me that "Windows cannot open this program because it has been prevented by a software restriction policy."

Computer is XP Pro SP3

I have admin permissions, should not have any permission issues.

Not sure how to proceed, any help would be greatly appreciated.

dds.txt:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.7.0_25

Run by Zach at 10:27:09 on 2013-10-14

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2106 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ================

.

C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Application Updater\ApplicationUpdater.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

C:\WINDOWS\system32\CSHelper.exe

C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe

C:\WINDOWS\system32\UTSCSI.EXE

C:\WINDOWS\System32\alg.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\WINDOWS\Explorer.EXE

C:\program files\itunes\ituneshelper.exe

C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe

C:\Program Files\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\Opera\opera.exe

C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k LocalService

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\7.6\iobitappsToolbarIE.dll

BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\7.6\iobitappsToolbarIE.dll

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - <orphaned>

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced systemcare 6\browerprotect\ASCPlugin_Protection.dll

BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {D5233FCD-D258-4903-89B8-FB1568E7413D} -

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\7.6\iobitappsToolbarIE.dll

EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} -

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart

uRun: [spotify Web Helper] "c:\program files\spotify\data\SpotifyWebHelper.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [iTunesHelper] c:\program files\itunes\ituneshelper.exe

mRun: [Adobe Acrobat Speed Launcher] c:\program files\adobe\acrobat 9.0\acrobat\acrobat_sl.exe

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [searchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"

mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

StartupFolder: c:\docume~1\zach\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\zach\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\zach\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:255

uPolicies-Explorer: _NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoWelcomeScreen = dword:1

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} -

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - c:\program files\smartwhois\swmsie.exe

IE: {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - c:\program files\smartwhois\swmsie.exe

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{AB598B63-2B22-4972-9186-CE0D108A0D23} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{C092A89C-E2E2-4B52-97CC-C30899752BAA} : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: AtiExtEvent - <no file>

AppInit_DLLs= acaptuser32.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\zach\application data\mozilla\firefox\profiles\m07w8cxa.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - component: c:\program files\iobit apps toolbar\ff\components\iobitappsFF.dll

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll

FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll

FF - plugin: c:\program files\iobit\advanced systemcare 6\browerprotect\np_Asc_plugin.dll

FF - plugin: c:\program files\iobit\advanced systemcare 6\browerprotect\NPASCSafariPluginProtect.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll

FF - ExtSQL: 2013-09-04 10:03; {badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}; c:\documents and settings\zach\application data\mozilla\firefox\profiles\m07w8cxa.default\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}

FF - ExtSQL: 2013-09-13 08:11; ascsurfingprotection@iobit.com; c:\documents and settings\zach\application data\mozilla\firefox\profiles\m07w8cxa.default\extensions\ascsurfingprotection@iobit.com

FF - ExtSQL: !HIDDEN! 2009-09-02 12:26; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: browser.xul.error_pages.enabled - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.maxtextrun - 8191

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: content.max.tokenizing.time - 2250000

.

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-16 217032]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2013-4-3 14776]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-17 729752]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-4 355632]

R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2013-3-12 574272]

R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2013-9-2 807800]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-4 21256]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-6-16 112592]

R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-1-14 266240]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-2-6 13672]

R2 MSSQL$ACT7;MSSQL$ACT7;c:\program files\microsoft sql server\mssql$act7\binn\sqlservr.exe -sact7 --> c:\program files\microsoft sql server\mssql$act7\binn\sqlservr.exe -sACT7 [?]

R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]

R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2009-2-23 20504]

S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2009-8-26 53248]

S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-4 44808]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [2009-8-26 472644]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-6-16 366840]

S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-6-16 1142224]

S3 SQLAgent$ACT7;SQLAgent$ACT7;c:\program files\microsoft sql server\mssql$act7\binn\sqlagent.exe -i act7 --> c:\program files\microsoft sql server\mssql$act7\binn\sqlagent.EXE -i ACT7 [?]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-8-5 11520]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2007-7-27 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]

.

=============== File Associations ===============

.

.txt: <filetype is not registered>

.js: <filetype is not registered>

.

=============== Created Last 30 ================

.

2013-10-13 20:32:09 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2013-10-11 20:37:25 17813896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2013-10-10 15:19:59 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys

2013-10-10 15:17:54 46848 -c----w- c:\windows\system32\dllcache\irbus.sys

2013-10-10 15:17:54 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys

2013-10-10 15:16:26 5376 -c----w- c:\windows\system32\dllcache\usbd.sys

2013-10-10 15:16:26 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys

2013-10-10 15:16:26 144128 -c----w- c:\windows\system32\dllcache\usbport.sys

2013-09-16 18:57:02 -------- d-----w- c:\windows\system32\wbem\repository\FS

2013-09-16 18:57:02 -------- d-----w- c:\windows\system32\wbem\Repository

2013-09-16 18:55:32 -------- d-----w- c:\program files\Application Updater

2013-09-16 18:55:32 -------- d-----w- c:\documents and settings\zach\local settings\application data\Babylon

2013-09-16 18:55:32 -------- d-----w- c:\documents and settings\zach\application data\Search Settings

2013-09-16 18:55:32 -------- d-----w- c:\documents and settings\zach\application data\Babylon

2013-09-16 18:55:32 -------- d-----w- c:\documents and settings\all users\application data\Babylon

2013-09-16 18:55:31 -------- d-----w- c:\program files\common files\Spigot

2013-09-16 18:15:54 -------- d-----w- C:\CTCTOutlook

2013-09-16 18:15:06 -------- d-----w- c:\program files\Constant Contact

.

==================== Find3M ====================

.

2013-10-11 20:37:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-10-11 20:37:29 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-10-07 18:56:36 1786 --sha-w- c:\windows\system32\KGyGaAvL.sys

2013-09-23 18:33:58 920064 ----a-w- c:\windows\system32\wininet.dll

2013-09-23 18:33:57 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-09-23 18:33:57 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-09-23 18:33:56 18944 ----a-w- c:\windows\system32\corpol.dll

2013-09-23 18:06:48 385024 ----a-w- c:\windows\system32\html.iec

2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys

2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll

2013-08-09 00:55:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-08-09 00:55:07 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-08-09 00:55:06 5376 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-08-08 14:25:37 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-08-08 14:25:31 144896 ----a-w- c:\windows\system32\javacpl.cpl

2013-08-08 14:25:29 867240 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll

2013-07-31 20:11:22 810496 ----a-w- c:\windows\system32\wmvdmod.dll

2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\SET132.tmp

2013-07-26 02:47:17 1215488 ----a-w- c:\windows\system32\SET133.tmp

2013-07-26 02:47:17 105984 ----a-w- c:\windows\system32\SET134.tmp

2013-07-26 02:47:16 6017536 ----a-w- c:\windows\system32\SET138.tmp

2013-07-26 02:47:14 630272 ----a-w- c:\windows\system32\SET13A.tmp

2013-07-26 02:47:14 55296 ----a-w- c:\windows\system32\SET139.tmp

2013-07-26 02:47:12 2005504 ----a-w- c:\windows\system32\SET13E.tmp

2013-07-26 02:47:10 11113472 ----a-w- c:\windows\system32\SET140.tmp

2013-07-19 06:18:04 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-07-17 00:58:17 123008 ------w- c:\windows\system32\drivers\usbvideo.sys

2013-07-17 00:58:06 46848 ------w- c:\windows\system32\drivers\irbus.sys

2013-07-17 00:58:03 60160 ----a-w- c:\windows\system32\drivers\usbaudio.sys

.

============= FINISH: 10:28:15.87 ===============

Link to post
Share on other sites

  • Staff

Hello atx

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
Link to post
Share on other sites

Thanks Gringo.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Zach (administrator) on ZACH on 15-10-2013 10:14:34
Running from C:\Documents and Settings\zach\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Spigot, Inc.) C:\Program Files\Application Updater\ApplicationUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Threat Expert Ltd.) C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
() C:\WINDOWS\system32\CSHelper.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Apple Inc.) C:\program files\itunes\ituneshelper.exe
(Spigot, Inc.) C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
(Spotify Ltd) C:\Program Files\Spotify\Data\SpotifyWebHelper.exe
(SonicWALL Inc.) C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
() C:\WINDOWS\system32\UTSCSI.EXE
(Adobe Systems Inc.) C:\PROGRAM FILES\ADOBE\ACROBAT 9.0\ACROBAT\ACROTRAY.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Documents and Settings\zach\Desktop\GMER.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Opera Software) C:\Program Files\Opera\opera.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1982312 2012-12-29] ()
HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [avast] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4282728 2012-08-21] (AVAST Software)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\Run: [Advanced SystemCare 6] - C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)
HKCU\...\Policies\Explorer: [_NoDriveTypeAutoRun] 145
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
MountPoints2: {0086fb02-9e72-11de-ac63-00225f49b3f8} - N:\magicJack\autorun.exe
AppInit_DLLs: acaptuser32.dll [ 2013-05-08] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.digitalmapcentral.com/MemberPages/Login.aspx?ReturnUrl=%2fAccount%2fmcalisterco.aspx
URLSearchHook: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.6\iobitappsToolbarIE.dll (Spigot, Inc.)
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.6\iobitappsToolbarIE.dll (Spigot, Inc.)
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: PC Tools Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~4\BROWER~1\ASCPLU~1.DLL (IObit)
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
Toolbar: HKLM - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.6\iobitappsToolbarIE.dll (Spigot, Inc.)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
Toolbar: HKCU -PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {57B16FC0-47A0-475E-8320-C40F375BB72C} http://metrostudy.com/corpwebsite/SecurityMonitor.CAB
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251269172515
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://mcalister.network-outfitters.com:444/NELX.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mcalisterco.webex.com/client/T27LB/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} http://www.networksolutionsemailpopwizard.com/TrueSwitchEC.exe
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [321464] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 02 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [321464] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 03 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [321464] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 09 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [321464] (PC Tools Research Pty Ltd.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default
FF user.js: detected! => C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default\user.js
FF SelectedSearchEngine: Yahoo
FF Homepage: https://login.digitalmapcentral.com/MemberPages/Login.aspx?ReturnUrl=%2faccount%2fmcalisterco.aspx

FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @IObit.com/np_Asc_Plugin - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\np_Asc_plugin.dll (IObit)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.17 - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.17 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.17 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default\Extensions\ascsurfingprotection@iobit.com
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Address Bar Search - C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
FF Extension: No Name - C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\Alwil Software\Avast5\WebRep\FF

Chrome:
=======


CHR DefaultSearchURL: (Yahoo!) - http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=668083&p={searchTerms}
CHR DefaultSuggestURL: (Yahoo!) - http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle Broadcaster Plugin) - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (TVU Web Player for FireFox) - C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
CHR Extension: (YouTube) - C:\DOCUME~1\zach\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOCUME~1\zach\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: () - C:\DOCUME~1\zach\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0
CHR Extension: (avast! WebRep) - C:\DOCUME~1\zach\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0
CHR Extension: () - C:\DOCUME~1\zach\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0
CHR Extension: () - C:\DOCUME~1\zach\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0
CHR Extension: (Gmail) - C:\DOCUME~1\zach\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR Extension: () - C:\DOCUME~1\zach\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_1780_11668
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx

========================== Services (Whitelisted) =================

S2 ACT! Scheduler; c:\program files\act\act for windows\act.scheduler.exe [53248 2009-08-26] (Sage Software SB, Inc)
R2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
R2 Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [807800 2013-09-02] (Spigot, Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [44808 2012-08-21] (AVAST Software)
R2 Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [112592 2010-01-22] (Threat Expert Ltd.)
R2 CSHelper; C:\WINDOWS\system32\CSHelper.exe [266240 2010-01-14] ()
R2 MSSQL$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe [7544916 2003-05-31] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
S3 sdAuxService; C:\Program Files\Spyware Doctor\pctsAuxs.exe [366840 2010-03-11] (PC Tools)
S3 sdCoreService; C:\Program Files\Spyware Doctor\pctsSvc.exe [1142224 2010-03-15] (PC Tools)
R2 SONICWALL_NetExtender; C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe [304976 2009-03-25] (SonicWALL Inc.)
S3 SQLAgent$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 UTSCSI; C:\WINDOWS\system32\UTSCSI.EXE [45056 2010-04-15] ()
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R1 Aavmker4; C:\Windows\System32\Drivers\Aavmker4.sys [25256 2012-08-21] (AVAST Software)
R1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-08-21] (AVAST Software)
R2 aswMon2; C:\Windows\System32\Drivers\aswMon2.sys [97608 2012-08-21] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [35928 2012-08-21] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [729752 2012-08-21] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355632 2012-08-21] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-08-21] (AVAST Software)
S3 FilterService; C:\Windows\System32\DRIVERS\lvuvcflt.sys [23832 2009-10-07] (Logitech Inc.)
S3 HCWBT8XX; C:\Windows\System32\drivers\HCWBT8XX.sys [472644 2006-01-25] (Hauppauge Computer Works)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
S3 lvselsus; C:\Windows\System32\DRIVERS\lvselsus.sys [66456 2009-10-07] (Logitech Inc.)
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2007-07-18] (Logitech Inc.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [218592 2013-10-14] (PC Tools)
S3 PRISM_A02; C:\Windows\System32\DRIVERS\WUSB20XP.sys [339488 2004-04-15] (Cisco-Linksys, LLC.)
R3 RT73; C:\Windows\System32\DRIVERS\rt73.sys [459520 2008-01-15] (Ralink Technology, Corp.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [14776 2010-11-26] ()
R3 SSLDrv; C:\Windows\System32\DRIVERS\SSLDrv.sys [20504 2009-02-23] (SonicWALL Inc.)
S4 IntelIde; No ImagePath
U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-13] (Microsoft Corporation)
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 pxtdypow; \??\C:\DOCUME~1\zach\LOCALS~1\Temp\pxtdypow.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-15 10:14 - 2013-10-15 10:14 - 01087213 _____ (Farbar) C:\Documents and Settings\zach\Desktop\FRST.exe
2013-10-15 10:14 - 2013-10-15 10:14 - 00000000 ____D C:\FRST
2013-10-15 10:06 - 2013-10-15 10:06 - 00118781 _____ C:\Documents and Settings\zach\Desktop\ark.txt
2013-10-15 09:51 - 2013-10-15 09:51 - 00118781 _____ C:\Documents and Settings\zach\Desktop\GMER.log
2013-10-14 13:59 - 2013-10-14 13:59 - 00377856 _____ C:\Documents and Settings\zach\Desktop\GMER.exe
2013-10-14 13:48 - 2013-10-14 13:48 - 00029982 _____ C:\Documents and Settings\zach\Desktop\attach.txt
2013-10-14 13:48 - 2013-10-14 13:48 - 00023402 _____ C:\Documents and Settings\zach\Desktop\dds.txt
2013-10-14 13:42 - 2013-10-14 13:42 - 00017007 _____ C:\Documents and Settings\zach\Desktop\hijackthis.log
2013-10-14 12:41 - 2013-10-14 12:41 - 00688992 ____R (Swearware) C:\Documents and Settings\zach\Desktop\dds.scr
2013-10-14 12:38 - 2013-10-14 12:38 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\zach\Desktop\HijackThis.exe
2013-10-14 12:23 - 2013-10-14 12:24 - 00006062 _____ C:\Documents and Settings\zach\Desktop\Rkill.txt
2013-10-14 12:00 - 2013-10-14 12:11 - 07790404 _____ C:\Documents and Settings\zach\Desktop\macroE1.psd
2013-10-14 11:34 - 2013-10-14 11:34 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-10-14 11:34 - 2013-10-14 11:34 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Threat Expert
2013-10-14 11:34 - 2013-10-14 11:34 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2013-10-14 11:34 - 2013-10-14 11:34 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2013-10-13 15:59 - 2013-10-13 15:59 - 00769887 _____ C:\Documents and Settings\zach\Local Settings\Application Data\census.cache
2013-10-13 15:59 - 2013-10-13 15:59 - 00223686 _____ C:\Documents and Settings\zach\Local Settings\Application Data\ars.cache
2013-10-13 15:32 - 2012-07-26 21:02 - 00257928 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2013-10-13 15:30 - 2013-10-13 15:30 - 00000036 _____ C:\Documents and Settings\zach\Local Settings\Application Data\housecall.guid.cache
2013-10-13 13:49 - 2013-10-14 12:27 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-11 15:37 - 2013-10-11 15:37 - 17813896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-10-11 03:48 - 2013-10-15 10:16 - 03030009 _____ C:\WINDOWS\pfirewall.log
2013-10-11 03:48 - 2013-10-14 16:27 - 00000539 _____ C:\WINDOWS\wiadebug.log
2013-10-11 03:48 - 2013-10-14 14:08 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-11 03:48 - 2013-10-11 03:48 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2013-10-11 03:25 - 2013-10-11 03:26 - 00139480 _____ C:\WINDOWS\KB2847311.log
2013-10-11 03:25 - 2013-10-11 03:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-11 03:24 - 2013-10-11 03:24 - 00139476 _____ C:\WINDOWS\KB2862335.log
2013-10-11 03:24 - 2013-10-11 03:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-11 03:12 - 2013-10-11 03:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-11 03:11 - 2013-10-11 03:12 - 00020410 _____ C:\WINDOWS\KB2868038.log
2013-10-11 03:09 - 2013-10-11 03:25 - 00003415 _____ C:\WINDOWS\updspapi.log
2013-10-11 03:08 - 2013-10-13 13:54 - 00046762 _____ C:\WINDOWS\iis6.log
2013-10-11 03:08 - 2013-10-13 13:54 - 00043888 _____ C:\WINDOWS\FaxSetup.log
2013-10-11 03:08 - 2013-10-13 13:54 - 00023422 _____ C:\WINDOWS\ocgen.log
2013-10-11 03:08 - 2013-10-13 13:54 - 00021510 _____ C:\WINDOWS\tsoc.log
2013-10-11 03:08 - 2013-10-13 13:54 - 00014726 _____ C:\WINDOWS\comsetup.log
2013-10-11 03:08 - 2013-10-13 13:54 - 00009221 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-11 03:08 - 2013-10-13 13:54 - 00008090 _____ C:\WINDOWS\netfxocm.log
2013-10-11 03:08 - 2013-10-13 13:54 - 00003269 _____ C:\WINDOWS\MedCtrOC.log
2013-10-11 03:08 - 2013-10-13 13:54 - 00002477 _____ C:\WINDOWS\ocmsn.log
2013-10-11 03:08 - 2013-10-13 13:54 - 00002284 _____ C:\WINDOWS\msgsocm.log
2013-10-11 03:08 - 2013-10-13 13:54 - 00002177 _____ C:\WINDOWS\tabletoc.log
2013-10-11 03:08 - 2013-10-13 13:54 - 00001943 _____ C:\WINDOWS\imsins.log
2013-10-11 03:08 - 2013-10-13 13:53 - 00013230 _____ C:\WINDOWS\msmqinst.log
2013-10-11 03:08 - 2013-10-11 03:26 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-10-11 03:08 - 2013-10-11 03:09 - 00021156 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-11 03:08 - 2013-10-11 03:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-11 03:08 - 2013-10-11 03:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-11 03:08 - 2013-10-11 03:08 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-10-11 03:08 - 2013-10-11 03:08 - 00000000 _____ C:\WINDOWS\setupact.log
2013-10-11 03:07 - 2013-10-11 03:24 - 00012713 _____ C:\WINDOWS\setupapi.log
2013-10-10 10:19 - 2013-07-02 21:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-10-10 10:17 - 2013-07-16 19:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-10-10 10:17 - 2013-07-16 19:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2013-10-10 10:16 - 2013-08-08 19:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2013-10-10 10:16 - 2013-08-08 19:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2013-10-10 10:16 - 2009-03-18 06:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2013-09-27 11:50 - 2013-09-27 11:50 - 447604565 _____ C:\Documents and Settings\zach\Desktop\FM969 originals.zip
2013-09-25 11:06 - 2013-09-25 11:06 - 283316212 _____ C:\Documents and Settings\zach\Desktop\FM969.zip
2013-09-24 12:03 - 2013-09-24 12:03 - 23015674 _____ C:\Documents and Settings\zach\Desktop\Bee Cave_Hwy 71 Pad Sites_JP_v2.bmp
2013-09-23 16:10 - 2013-09-23 16:27 - 00000000 ____D C:\Documents and Settings\zach\Desktop\TO UPLOAD TO MCA
2013-09-23 15:07 - 2013-09-23 15:07 - 01667584 _____ C:\Documents and Settings\zach\Desktop\Rockspring Capital - RE 145ac Shepherd Mountain.msg
2013-09-23 15:07 - 2013-09-23 15:07 - 00029184 _____ C:\Documents and Settings\zach\Desktop\Colton.msg
2013-09-23 14:03 - 2013-10-07 15:53 - 00000600 _____ C:\Documents and Settings\zach\Local Settings\Application Data\PUTTY.RND
2013-09-21 11:02 - 2013-09-21 11:04 - 00000000 ____D C:\Documents and Settings\zach\Desktop\Master Contacts Spreadsheet 2011
2013-09-20 15:57 - 2013-09-20 15:57 - 00047616 _____ C:\Documents and Settings\zach\Desktop\Re links to stored documents.msg
2013-09-20 12:38 - 2013-09-20 12:38 - 00036864 _____ C:\Documents and Settings\zach\Desktop\MCA WEBSITE LOGIN .msg
2013-09-18 19:08 - 2013-09-19 16:16 - 00046588 _____ C:\Documents and Settings\zach\Desktop\Zach Deals - Sept 2013.xlsx
2013-09-18 12:14 - 2013-09-19 12:10 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 16:28 - 2013-09-17 16:40 - 00001456 _____ C:\Documents and Settings\zach\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
2013-09-17 15:04 - 2013-09-19 11:39 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Arclab MailList Controller
2013-09-16 13:55 - 2013-09-16 13:58 - 00000000 ____D C:\Program Files\Application Updater
2013-09-16 13:55 - 2013-09-16 13:55 - 00000000 ____D C:\Program Files\Common Files\Spigot
2013-09-16 13:55 - 2013-09-16 13:55 - 00000000 ____D C:\Documents and Settings\zach\Local Settings\Application Data\Babylon
2013-09-16 13:55 - 2013-09-16 13:55 - 00000000 ____D C:\Documents and Settings\zach\Application Data\Search Settings
2013-09-16 13:55 - 2013-09-16 13:55 - 00000000 ____D C:\Documents and Settings\zach\Application Data\Babylon
2013-09-16 13:55 - 2013-09-16 13:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Babylon
2013-09-16 13:54 - 2013-09-16 13:55 - 00000000 ____D C:\Documents and Settings\zach\Desktop\MICROSOFT OFFICE 2010
2013-09-16 13:54 - 2013-09-16 13:54 - 00000000 ____D C:\Documents and Settings\zach\Desktop\11.7ac - Aug 2013
2013-09-16 13:15 - 2013-09-16 13:15 - 00000000 ____D C:\Program Files\Constant Contact
2013-09-16 13:15 - 2013-09-16 13:15 - 00000000 ____D C:\CTCTOutlook
2013-09-16 12:48 - 2013-09-16 12:48 - 00016417 _____ C:\Documents and Settings\zach\Desktop\Book1.xlsx

==================== One Month Modified Files and Folders =======

2013-10-15 10:16 - 2013-10-11 03:48 - 03030009 _____ C:\WINDOWS\pfirewall.log
2013-10-15 10:14 - 2013-10-15 10:14 - 01087213 _____ (Farbar) C:\Documents and Settings\zach\Desktop\FRST.exe
2013-10-15 10:14 - 2013-10-15 10:14 - 00000000 ____D C:\FRST
2013-10-15 10:09 - 2013-05-16 15:51 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1ce527716cde060.job
2013-10-15 10:06 - 2013-10-15 10:06 - 00118781 _____ C:\Documents and Settings\zach\Desktop\ark.txt
2013-10-15 09:51 - 2013-10-15 09:51 - 00118781 _____ C:\Documents and Settings\zach\Desktop\GMER.log
2013-10-15 09:37 - 2013-04-03 10:03 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-15 09:01 - 2009-08-26 00:33 - 01849648 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-15 02:03 - 2012-07-13 10:56 - 00000318 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-10-14 16:27 - 2013-10-11 03:48 - 00000539 _____ C:\WINDOWS\wiadebug.log
2013-10-14 15:09 - 2012-07-12 04:44 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cd6012f20be5da.job
2013-10-14 14:56 - 2009-08-26 14:29 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-14 14:18 - 2010-06-16 23:38 - 00000000 ____D C:\Program Files\Spyware Doctor
2013-10-14 14:10 - 2012-06-28 14:58 - 00000000 ___RD C:\Documents and Settings\zach\My Documents\Dropbox
2013-10-14 14:10 - 2012-06-28 14:54 - 00000000 ____D C:\Documents and Settings\zach\Application Data\Dropbox
2013-10-14 14:09 - 2007-07-27 07:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-14 14:08 - 2013-10-11 03:48 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-14 14:06 - 2013-04-03 12:35 - 00000278 _____ C:\WINDOWS\Tasks\SmartDefrag_Startup.job
2013-10-14 14:06 - 2013-04-03 12:35 - 00000276 _____ C:\WINDOWS\Tasks\SmartDefragUpdate.job
2013-10-14 14:06 - 2011-01-03 10:32 - 00000374 _____ C:\WINDOWS\Tasks\AWC AutoSweep.job
2013-10-14 14:05 - 2009-08-26 13:43 - 00000000 __SHD C:\WINDOWS\CSC
2013-10-14 14:05 - 2009-08-26 00:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-14 13:59 - 2013-10-14 13:59 - 00377856 _____ C:\Documents and Settings\zach\Desktop\GMER.exe
2013-10-14 13:48 - 2013-10-14 13:48 - 00029982 _____ C:\Documents and Settings\zach\Desktop\attach.txt
2013-10-14 13:48 - 2013-10-14 13:48 - 00023402 _____ C:\Documents and Settings\zach\Desktop\dds.txt
2013-10-14 13:42 - 2013-10-14 13:42 - 00017007 _____ C:\Documents and Settings\zach\Desktop\hijackthis.log
2013-10-14 13:42 - 2011-08-09 13:43 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-10-14 13:27 - 2011-12-20 17:25 - 00032280 _____ C:\WINDOWS\Tasks\SCHEDLGU.TXT
2013-10-14 13:25 - 2013-08-28 12:47 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2013-10-14 13:24 - 2009-08-26 13:44 - 00000278 ___SH C:\Documents and Settings\zach\ntuser.ini
2013-10-14 13:19 - 2010-06-16 23:38 - 00218592 _____ (PC Tools) C:\WINDOWS\system32\Drivers\PCTCore.sys
2013-10-14 13:19 - 2010-06-16 23:38 - 00063360 _____ (PC Tools) C:\WINDOWS\system32\Drivers\pctplsg.sys
2013-10-14 13:10 - 2009-11-13 20:57 - 00000000 ____D C:\Program Files\SourceTec
2013-10-14 13:05 - 2013-05-17 14:05 - 00000000 ____D C:\Program Files\Safari
2013-10-14 13:00 - 2013-02-04 13:02 - 00000000 ____D C:\Program Files\Citrix
2013-10-14 12:54 - 2012-10-01 18:52 - 00000000 ____D C:\Documents and Settings\zach\Application Data\DVDVideoSoft
2013-10-14 12:41 - 2013-10-14 12:41 - 00688992 ____R (Swearware) C:\Documents and Settings\zach\Desktop\dds.scr
2013-10-14 12:38 - 2013-10-14 12:38 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\zach\Desktop\HijackThis.exe
2013-10-14 12:27 - 2013-10-13 13:49 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-14 12:27 - 2010-07-05 12:15 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-14 12:27 - 2010-07-05 12:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-14 12:25 - 2009-08-26 13:59 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-10-14 12:24 - 2013-10-14 12:23 - 00006062 _____ C:\Documents and Settings\zach\Desktop\Rkill.txt
2013-10-14 12:11 - 2013-10-14 12:00 - 07790404 _____ C:\Documents and Settings\zach\Desktop\macroE1.psd
2013-10-14 11:34 - 2013-10-14 11:34 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-10-14 11:34 - 2013-10-14 11:34 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Threat Expert
2013-10-14 11:34 - 2013-10-14 11:34 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2013-10-14 11:34 - 2013-10-14 11:34 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2013-10-14 11:34 - 2009-08-26 13:59 - 00000000 ____D C:\Documents and Settings\Administrator
2013-10-14 10:39 - 2011-01-03 10:32 - 00000386 _____ C:\WINDOWS\Tasks\AWC Update.job
2013-10-13 15:59 - 2013-10-13 15:59 - 00769887 _____ C:\Documents and Settings\zach\Local Settings\Application Data\census.cache
2013-10-13 15:59 - 2013-10-13 15:59 - 00223686 _____ C:\Documents and Settings\zach\Local Settings\Application Data\ars.cache
2013-10-13 15:30 - 2013-10-13 15:30 - 00000036 _____ C:\Documents and Settings\zach\Local Settings\Application Data\housecall.guid.cache
2013-10-13 15:12 - 2009-08-26 15:53 - 00000000 ____D C:\Program Files\Opera
2013-10-13 13:54 - 2013-10-11 03:08 - 00046762 _____ C:\WINDOWS\iis6.log
2013-10-13 13:54 - 2013-10-11 03:08 - 00043888 _____ C:\WINDOWS\FaxSetup.log
2013-10-13 13:54 - 2013-10-11 03:08 - 00023422 _____ C:\WINDOWS\ocgen.log
2013-10-13 13:54 - 2013-10-11 03:08 - 00021510 _____ C:\WINDOWS\tsoc.log
2013-10-13 13:54 - 2013-10-11 03:08 - 00014726 _____ C:\WINDOWS\comsetup.log
2013-10-13 13:54 - 2013-10-11 03:08 - 00009221 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-13 13:54 - 2013-10-11 03:08 - 00008090 _____ C:\WINDOWS\netfxocm.log
2013-10-13 13:54 - 2013-10-11 03:08 - 00003269 _____ C:\WINDOWS\MedCtrOC.log
2013-10-13 13:54 - 2013-10-11 03:08 - 00002477 _____ C:\WINDOWS\ocmsn.log
2013-10-13 13:54 - 2013-10-11 03:08 - 00002284 _____ C:\WINDOWS\msgsocm.log
2013-10-13 13:54 - 2013-10-11 03:08 - 00002177 _____ C:\WINDOWS\tabletoc.log
2013-10-13 13:54 - 2013-10-11 03:08 - 00001943 _____ C:\WINDOWS\imsins.log
2013-10-13 13:53 - 2013-10-11 03:08 - 00013230 _____ C:\WINDOWS\msmqinst.log
2013-10-13 12:20 - 2009-08-26 00:37 - 00000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini
2013-10-13 12:03 - 2013-01-27 16:06 - 00000178 ___SH C:\Documents and Settings\UpdatusUser\ntuser.ini
2013-10-11 15:48 - 2013-08-20 11:56 - 57487360 _____ C:\WINDOWS\system32\config\software.iobit
2013-10-11 15:48 - 2013-08-20 11:56 - 04509696 _____ C:\WINDOWS\system32\config\default.iobit
2013-10-11 15:48 - 2013-08-20 11:56 - 00069632 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2013-10-11 15:48 - 2013-08-20 11:56 - 00032768 _____ C:\WINDOWS\system32\config\SAM.iobit
2013-10-11 15:48 - 2009-08-26 13:44 - 00000000 ____D C:\Documents and Settings\zach
2013-10-11 15:48 - 2009-08-26 00:37 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-10-11 15:48 - 2009-08-26 00:37 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-10-11 15:37 - 2013-10-11 15:37 - 17813896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-10-11 15:37 - 2012-04-07 11:44 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-11 15:37 - 2011-08-09 14:13 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-11 03:53 - 2009-08-25 19:24 - 03810648 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-11 03:48 - 2013-10-11 03:48 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2013-10-11 03:48 - 2012-01-04 11:11 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 03:31 - 2013-08-28 12:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-10-11 03:28 - 2009-08-25 19:25 - 00686552 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-11 03:26 - 2013-10-11 03:25 - 00139480 _____ C:\WINDOWS\KB2847311.log
2013-10-11 03:26 - 2013-10-11 03:08 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-10-11 03:25 - 2013-10-11 03:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-11 03:25 - 2013-10-11 03:09 - 00003415 _____ C:\WINDOWS\updspapi.log
2013-10-11 03:24 - 2013-10-11 03:24 - 00139476 _____ C:\WINDOWS\KB2862335.log
2013-10-11 03:24 - 2013-10-11 03:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-11 03:24 - 2013-10-11 03:07 - 00012713 _____ C:\WINDOWS\setupapi.log
2013-10-11 03:24 - 2011-12-07 13:08 - 00020881 _____ C:\WINDOWS\system32\lvcoinst.log
2013-10-11 03:21 - 2013-08-14 09:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-11 03:16 - 2012-01-04 11:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2013-10-11 03:16 - 2009-08-26 01:36 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-11 03:12 - 2013-10-11 03:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-11 03:12 - 2013-10-11 03:11 - 00020410 _____ C:\WINDOWS\KB2868038.log
2013-10-11 03:09 - 2013-10-11 03:08 - 00021156 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-11 03:09 - 2009-08-26 01:39 - 00000000 ____D C:\WINDOWS\ie8updates
2013-10-11 03:08 - 2013-10-11 03:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-11 03:08 - 2013-10-11 03:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-11 03:08 - 2013-10-11 03:08 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-10-11 03:08 - 2013-10-11 03:08 - 00000000 _____ C:\WINDOWS\setupact.log
2013-10-09 17:05 - 2011-03-31 15:44 - 00000000 ____D C:\Documents and Settings\zach\Application Data\FileZilla
2013-10-07 15:53 - 2013-09-23 14:03 - 00000600 _____ C:\Documents and Settings\zach\Local Settings\Application Data\PUTTY.RND
2013-10-07 13:57 - 2009-08-27 01:27 - 00004096 _____ C:\Documents and Settings\All Users\Application Data\ScheduledItems
2013-10-07 13:56 - 2009-08-26 15:24 - 00001786 ___SH C:\WINDOWS\system32\KGyGaAvL.sys
2013-10-02 11:30 - 2010-10-06 09:11 - 00000000 ____D C:\Documents and Settings\zach\Application Data\webex
2013-09-30 13:04 - 2011-10-31 13:15 - 00000000 ____D C:\Documents and Settings\zach\My Documents\CHEVY SILVERADO
2013-09-27 11:50 - 2013-09-27 11:50 - 447604565 _____ C:\Documents and Settings\zach\Desktop\FM969 originals.zip
2013-09-25 11:06 - 2013-09-25 11:06 - 283316212 _____ C:\Documents and Settings\zach\Desktop\FM969.zip
2013-09-24 12:03 - 2013-09-24 12:03 - 23015674 _____ C:\Documents and Settings\zach\Desktop\Bee Cave_Hwy 71 Pad Sites_JP_v2.bmp
2013-09-23 23:36 - 2009-03-08 04:32 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2013-09-23 23:36 - 2007-07-27 07:00 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-09-23 16:27 - 2013-09-23 16:10 - 00000000 ____D C:\Documents and Settings\zach\Desktop\TO UPLOAD TO MCA
2013-09-23 15:13 - 2013-09-03 14:43 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-23 15:07 - 2013-09-23 15:07 - 01667584 _____ C:\Documents and Settings\zach\Desktop\Rockspring Capital - RE 145ac Shepherd Mountain.msg
2013-09-23 15:07 - 2013-09-23 15:07 - 00029184 _____ C:\Documents and Settings\zach\Desktop\Colton.msg
2013-09-23 13:33 - 2012-06-13 12:14 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2013-09-23 13:33 - 2010-06-11 14:48 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2013-09-23 13:33 - 2009-08-26 01:39 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2013-09-23 13:33 - 2009-08-26 01:39 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2013-09-23 13:33 - 2009-08-26 01:39 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2013-09-23 13:33 - 2009-08-26 01:39 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2013-09-23 13:33 - 2009-08-26 01:39 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2013-09-23 13:33 - 2009-08-26 01:39 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2013-09-23 13:33 - 2009-07-18 11:05 - 06017536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2013-09-23 13:33 - 2009-06-26 11:50 - 01215488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2013-09-23 13:33 - 2009-06-26 11:50 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2013-09-23 13:33 - 2009-03-08 14:09 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2013-09-23 13:33 - 2009-03-08 04:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-09-23 13:33 - 2009-03-08 04:34 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2013-09-23 13:33 - 2009-03-08 04:34 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2013-09-23 13:33 - 2009-03-08 04:34 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2013-09-23 13:33 - 2009-03-08 04:34 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2013-09-23 13:33 - 2009-03-08 04:33 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2013-09-23 13:33 - 2009-03-08 04:33 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2013-09-23 13:33 - 2009-03-08 04:33 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2013-09-23 13:33 - 2009-03-08 04:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-09-23 13:33 - 2009-03-08 04:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-09-23 13:33 - 2009-03-08 04:32 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2013-09-23 13:33 - 2009-03-08 04:31 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2013-09-23 13:33 - 2009-03-08 04:31 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2013-09-23 13:33 - 2009-03-08 04:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2013-09-23 13:33 - 2007-07-27 07:00 - 06017536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-09-23 13:33 - 2007-07-27 07:00 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-09-23 13:33 - 2007-07-27 07:00 - 01215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-09-23 13:33 - 2007-07-27 07:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-09-23 13:33 - 2007-07-27 07:00 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2013-09-23 13:33 - 2007-07-27 07:00 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2013-09-23 13:33 - 2007-07-27 07:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2013-09-23 13:33 - 2007-07-27 07:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2013-09-23 13:33 - 2007-07-27 07:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2013-09-23 13:33 - 2007-07-27 07:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2013-09-23 13:33 - 2007-07-27 07:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2013-09-23 13:33 - 2007-07-27 07:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-09-23 13:33 - 2007-07-27 07:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2013-09-23 13:06 - 2007-07-27 07:00 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2013-09-21 11:04 - 2013-09-21 11:02 - 00000000 ____D C:\Documents and Settings\zach\Desktop\Master Contacts Spreadsheet 2011
2013-09-20 16:07 - 2009-08-27 00:28 - 00000000 ____D C:\Documents and Settings\zach\My Documents\McALISTER REAL ESTATE
2013-09-20 16:01 - 2011-03-31 15:43 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2013-09-20 16:01 - 2011-03-31 15:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client
2013-09-20 15:57 - 2013-09-20 15:57 - 00047616 _____ C:\Documents and Settings\zach\Desktop\Re links to stored documents.msg
2013-09-20 12:38 - 2013-09-20 12:38 - 00036864 _____ C:\Documents and Settings\zach\Desktop\MCA WEBSITE LOGIN .msg
2013-09-19 16:16 - 2013-09-18 19:08 - 00046588 _____ C:\Documents and Settings\zach\Desktop\Zach Deals - Sept 2013.xlsx
2013-09-19 12:10 - 2013-09-18 12:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-19 11:39 - 2013-09-17 15:04 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Arclab MailList Controller
2013-09-17 16:40 - 2013-09-17 16:28 - 00001456 _____ C:\Documents and Settings\zach\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
2013-09-16 14:06 - 2011-12-07 14:53 - 00084088 _____ C:\Documents and Settings\zach\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-09-16 14:03 - 2009-08-26 00:34 - 00002626 _____ C:\WINDOWS\system32\CONFIG.NT
2013-09-16 13:58 - 2013-09-16 13:55 - 00000000 ____D C:\Program Files\Application Updater
2013-09-16 13:57 - 2009-11-14 21:46 - 00000000 ____D C:\Documents and Settings\postgres
2013-09-16 13:57 - 2009-08-26 00:38 - 00000000 ____D C:\Documents and Settings\Zach Jones
2013-09-16 13:57 - 2009-08-26 00:31 - 00000000 ____D C:\WINDOWS\Registration
2013-09-16 13:56 - 2009-08-25 19:25 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-16 13:55 - 2013-09-16 13:55 - 00000000 ____D C:\Program Files\Common Files\Spigot
2013-09-16 13:55 - 2013-09-16 13:55 - 00000000 ____D C:\Documents and Settings\zach\Local Settings\Application Data\Babylon
2013-09-16 13:55 - 2013-09-16 13:55 - 00000000 ____D C:\Documents and Settings\zach\Application Data\Search Settings
2013-09-16 13:55 - 2013-09-16 13:55 - 00000000 ____D C:\Documents and Settings\zach\Application Data\Babylon
2013-09-16 13:55 - 2013-09-16 13:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Babylon
2013-09-16 13:55 - 2013-09-16 13:54 - 00000000 ____D C:\Documents and Settings\zach\Desktop\MICROSOFT OFFICE 2010
2013-09-16 13:55 - 2009-08-26 01:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
2013-09-16 13:54 - 2013-09-16 13:54 - 00000000 ____D C:\Documents and Settings\zach\Desktop\11.7ac - Aug 2013
2013-09-16 13:15 - 2013-09-16 13:15 - 00000000 ____D C:\Program Files\Constant Contact
2013-09-16 13:15 - 2013-09-16 13:15 - 00000000 ____D C:\CTCTOutlook
2013-09-16 13:11 - 2013-08-12 08:32 - 00068096 _____ C:\Documents and Settings\zach\Desktop\BCC email blast list - o Bar & River Oaks.msg
2013-09-16 12:48 - 2013-09-16 12:48 - 00016417 _____ C:\Documents and Settings\zach\Desktop\Book1.xlsx

Some content of TEMP:
====================
C:\Documents and Settings\Zach Jones\Local Settings\Temp\keystone.exe
C:\Documents and Settings\Zach Jones\Local Settings\Temp\nvAppBar.exe
C:\Documents and Settings\Zach Jones\Local Settings\Temp\nvDspSch.exe
C:\Documents and Settings\Zach Jones\Local Settings\Temp\nView.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\nViewSetup.exe
C:\Documents and Settings\Zach Jones\Local Settings\Temp\nvnt4cpl.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\nvShell.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\nvTaskBar.exe
C:\Documents and Settings\Zach Jones\Local Settings\Temp\nvwdmcpl.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\nvwimg.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSAR.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSCS.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSDA.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSDE.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSEL.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSENG.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSENU.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSES.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSESM.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSFI.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSFR.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSHE.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSHU.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSIT.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSJA.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSKO.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSNL.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSNO.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSPL.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSPT.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSPTB.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSRU.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSSK.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSSL.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSSV.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSTH.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSTR.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSZHC.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\NVWRSZHT.dll
C:\Documents and Settings\Zach Jones\Local Settings\Temp\nwiz.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Zach at 2013-10-15 10:18:50
Running from C:\Documents and Settings\zach\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 3.1.1)
ACT! (Version: 8.0.2.0000)
ACT! Premium 2006 (Version: 8.0.2.0000)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (Version: 9.5.5)
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe AIR (Version: 2.5.1.17730)
Adobe Color Common Settings (Version: 1.0.1)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Setup (Version: 1.0)
Advanced SystemCare 6 (Version: 6.4)
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.2.6
AviSynth 2.5
Bonjour (Version: 3.0.0.10)
Browser Defender 2.0.6.15 (Version: 2.0.6.15)
CameraHelperMsi (Version: 13.31.1038.0)
Cisco WebEx Meetings
CompanionLink (Version: 3.00.0000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CoreAAC
CutePDF Writer 3.0 (Version: 3.0)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox (HKCU Version: 2.0.22)
Eraser 5.8.7 (Version: Eraser 5.8.7)
erLT (Version: 1.20.138.34)
File Scavenger 3.2 (English) (Version: 3.2.18.0)
FileZilla Client 3.7.3 (Version: 3.7.3)
GOM Player (Version: 2.1.21.4846)
GOM Video Converter (Version: 1.1.0.54)
Google Chrome (Version: 30.0.1599.69)
Google Earth (Version: 7.1.1.1888)
Google Gmail Notifier
Google Update Helper (Version: 1.3.21.165)
Hauppauge WinTV2000
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
iCamSource (Version: 1.4.1)
iExplorer 2.2.1.2
InterActual Player
IObit Apps Toolbar v7.6 (Version: 7.6)
iTunes (Version: 10.7.0.21)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
LAME v3.98.2 for Audacity
LightScribe System Software (Version: 1.18.8.1)
LightScribe Template Designs - 9 to 5 Pack 1 (Version: 1.15.0.0)
LightScribe Template Designs - Art Pack 1 (Version: 1.10.16.1)
LightScribe Template Designs - Grab Bag Pack 1 (Version: 1.17.0.0)
LightScribe Template Designs - Street Style Pack 1 (Version: 1.17.0.0)
LightScribe Template Labeler (Version: 1.18.5.1)
Logitech Legacy USB Camera Driver Package (Version: 11.10.2016)
Logitech Webcam Software (Version: 2.30)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
LWS Facebook (Version: 13.31.1038.0)
LWS Gallery (Version: 13.31.1038.0)
LWS Help_main (Version: 13.31.1044.0)
LWS Launcher (Version: 13.31.1038.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.31.1038.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.31.1038.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.31.1038.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows Media Video 9 VCM
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MPEG2 Codec(libmpeg2/mad)
MSU Screen Capture Lossless Codec v1.2 (Remove Only)
NVIDIA Control Panel 310.90 (Version: 310.90)
NVIDIA Drivers (Version: 1.3)
NVIDIA Graphics Driver 310.90 (Version: 310.90)
NVIDIA Install Application (Version: 2.1002.95.599)
NVIDIA nView 136.53 (Version: 136.53)
NVIDIA nView Desktop Manager (Version: 136.53)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Opera 12.16 (Version: 12.16.1860)
PDF Settings CS5 (Version: 10.0)
PhotoMapper 6.1
QuickTime (Version: 7.71.80.42)
Realtek High Definition Audio Driver (Version: 5.10.0.5919)
Skype Toolbars (Version: 5.0.4137)
Skype™ 5.10 (Version: 5.10.116)
Smart Defrag 2 (Version: 2.7)
SonicWALL SSL-VPN NetExtender (Version: 3.5.107)
Spotify (HKCU Version: 0.8.3.222.g317ab79d)
Spotify (Version: 0.5.2)
Spybot - Search & Destroy (Version: 1.6.2)
Spyware Doctor 7.0 (Version: 7.0)
StuffIt Expander 2010 (Version: 14.0.0)
System Requirements Lab
TurboTax 2011
TurboTax 2011 WinPerFedFormset (Version: 011.000.3351)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0496)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0222)
TurboTax 2011 wrapper (Version: 011.000.0121)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB973874) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2808679) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Veetle TV 0.9.17 (Version: 0.9.17)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Migration Assistant (Version: 1.0.1.3)
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver

==================== Restore Points =========================

29-07-2013 15:26:36 System Checkpoint
08-08-2013 14:25:22 Installed Java 7 Update 25
13-08-2013 22:58:34 Installed Windows XP KB2849470.
13-08-2013 22:59:42 Installed Windows XP KB2859537.
13-08-2013 23:01:02 Installed Windows XP KB2862772.
13-08-2013 23:02:20 Installed Windows XP KB2863058.
13-08-2013 23:03:25 Installed Windows XP KB2850869.
14-08-2013 14:26:38 Software Distribution Service 3.0
15-08-2013 14:47:25 Software Distribution Service 3.0
26-08-2013 01:23:28 Printer Driver CutePDF Writer Installed
27-08-2013 18:32:26 Software Distribution Service 3.0
28-08-2013 17:39:06 Installed Microsoft Office Home and Student 2010
28-08-2013 17:48:00 Printer Driver Send To Microsoft OneNote 2010 Driver Installed
28-08-2013 19:36:25 Software Distribution Service 3.0
28-08-2013 22:56:13 Installed Microsoft Office Professional Plus 2010
28-08-2013 23:06:52 Printer Driver Send To Microsoft OneNote 2010 Driver Installed
28-08-2013 23:45:10 Software Distribution Service 3.0
29-08-2013 14:54:53 Software Distribution Service 3.0
29-08-2013 17:14:32 Installed Windows XP KB915800-v4.
29-08-2013 17:15:03 Installed Windows XP Windows Search 4.0.
30-08-2013 08:00:20 Software Distribution Service 3.0
11-09-2013 08:01:15 Software Distribution Service 3.0
11-09-2013 19:09:28 Configured Microsoft Office Home and Student 2010
12-09-2013 08:00:39 Software Distribution Service 3.0
12-09-2013 18:45:11 Software Distribution Service 3.0
12-09-2013 20:55:05 Software Distribution Service 3.0
13-09-2013 18:24:31 Software Distribution Service 3.0
14-09-2013 11:41:53 Removed Microsoft Office Standard Edition 2003
14-09-2013 11:44:46 Removed Microsoft Office Home and Student 2010
14-09-2013 13:19:05 Configured Microsoft Office Professional Plus 2010
14-09-2013 14:12:38 Configured Microsoft Office Professional Plus 2010
16-09-2013 18:15:05 Installed Constant Contact QuickImport v2 for Outlook
16-09-2013 18:53:06 Restore Operation
17-09-2013 20:20:38 Installed Microsoft Visual C++ 2005 Redistributable
11-10-2013 08:00:39 Software Distribution Service 3.0
13-10-2013 19:03:01 Oct13,2013-Registry Backup
14-10-2013 18:01:47 Removed KODAK Gallery Upload Software
14-10-2013 18:05:21 Removed Safari
14-10-2013 18:24:38 Software Distribution Service 3.0

==================== Hosts content: ==========================

2007-07-27 07:00 - 2013-09-14 07:07 - 00451028 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\AWC AutoSweep.job => C:\Program Files\IObit\Advanced SystemCare 3\AutoSweep.exe
Task: C:\WINDOWS\Tasks\AWC Update.job => C:\Program Files\IObit\Advanced SystemCare 3\IObitUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cd6012f20be5da.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1ce527716cde060.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SmartDefragUpdate.job => C:\Program Files\IObit\Smart Defrag 2\AutoUpdate.exe
Task: C:\WINDOWS\Tasks\SmartDefrag_Startup.job => C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe

==================== Loaded Modules (whitelisted) =============

2013-03-12 12:55 - 2013-01-15 18:47 - 00517440 _____ () C:\Program Files\IObit\Advanced SystemCare 6\sqlite3.dll
2013-10-14 13:42 - 2013-10-14 03:46 - 02105856 _____ () C:\Program Files\Alwil Software\Avast5\defs\13101400\algo.dll
2013-08-25 20:23 - 2012-10-04 19:50 - 00088688 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-16 23:42 - 2010-01-22 09:55 - 00767952 _____ () C:\WINDOWS\BDTSupport.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-08-26 02:50 - 2012-12-29 05:31 - 01564008 _____ () C:\Program Files\NVIDIA Corporation\nView\nview.dll
2010-10-04 13:58 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2013-03-12 12:55 - 2013-01-15 18:47 - 00143168 _____ () C:\Program Files\IObit\Advanced SystemCare 6\ASCExtMenu.dll
2013-08-07 14:25 - 2013-08-07 14:25 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2009-08-26 02:50 - 2012-12-29 05:31 - 00357224 _____ () C:\Program Files\NVIDIA Corporation\nView\nvshell.dll
2013-01-23 14:25 - 2009-02-27 16:39 - 00019968 _____ () C:\PROGRAM FILES\ADOBE\ACROBAT 9.0\ACROBAT\AcroTray.DEU
2013-01-23 14:25 - 2009-02-27 16:32 - 00020480 _____ () C:\PROGRAM FILES\ADOBE\ACROBAT 9.0\ACROBAT\AcroTray.FRA
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2012-03-28 10:35 - 2012-03-06 17:46 - 00603648 _____ () C:\Program Files\Alwil Software\Avast5\aswOtl.dll
2010-12-21 01:15 - 2010-12-21 01:15 - 01041248 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2007-07-27 07:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2007-07-27 07:00 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2011-01-28 17:42 - 2013-09-03 17:25 - 00835584 _____ () C:\Program Files\Opera\gstreamer\gstreamer.dll
2011-01-28 17:42 - 2013-09-03 17:25 - 00093696 _____ () C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll
2011-01-28 17:42 - 2013-09-03 17:25 - 00094208 _____ () C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll
2011-01-28 17:42 - 2013-09-03 17:25 - 00057344 _____ () C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll
2011-12-07 14:57 - 2013-09-03 17:25 - 00096256 _____ () C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll
2011-01-28 17:42 - 2013-09-03 17:25 - 00062976 _____ () C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll
2011-01-28 17:42 - 2013-09-03 17:25 - 00067072 _____ () C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll
2011-01-28 17:42 - 2013-09-03 17:25 - 00158208 _____ () C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2011-01-28 17:42 - 2013-09-03 17:25 - 00312832 _____ () C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll
2011-01-28 17:42 - 2013-09-03 17:25 - 00038912 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll
2011-01-28 17:42 - 2013-09-03 17:25 - 00073728 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll
2011-01-28 17:42 - 2013-09-03 17:25 - 00101888 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll
2013-10-11 15:37 - 2013-10-11 15:37 - 16233864 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
AlternateDataStreams: C:\Documents and Settings\zach\My Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""

==================== Faulty Device Manager Devices =============

Name: NVIDIA nForce 10/100 Mbps Ethernet #2
Description: NVIDIA nForce Networking Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: NVIDIA
Service: NVENETFD
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/15/2013 06:04:21 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (10/14/2013 10:05:28 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (10/14/2013 02:05:22 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The network location cannot be reached. For information about network troubleshooting, see Windows Help. ). Group Policy processing aborted.

Error: (10/14/2013 01:38:18 PM) (Source: Application Error) (User: )
Description: Faulting application dropbox.exe, version 2.0.22.0, faulting module libcef.dll, version 1.1364.1123.0, fault address 0x0005fba7.
Processing media-specific event for [dropbox.exe!ws!]

Error: (10/14/2013 01:27:38 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (10/14/2013 01:27:30 PM) (Source: ACT! Scheduler) (User: )
Description: Service cannot be started. System.Exception: Unable to get scheduler configuration. Object reference not set to an instance of an object.
at Act.Scheduler.SchedulerService.GetSchedulerConfiguration()
at Act.Scheduler.SchedulerService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (10/14/2013 01:27:30 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x800704cf). The network location cannot be reached. For information about network troubleshooting, see Windows Help.
Enrollment will not be performed.

Error: (10/14/2013 01:27:30 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The network location cannot be reached. For information about network troubleshooting, see Windows Help. ). Group Policy processing aborted.

Error: (10/14/2013 00:21:28 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (10/14/2013 04:21:28 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.


System errors:
=============
Error: (10/14/2013 03:15:55 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort2

Error: (10/14/2013 03:14:35 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort2

Error: (10/14/2013 03:08:38 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort2

Error: (10/14/2013 03:08:34 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort2

Error: (10/14/2013 03:08:32 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort2

Error: (10/14/2013 03:08:28 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort2

Error: (10/14/2013 03:08:27 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort2

Error: (10/14/2013 03:08:22 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort2

Error: (10/14/2013 03:08:21 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort2

Error: (10/14/2013 03:08:16 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort2


Microsoft Office Sessions:
=========================
Error: (10/15/2013 06:04:21 AM) (Source: AutoEnrollment)(User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (10/14/2013 10:05:28 PM) (Source: AutoEnrollment)(User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (10/14/2013 02:05:22 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: The network location cannot be reached. For information about network troubleshooting, see Windows Help.

Error: (10/14/2013 01:38:18 PM) (Source: Application Error)(User: )
Description: dropbox.exe2.0.22.0libcef.dll1.1364.1123.00005fba7

Error: (10/14/2013 01:27:38 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

Error: (10/14/2013 01:27:30 PM) (Source: ACT! Scheduler)(User: )
Description: Service cannot be started. System.Exception: Unable to get scheduler configuration. Object reference not set to an instance of an object.
at Act.Scheduler.SchedulerService.GetSchedulerConfiguration()
at Act.Scheduler.SchedulerService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (10/14/2013 01:27:30 PM) (Source: AutoEnrollment)(User: )
Description: local system0x800704cfThe network location cannot be reached. For information about network troubleshooting, see Windows Help.

Error: (10/14/2013 01:27:30 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: The network location cannot be reached. For information about network troubleshooting, see Windows Help.

Error: (10/14/2013 00:21:28 PM) (Source: AutoEnrollment)(User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (10/14/2013 04:21:28 AM) (Source: AutoEnrollment)(User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.


==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 3582.28 MB
Available physical RAM: 2137.88 MB
Total Pagefile: 5464.16 MB
Available Pagefile: 4085.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:452.59 GB) (Free:185.7 GB) NTFS
Drive h: (FACTORY_IMAGE) (Fixed) (Total:13.16 GB) (Free:1.71 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 1549F232)
Partition 1: (Not Active) - (Size=453 GB) - (Type=OF Extended)
Partition 2: (Active) - (Size=13 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

  • Staff

Hello atx

I need you to download this script I have made for you --> fixlist.txt

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.

When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Gringo

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by Zach at 2013-10-15 11:09:56 Run:1
Running from C:\Documents and Settings\zach\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION
U3 pxtdypow; \??\C:\DOCUME~1\zach\LOCALS~1\Temp\pxtdypow.sys [x]





*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
pxtdypow => Service deleted successfully.

==== End of Fixlog ====

Link to post
Share on other sites

  • Staff

Hello atx

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites

Gringo,

 

Things seem to be running fine now. Here are the reports.

 

 

# AdwCleaner v3.007 - Report created 16/10/2013 at 11:16:56
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Zach - ZACH
# Running from : C:\Documents and Settings\zach\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Application Updater

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\IObit Apps Toolbar
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Documents and Settings\zach\Local Settings\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\zach\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\zach\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\zach\Application Data\software4u
File Deleted : C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Software4u\iPhone Explorer\Software4u.IPhoneExplorer.exe]
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default\prefs.js ]

Line Deleted : user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_341.name", "DODGYKEN-200NL-OCT312008");

Line Deleted : user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_343.name", "TICKNER-OCT192008");

Line Deleted : user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_416.name", "THAC-50NL-OCT82009");

Line Deleted : user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_445.name", "AEJONES-400NL-OCT22008");

Line Deleted : user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_455.name", "AEJONES-400NL-OCT142009");

Line Deleted : user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_456.name", "GREG-400NL-OCT192009");

Line Deleted : user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_465.name", "GREG-10000-OCT212008");

Line Deleted : user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_466.name", "GREGMONTAGE-OCT152008");

Line Deleted : user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_467.name", "LUCKYCHEWY-5000NL-OCT242008");

Line Deleted : user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_478.name", "ZUGWAT-20000NL-OCT112009");

Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

-\\ Google Chrome v30.0.1599.101

[ File : C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9561 octets] - [16/10/2013 11:13:28]
AdwCleaner[s0].txt - [9023 octets] - [16/10/2013 11:16:56]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [9083 octets] ##########

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by Zach on Wed 10/16/2013 at 12:12:13.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\zach\Application Data\mozilla\firefox\profiles\m07w8cxa.default\prefs.js























































~~~ Chrome

Dumping contents of C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\Default
C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadcgddfdfdfdjdbdgdidegedeggdjdb
C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadcgddfdfdfdjdbdgdidegedeggdjdb\background.html
C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadcgddfdfdfdjdbdgdidegedeggdjdb\ContentScript.js
C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadcgddfdfdfdjdbdgdidegedeggdjdb\manifest.json

Successfully deleted: [Folder] C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\Default [Default Extension 1.0]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/16/2013 at 12:20:50.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Gringo,

 

That last JRT report didn't copy completely. Here is the full report:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by Zach on Wed 10/16/2013 at 12:12:13.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\zach\Application Data\mozilla\firefox\profiles\m07w8cxa.default\prefs.js























































~~~ Chrome

Dumping contents of C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\Default
C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadcgddfdfdfdjdbdgdidegedeggdjdb
C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadcgddfdfdfdjdbdgdidegedeggdjdb\background.html
C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadcgddfdfdfdjdbdgdidegedeggdjdb\ContentScript.js
C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadcgddfdfdfdjdbdgdidegedeggdjdb\manifest.json

Successfully deleted: [Folder] C:\Documents and Settings\zach\Local Settings\Application Data\Google\Chrome\User Data\Default\Default [Default Extension 1.0]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/16/2013 at 12:20:50.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

  • Staff

Hello atx

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
Link to post
Share on other sites

Log from Combofix:

 

 

 

ComboFix 13-10-15.02 - Zach 10/16/2013 13:36:39.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2478 [GMT -5:00]
Running from: c:\documents and settings\zach\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
C:\Documents
c:\program files\tcpview\tcpview.exe
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\frapsvid.dll
c:\windows\system32\SET123.tmp
c:\windows\system32\SET124.tmp
c:\windows\system32\SET132.tmp
c:\windows\system32\SET133.tmp
c:\windows\system32\SET134.tmp
c:\windows\system32\SET138.tmp
c:\windows\system32\SET139.tmp
c:\windows\system32\SET13A.tmp
c:\windows\system32\SET13E.tmp
c:\windows\system32\SET140.tmp
c:\windows\system32\SET165.tmp
c:\windows\system32\SET17.tmp
c:\windows\system32\SET1E.tmp
c:\windows\system32\SET207.tmp
c:\windows\system32\SET24.tmp
c:\windows\system32\SET29.tmp
c:\windows\system32\SET2C.tmp
c:\windows\system32\SET30.tmp
c:\windows\system32\SET3C.tmp
c:\windows\system32\SET4.tmp
c:\windows\system32\SETA67.tmp
c:\windows\system32\SETA68.tmp
c:\windows\system32\SETA6C.tmp
c:\windows\system32\SETA6D.tmp
c:\windows\system32\SETA6E.tmp
c:\windows\system32\SETA70.tmp
c:\windows\system32\SETA72.tmp
c:\windows\system32\SETA74.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-09-16 to 2013-10-16 )))))))))))))))))))))))))))))))
.
.
2013-10-16 17:45 . 2013-10-16 17:49 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-16 17:45 . 2013-10-16 17:49 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-10-16 17:45 . 2013-10-16 17:49 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-16 17:12 . 2013-10-16 17:12 -------- d-----w- c:\windows\ERUNT
2013-10-16 16:13 . 2013-10-16 16:30 -------- d-----w- C:\AdwCleaner
2013-10-15 16:19 . 2013-10-16 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2013-10-15 15:14 . 2013-10-15 15:14 -------- d-----w- C:\FRST
2013-10-14 16:34 . 2013-10-14 16:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Threat Expert
2013-10-14 16:34 . 2013-10-14 16:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit Apps
2013-10-14 16:34 . 2013-10-14 16:34 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2013-10-13 20:32 . 2012-07-27 02:02 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2013-10-11 20:37 . 2013-10-11 20:37 17813896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-10-10 15:19 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2013-10-10 15:17 . 2013-07-17 00:58 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2013-10-10 15:17 . 2013-07-17 00:58 46848 -c----w- c:\windows\system32\dllcache\irbus.sys
2013-10-10 15:16 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2013-10-10 15:16 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2013-10-10 15:16 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2013-09-16 18:57 . 2013-09-16 18:57 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-16 17:49 . 2011-06-17 16:52 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-10-16 17:49 . 2010-07-05 00:12 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-10-16 17:49 . 2010-07-05 00:12 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-10-16 17:49 . 2010-07-05 00:12 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-10-16 17:49 . 2010-07-05 00:12 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-10-16 17:49 . 2010-07-05 00:12 43152 ----a-w- c:\windows\avastSS.scr
2013-10-16 17:49 . 2010-07-05 00:12 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-10-14 18:19 . 2010-06-17 04:38 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2013-10-14 18:19 . 2010-06-17 04:38 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2013-10-11 20:37 . 2012-04-07 16:44 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-11 20:37 . 2011-08-09 19:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:33 . 2007-07-27 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:33 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33 . 2007-07-27 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2007-07-27 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-08-29 01:31 . 2007-07-27 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-09 01:56 . 2007-07-27 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2007-07-27 12:00 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2009-09-11 01:38 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2007-07-27 12:00 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-08 14:25 . 2013-08-08 14:26 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-08 14:25 . 2010-04-12 16:48 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-08-08 14:25 . 2013-08-08 14:26 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-05 13:30 . 2007-07-27 12:00 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-07-31 20:11 . 2007-07-27 12:00 810496 ----a-w- c:\windows\system32\wmvdmod.dll
2013-07-19 06:18 . 2013-07-19 06:18 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ------w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\zach\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\zach\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\zach\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\zach\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-19 491840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-12-29 15635896]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2012-12-29 1982312]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"aswAhAScr.dll"="c:\program files\Alwil Software\Avast5\aswRegSvr.exe" [2013-10-14 51880]
"aswasOutExt.dll"="c:\program files\Alwil Software\Avast5\aswRegSvr.exe" [2013-10-14 51880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2013-05-08 08:17 642664 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act! Preloader]
2006-04-06 00:53 1015808 ----a-w- c:\program files\ACT\ACT for Windows\Act8.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTSchedulerUI]
2009-08-26 19:31 638976 ------w- c:\program files\ACT\ACT for Windows\Act.Scheduler.UI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2013-05-08 19:14 44128 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 08:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 09:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-28 02:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2010-02-26 23:43 50520 ----a-w- c:\documents and settings\zach\Application Data\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2009-06-10 13:22 334224 ----a-w- c:\program files\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 04:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-08-20 18:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-11-11 19:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2012-12-29 10:31 1982312 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-08-14 19:08 18702336 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonicWALLNetExtender]
2009-03-25 23:05 710480 ----a-w- c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2013-07-09 17:08 1104384 ----a-w- c:\program files\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 18:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\iCamSource\\iCamSource.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\documents and settings\zach\Application Data\Facebook\facebook.exe"= c:\documents and settings\zach\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Disabled:Facebook
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\zach\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Windows Migration Assistant\\MigrationAssistant.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\ACT\\ACT for Windows\\Act8.exe"=
"c:\\Documents and Settings\\zach\\Application Data\\mjusbsp\\magicJack.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3049:TCP"= 3049:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/16/2010 11:38 PM 218592]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [4/3/2013 11:18 AM 14776]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/17/2011 11:52 AM 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/4/2010 7:12 PM 403440]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [3/12/2013 12:55 PM 574272]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/4/2010 7:12 PM 35656]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [6/16/2010 11:42 PM 112592]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2/6/2012 4:25 PM 13672]
R2 MSSQL$ACT7;MSSQL$ACT7;c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe -sACT7 --> c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe -sACT7 [?]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 4:26 AM 450848]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2/23/2009 4:55 PM 20504]
S0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [10/16/2013 12:45 PM 49944]
S0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [10/16/2013 12:45 PM 178304]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\ACT for Windows\Act.Scheduler.exe [8/26/2009 2:32 PM 53248]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [10/16/2013 12:45 PM 70384]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [1/14/2010 8:51 PM 266240]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [8/26/2009 11:27 PM 472644]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 12:25 AM 25112]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/16/2010 11:38 PM 366840]
S3 SQLAgent$ACT7;SQLAgent$ACT7;c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE -i ACT7 --> c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE -i ACT7 [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [8/5/2010 9:36 AM 11520]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PROCEXP
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 18:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-15 20:09 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 20:37]
.
2013-10-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2013-10-16 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-13 17:49]
.
2013-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd6012f20be5da.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-24 18:48]
.
2013-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce527716cde060.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-24 18:48]
.
2013-10-16 c:\windows\Tasks\SmartDefragUpdate.job
- c:\program files\IObit\Smart Defrag 2\AutoUpdate.exe [2013-04-03 16:06]
.
2013-10-16 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2013-04-03 19:37]
.
.
------- Supplementary Scan -------
.

uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254



FF - ProfilePath - c:\documents and settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default\
FF - ExtSQL: 2013-09-04 10:03; {badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}; c:\documents and settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
FF - ExtSQL: 2013-09-13 08:11; ascsurfingprotection@iobit.com; c:\documents and settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: !HIDDEN! 2009-09-02 12:26; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
Notify-AtiExtEvent - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-16 13:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\.cs\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
.
[HKEY_LOCAL_MACHINE\software\Classes\.xslt\PersistentHandler]
@DACL=(02 0000)
@="{7E9D8D44-6926-426F-AA2B-217A819A5CCE}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\mapi\Shell]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(940)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'lsass.exe'(996)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2013-10-16 13:56:09
ComboFix-quarantined-files.txt 2013-10-16 18:55
.
Pre-Run: 198,232,424,448 bytes free
Post-Run: 199,277,281,280 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
.
- - End Of File - - 2A53AFCBEDE191E674731D6E8956F21C
8F558EB6672622401DA993E1E865C861

 

The only problems other than not being able to run malwarebytes & my antivirus software were that i would get random redirections using Chrome. 

 

I can open malwarebytes & antivirus now. All is running seemingly well. 

Link to post
Share on other sites

  • Staff

Hello atx

If you still are getting the redirects then We need to reset Chrome back to defaults to completely clear out what is going on.

We can keep the bookmarks by exporting them - Export Bookmarks

Then I need you to go Google Sync and sign into your account

scroll down untill you see the "Stop and Clear" button and click on button

At the prompt click on "Ok"

Now we need to uninstall chrome

I want you to uninstall Chrome and if asked about user data or settings then remove this also

restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome

After you have Chrome reinstalled please check things out and let me know how it is doing.

Gringo

Link to post
Share on other sites

  • Staff

Hello atx

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
Link to post
Share on other sites

ComboFix 13-10-16.02 - Zach 10/17/2013 11:08:34.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2960 [GMT -5:00]
Running from: c:\documents and settings\zach\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\zach\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2013-09-17 to 2013-10-17 )))))))))))))))))))))))))))))))
.
.
2013-10-16 19:11 . 2013-10-16 19:11 -------- d-----w- c:\documents and settings\zach\Application Data\AVAST Software
2013-10-16 17:45 . 2013-10-16 17:49 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-16 17:45 . 2013-10-16 17:49 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-10-16 17:45 . 2013-10-16 17:49 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-16 17:12 . 2013-10-16 17:12 -------- d-----w- c:\windows\ERUNT
2013-10-16 16:13 . 2013-10-16 16:30 -------- d-----w- C:\AdwCleaner
2013-10-15 16:19 . 2013-10-16 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2013-10-15 15:14 . 2013-10-15 15:14 -------- d-----w- C:\FRST
2013-10-14 16:34 . 2013-10-14 16:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Threat Expert
2013-10-14 16:34 . 2013-10-14 16:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit Apps
2013-10-14 16:34 . 2013-10-14 16:34 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2013-10-13 20:32 . 2012-07-27 02:02 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2013-10-11 20:37 . 2013-10-11 20:37 17813896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-10-10 15:19 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2013-10-10 15:17 . 2013-07-17 00:58 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2013-10-10 15:17 . 2013-07-17 00:58 46848 -c----w- c:\windows\system32\dllcache\irbus.sys
2013-10-10 15:16 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2013-10-10 15:16 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2013-10-10 15:16 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-16 17:49 . 2011-06-17 16:52 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-10-16 17:49 . 2010-07-05 00:12 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-10-16 17:49 . 2010-07-05 00:12 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-10-16 17:49 . 2010-07-05 00:12 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-10-16 17:49 . 2010-07-05 00:12 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-10-16 17:49 . 2010-07-05 00:12 43152 ----a-w- c:\windows\avastSS.scr
2013-10-16 17:49 . 2010-07-05 00:12 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-10-14 18:19 . 2010-06-17 04:38 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2013-10-14 18:19 . 2010-06-17 04:38 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2013-10-11 20:37 . 2012-04-07 16:44 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-11 20:37 . 2011-08-09 19:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:33 . 2007-07-27 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:33 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33 . 2007-07-27 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2007-07-27 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-08-29 01:31 . 2007-07-27 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-09 01:56 . 2007-07-27 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2007-07-27 12:00 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2009-09-11 01:38 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2007-07-27 12:00 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-08 14:25 . 2013-08-08 14:26 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-08 14:25 . 2010-04-12 16:48 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-08-08 14:25 . 2013-08-08 14:26 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-05 13:30 . 2007-07-27 12:00 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-07-31 20:11 . 2007-07-27 12:00 810496 ----a-w- c:\windows\system32\wmvdmod.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-10-16 17:49 321752 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\zach\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\zach\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\zach\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\zach\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-19 491840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-12-29 15635896]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2012-12-29 1982312]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2013-10-16 3568312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2013-05-08 08:17 642664 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act! Preloader]
2006-04-06 00:53 1015808 ----a-w- c:\program files\ACT\ACT for Windows\Act8.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTSchedulerUI]
2009-08-26 19:31 638976 ------w- c:\program files\ACT\ACT for Windows\Act.Scheduler.UI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2013-05-08 19:14 44128 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 08:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 09:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-28 02:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2010-02-26 23:43 50520 ----a-w- c:\documents and settings\zach\Application Data\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2009-06-10 13:22 334224 ----a-w- c:\program files\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 04:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-08-20 18:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-11-11 19:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2012-12-29 10:31 1982312 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-08-14 19:08 18702336 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonicWALLNetExtender]
2009-03-25 23:05 710480 ----a-w- c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2013-07-09 17:08 1104384 ----a-w- c:\program files\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 18:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\iCamSource\\iCamSource.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\documents and settings\zach\Application Data\Facebook\facebook.exe"= c:\documents and settings\zach\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Disabled:Facebook
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\zach\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Windows Migration Assistant\\MigrationAssistant.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\ACT\\ACT for Windows\\Act8.exe"=
"c:\\Documents and Settings\\zach\\Application Data\\mjusbsp\\magicJack.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3049:TCP"= 3049:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [10/16/2013 12:45 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [10/16/2013 12:45 PM 178304]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/16/2010 11:38 PM 218592]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [4/3/2013 11:18 AM 14776]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/17/2011 11:52 AM 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/4/2010 7:12 PM 403440]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [3/12/2013 12:55 PM 574272]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/4/2010 7:12 PM 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [10/16/2013 12:45 PM 70384]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [6/16/2010 11:42 PM 112592]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2/6/2012 4:25 PM 13672]
R2 MSSQL$ACT7;MSSQL$ACT7;c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe -sACT7 --> c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe -sACT7 [?]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 4:26 AM 450848]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2/23/2009 4:55 PM 20504]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\ACT for Windows\Act.Scheduler.exe [8/26/2009 2:32 PM 53248]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [1/14/2010 8:51 PM 266240]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [8/26/2009 11:27 PM 472644]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 12:25 AM 25112]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/16/2010 11:38 PM 366840]
S3 SQLAgent$ACT7;SQLAgent$ACT7;c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE -i ACT7 --> c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE -i ACT7 [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [8/5/2010 9:36 AM 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 18:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 20:37]
.
2013-10-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2013-10-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-13 17:49]
.
2013-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd6012f20be5da.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-24 18:48]
.
2013-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce527716cde060.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-24 18:48]
.
2013-10-16 c:\windows\Tasks\SmartDefragUpdate.job
- c:\program files\IObit\Smart Defrag 2\AutoUpdate.exe [2013-04-03 16:06]
.
2013-10-16 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2013-04-03 19:37]
.
.
------- Supplementary Scan -------
.

uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254



FF - ProfilePath - c:\documents and settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default\
FF - ExtSQL: 2013-09-04 10:03; {badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}; c:\documents and settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
FF - ExtSQL: 2013-09-13 08:11; ascsurfingprotection@iobit.com; c:\documents and settings\zach\Application Data\Mozilla\Firefox\Profiles\m07w8cxa.default\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: !HIDDEN! 2009-09-02 12:26; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-17 11:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\.cs\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
.
[HKEY_LOCAL_MACHINE\software\Classes\.xslt\PersistentHandler]
@DACL=(02 0000)
@="{7E9D8D44-6926-426F-AA2B-217A819A5CCE}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\mapi\Shell]
@DACL=(02 0000)
@=""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'lsass.exe'(988)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(5208)
c:\windows\system32\WININET.dll
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\documents and settings\zach\Application Data\Dropbox\bin\DropboxExt.19.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2013-10-17 11:24:42
ComboFix-quarantined-files.txt 2013-10-17 16:24
ComboFix2.txt 2013-10-16 18:56
.
Pre-Run: 200,531,632,128 bytes free
Post-Run: 200,587,186,176 bytes free
.
- - End Of File - - 01864A8D6AFC92B4D49CC3203E41766E
8F558EB6672622401DA993E1E865C861

 

Computer appears to be running perfectly. 

Link to post
Share on other sites

  • Staff

Hello atx

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================

    Scan finished

    ==================

and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo

Link to post
Share on other sites

11:45:07.0812 0x0da8 ============================================================
11:45:07.0812 0x0da8 Scan finished
11:45:07.0812 0x0da8 ============================================================
11:45:07.0812 0x07ec Detected object count: 0
11:45:07.0812 0x07ec Actual detected object count: 0
12:04:23.0625 0x0edc Deinitialize success

 

 

 

RogueKiller V8.7.4 [Oct 16 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Zach [Admin rights]
Mode : Remove -- Date : 10/18/2013 12:21:10
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD5000AAKS-65A7B0 +++++
--- User ---
[MBR] cb915decc7c060be75074dbc46599547
[bSP] 6ab81512ed7b103b5f7d01d89b81ec91 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 463453 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 949168395 | Size: 13476 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_10182013_122110.txt >>
RKreport[0]_S_10182013_121228.txt

 

Computer seems good other than slow start up.

 

Link to post
Share on other sites

  • Staff

Hello atx

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo

Link to post
Share on other sites

32 Bit HP CIO Components Installer
ACT!
ACT! Premium 2006
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe AIR
Adobe Color Common Settings
Adobe Community Help
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Setup
Advanced SystemCare 6
Amazon MP3 Downloader 1.0.15
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
avast! Free Antivirus
AviSynth 2.5
Bonjour
Browser Defender 2.0.6.15
CameraHelperMsi
Cisco WebEx Meetings
CompanionLink
Compatibility Pack for the 2007 Office system
CoreAAC
CutePDF Writer 3.0
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
Eraser 5.8.7
erLT
File Scavenger 3.2 (English)
FileZilla Client 3.7.3
GOM Player
GOM Video Converter
Google Earth
Google Gmail Notifier
Hauppauge WinTV2000
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iCamSource
iExplorer 2.2.1.2
InterActual Player
IObit Apps Toolbar v7.6
iTunes
Java 7 Update 25
Java Auto Updater
LAME v3.98.2 for Audacity
LightScribe System Software
LightScribe Template Designs - 9 to 5 Pack 1
LightScribe Template Designs - Art Pack 1
LightScribe Template Designs - Grab Bag Pack 1
LightScribe Template Designs - Street Style Pack 1
LightScribe Template Labeler
Logitech Legacy USB Camera Driver Package
Logitech Webcam Software
Logitech Webcam Software Driver Package
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows Media Video 9 VCM
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MPEG2 Codec(libmpeg2/mad)
MSU Screen Capture Lossless Codec v1.2 (Remove Only)
NVIDIA Control Panel 310.90
NVIDIA Drivers
NVIDIA Graphics Driver 310.90
NVIDIA Install Application
NVIDIA nView 136.53
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Update 1.11.3
NVIDIA Update Components
OGA Notifier 2.0.0048.0
Opera 12.16
PDF Settings CS5
PhotoMapper 6.1
QuickTime
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB2803821)
Security Update for Windows Media Player (KB2845142)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype™ 5.10
Smart Defrag 2
SonicWALL SSL-VPN NetExtender
Spotify
Spybot - Search & Destroy
Spyware Doctor 7.0
StuffIt Expander 2010
System Requirements Lab
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2808679)
Update for Windows XP (KB2863058)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Veetle TV 0.9.17
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Encoder 9 Series
Windows Migration Assistant
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver

Link to post
Share on other sites

  • Staff

Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

  • Programs to remove
    • Java 7 Update 25

Please download and install Revo Uninstaller Free

  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close
Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner

    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. default settings are fine
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.21.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Zach :: ZACH [administrator]

10/21/2013 11:22:08 AM
mbam-log-2013-10-21 (11-22-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 300057
Time elapsed: 16 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:43:40 AM, on 10/21/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRAM FILES\ADOBE\ACROBAT 9.0\ACROBAT\ACROTRAY.EXE
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\zach\Local Settings\Application Data\Opera\Opera\temporary_downloads\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\zach\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.digitalmapcentral.com/MemberPages/Login.aspx?ReturnUrl=%2fAccount%2fmcalisterco.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~4\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe










O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} (HP Product Detection Control) - https://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
O16 - DPF: {57B16FC0-47A0-475E-8320-C40F375BB72C} (Metrostudy.SecurityMonitor) - http://metrostudy.com/corpwebsite/SecurityMonitor.CAB
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251269172515
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://mcalister.network-outfitters.com:444/NELX.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mcalisterco.webex.com/client/T27LB/webex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networksolutionsemailpopwizard.com/TrueSwitchEC.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = McAlisterCo.local
O17 - HKLM\Software\..\Telephony: DomainName = McAlisterCo.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = McAlisterCo.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = McAlisterCo.local
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\acaptuser32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ACT! Scheduler - Sage Software SB, Inc - c:\program files\act\act for windows\act.scheduler.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 15004 bytes

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:43:40 AM, on 10/21/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRAM FILES\ADOBE\ACROBAT 9.0\ACROBAT\ACROTRAY.EXE
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\zach\Local Settings\Application Data\Opera\Opera\temporary_downloads\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\zach\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.digitalmapcentral.com/MemberPages/Login.aspx?ReturnUrl=%2fAccount%2fmcalisterco.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~4\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe










O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} (HP Product Detection Control) - https://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
O16 - DPF: {57B16FC0-47A0-475E-8320-C40F375BB72C} (Metrostudy.SecurityMonitor) - http://metrostudy.com/corpwebsite/SecurityMonitor.CAB
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251269172515
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://mcalister.network-outfitters.com:444/NELX.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mcalisterco.webex.com/client/T27LB/webex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networksolutionsemailpopwizard.com/TrueSwitchEC.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = McAlisterCo.local
O17 - HKLM\Software\..\Telephony: DomainName = McAlisterCo.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = McAlisterCo.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = McAlisterCo.local
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\acaptuser32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ACT! Scheduler - Sage Software SB, Inc - c:\program files\act\act for windows\act.scheduler.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 15004 bytes

 

Computer is running well now. 

Link to post
Share on other sites

  • Staff

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional

These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):
    • O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

      O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install

      O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

      O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    • NOTE**You can research each of those lines >here< and see if you want to keep them or not

      just copy the name between the brackets and paste into the search space

      O4 - HKLM\..\Run: [IntelliPoint]

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here
Gringo
Link to post
Share on other sites

C:\AdwCleaner\Quarantine\C\Program Files\Common Files\spigot\Search Settings\SearchSettings.exe.vir a variant of Win32/Toolbar.Widgi application

C:\AdwCleaner\Quarantine\C\Program Files\Common Files\spigot\Search Settings\SearchSettings64.exe.vir a variant of Win64/Toolbar.Widgi.A application

C:\AdwCleaner\Quarantine\C\Program Files\IObit Apps Toolbar\FF\components\iobitappsToolbarFF.dll.vir a variant of Win32/Toolbar.Widgi application

C:\AdwCleaner\Quarantine\C\Program Files\IObit Apps Toolbar\IE\7.6\iobitappsToolbarIE.dll.vir a variant of Win32/Toolbar.Widgi application

C:\Documents and Settings\zach\My Documents\Downloads\Setup-SopCast-3.4.0-2011-6-9.exe a variant of Win32/Bundled.Toolbar.Ask application

C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP348\A0091720.rbf a variant of Win32/Toolbar.Widgi application

C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP348\A0091723.rbf a variant of Win32/Toolbar.Widgi application

C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP348\A0091734.rbf a variant of Win64/Toolbar.Widgi.A application

C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP348\A0091737.rbf a variant of Win32/Toolbar.Widgi application

C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP349\A0092998.rbf a variant of Win32/Toolbar.Widgi application

C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP349\A0093000.rbf a variant of Win32/Toolbar.Widgi application

C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP349\A0093011.rbf a variant of Win64/Toolbar.Widgi.A application

C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP358\A0095833.exe a variant of Win32/Bundled.Toolbar.Ask.D application

C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP368\A0099984.rbf a variant of Win32/Toolbar.Widgi application

C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP368\A0099986.rbf a variant of Win32/Toolbar.Widgi application

C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP368\A0099997.rbf a variant of Win64/Toolbar.Widgi.A application

C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP374\A0101917.dll a variant of Win32/Toolbar.Widgi application

C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP376\A0102470.exe a variant of Win32/Toolbar.Widgi application

C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP376\A0102479.exe a variant of Win64/Toolbar.Widgi.A application

C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP387\A0107685.dll a variant of Win32/Toolbar.Widgi application

C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP387\A0107688.dll a variant of Win32/Toolbar.Widgi application

C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP387\A0107689.exe a variant of Win32/Toolbar.Widgi application

C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP387\A0107690.exe a variant of Win64/Toolbar.Widgi.A application

C:\System Volume Information\_restore{FE05B2A2-4F1D-4B19-9D82-687D965B64F0}\RP393\A0111712.exe Win32/OpenCandy application

Link to post
Share on other sites

  • Staff

Hello atx

There are some minor things in your online scan that should be removed.

delete files

  • Copy all text in the code box (below)...to Notepad.

    @echo offrd /s /q "C:\AdwCleaner\"del %0
  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"

    It should look like this: batfileicon.gif<--XPvista_bat_icon.png<--vista

  • Double click on delfile.bat to execute it.

    A black CMD window will flash, then disappear...this is normal.

  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.
The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

:Why we need to remove some of our tools:

  • Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.

    They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

    The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK.
    Your Emulation drivers are now re-enabled.
:Uninstall ComboFix:
  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • CF-Uninstall.png
:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

  • Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

    CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

    Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is

    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

As Java seems to get exploited on a daily basis I advise to disable java in your web browsers - How to disable java in your web browsers - Disable Java

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

Here is some more reading for you from some of my collegesquoted from Tech Support Forum

Conclusion

There is no such thing as 'perfect security'. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Gringo

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.