Hijack.shell 32 won't remove with Malwarebytes anit Malware

mule47 · October 24, 2013

I have the free version which I downloaded when I suspected some malware about 10 days ago. It seems to have cleaned everything except hijack.shell 32. When I run a scan it shows only that one issue. I click remove item but it is there on the next scan, even if I scan again immediately.

Here is the most recent scan log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.24.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Alan :: AKEITH [administrator]

10/24/2013 3:40:27 PM
mbam-log-2013-10-24 (15-40-27).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32| (Hijack.SHELL32) -> Bad: (\\?\globalroot\Device\HarddiskVolume1\DOCUME~1\Alan\LOCALS~1\Temp\svpretx\skorapq\wow.dll) Good: (SHELL32.dll) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

HERE IS THE DDS.TXT LOG:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Alan at 16:02:37 on 2013-10-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.1955 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
C:\Program Files\WordPerfect Office 11\Programs\wpwin11.exe
C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\program files\google\chrome\application\30.0.1599.101\npchrome_frame.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [synchronization Manager] c:\windows\system32\mobsync.exe /logon
mRun: [setRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [QuickFinder Scheduler] "c:\program files\wordperfect office 11\programs\QFSCHD110.EXE"
mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Reader Application Helper] c:\program files\sony\readerdesktop\apphelper\ReaderAppHelper.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
StartupFolder: c:\docume~1\alan\startm~1\programs\startup\epsons~1.lnk - e:\common\epsonreg\gts50\Ereg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-ba7e-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

TCP: Interfaces\{2179F4EC-3C69-4F25-8999-09D25468B4CA} : NameServer = 192.168.1.254
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome\application\30.0.1599.101\npchrome_frame.dll
Notify: LMIinit - LMIinit.dll
Notify: NavLogon - <no file>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 211560]
R1 MpKsl7106d4e2;MpKsl7106d4e2;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{732dc12e-e9b3-4439-9939-382da464e7b2}\MpKsl7106d4e2.sys [2013-10-24 40392]
R1 oxpar;%OXPAR.SVCDESC%;c:\windows\system32\drivers\oxpar.sys [2007-1-24 80128]
R2 APC Data Service;APC Data Service;c:\program files\apc\apc powerchute personal edition\dataserv.exe [2010-9-14 21880]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-30 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-3-16 47640]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-4-23 540184]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R3 oxmf;OXPCI Bus enumerator;c:\windows\system32\drivers\oxmf.sys [2007-1-24 21888]
R3 Oxmfuf;Filter driver for OX16PCI95x ports;c:\windows\system32\drivers\oxmfuf.sys [2007-1-24 5888]
R3 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [2007-1-24 70784]
RUnknown MpKsl887352f2;MpKsl887352f2; [x]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2012-2-10 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2012-2-10 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2012-2-10 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2012-2-10 25088]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== File Associations ===============
.
ShellExec: pdfvista.exe: Open="c:\program files\pdf complete\pdfvista.exe"
ShellExec: pdfvista.exe: Read="c:\program files\pdf complete\pdfvista.exe"
.
=============== Created Last 30 ================
.
2013-10-24 06:52:24 62576 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{732dc12e-e9b3-4439-9939-382da464e7b2}\offreg.dll
2013-10-24 06:52:22 40392 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{732dc12e-e9b3-4439-9939-382da464e7b2}\MpKsl7106d4e2.sys
2013-10-24 06:50:07 7796464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{732dc12e-e9b3-4439-9939-382da464e7b2}\mpengine.dll
2013-10-23 21:10:42 7796464 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-10-19 15:06:26 -------- d-----w- c:\program files\common files\Sony Shared
2013-10-11 06:59:44 25088 ------w- c:\windows\system32\dllcache\hidparse.sys
2013-10-11 06:58:03 60160 ------w- c:\windows\system32\dllcache\usbaudio.sys
2013-10-11 06:58:03 46848 ------w- c:\windows\system32\dllcache\irbus.sys
2013-10-11 06:58:03 123008 ------w- c:\windows\system32\dllcache\usbvideo.sys
2013-10-11 06:57:09 5376 ------w- c:\windows\system32\dllcache\usbd.sys
2013-10-11 06:57:09 30336 ------w- c:\windows\system32\dllcache\usbehci.sys
2013-10-11 06:57:09 144128 ------w- c:\windows\system32\dllcache\usbport.sys
2013-10-10 21:29:22 -------- d-----w- c:\windows\system32\CatRoot2
2013-10-10 21:27:17 -------- d-----w- c:\documents and settings\all users\application data\Geek Squad
2013-10-10 21:26:08 -------- d-----w- C:\dataperk
2013-10-10 20:41:46 -------- d-----w- c:\program files\CCleaner
2013-10-10 17:25:57 -------- d-----w- c:\documents and settings\alan\application data\Malwarebytes
2013-10-10 16:47:29 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-10-10 16:47:27 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-10 16:47:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-08 20:44:15 3038 ----a-w- C:\fix_svchost.bat
2013-10-08 19:41:17 -------- d-----w- c:\windows\pss
2013-10-08 02:02:20 -------- d-----w- c:\program files\Conduit
2013-10-08 02:02:14 -------- d-----w- c:\documents and settings\all users\application data\Conduit
2013-10-08 02:02:11 -------- d-----w- c:\documents and settings\alan\local settings\application data\Conduit
2013-10-08 02:01:25 -------- d-----w- c:\windows\system32\WNLT
2013-10-08 02:00:13 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
.
==================== Find3M ====================
.
2013-10-09 04:21:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 04:21:58 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-23 18:33:58 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:33:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06:48 385024 ----a-w- c:\windows\system32\html.iec
2013-09-10 19:49:30 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe
2013-09-10 19:48:34 2805232 ----a-w- C:\fix_svchost_bat_download.exe
2013-09-10 19:42:11 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55:07 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55:06 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 19:18:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
============= FINISH: 16:03:42.77 ===============

HERE IS THE ATTACH.TXT LOG:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/30/2009 2:24:32 PM
System Uptime: 10/11/2013 3:26:28 AM (325 hours ago)
.
Motherboard: ASUSTek Computer INC. | | 2A72
Processor: AMD Athlon Processor 1640B | Socket AM2 | 2712/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 40.93 GiB free.
E: is CDROM ()
F: is NetworkDisk (NTFS) - 457 GiB total, 452.896 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: Printer Port
Device ID: ROOT\PORTS\0000
Manufacturer: (Standard port types)
Name: Printer Port (LPT2)
PNP Device ID: ROOT\PORTS\0000
Service: Parport
.
==== System Restore Points ===================
.
RP2665: 9/9/2013 9:18:32 AM - Software Distribution Service 3.0
RP2666: 9/10/2013 1:51:47 AM - Software Distribution Service 3.0
RP2667: 9/10/2013 3:00:15 AM - Software Distribution Service 3.0
RP2668: 9/10/2013 9:19:20 AM - Software Distribution Service 3.0
RP2669: 9/10/2013 12:49:58 PM - Software Distribution Service 3.0
RP2670: 9/11/2013 2:01:55 AM - Software Distribution Service 3.0
RP2671: 9/11/2013 3:00:24 AM - Software Distribution Service 3.0
RP2672: 9/12/2013 1:53:16 AM - Software Distribution Service 3.0
RP2673: 9/12/2013 3:00:18 AM - Software Distribution Service 3.0
RP2674: 9/12/2013 3:36:49 AM - Software Distribution Service 3.0
RP2675: 9/13/2013 1:53:38 AM - Software Distribution Service 3.0
RP2676: 9/13/2013 3:00:18 AM - Software Distribution Service 3.0
RP2677: 9/13/2013 3:36:42 AM - Software Distribution Service 3.0
RP2678: 9/14/2013 1:53:50 AM - Software Distribution Service 3.0
RP2679: 9/14/2013 3:00:17 AM - Software Distribution Service 3.0
RP2680: 9/15/2013 1:53:51 AM - Software Distribution Service 3.0
RP2681: 9/16/2013 1:53:46 AM - Software Distribution Service 3.0
RP2682: 9/16/2013 3:37:29 AM - Software Distribution Service 3.0
RP2683: 9/17/2013 1:53:58 AM - Software Distribution Service 3.0
RP2684: 9/17/2013 3:37:22 AM - Software Distribution Service 3.0
RP2685: 9/18/2013 1:53:06 AM - Software Distribution Service 3.0
RP2686: 9/18/2013 3:00:15 AM - Software Distribution Service 3.0
RP2687: 9/18/2013 3:39:17 AM - Software Distribution Service 3.0
RP2688: 9/19/2013 1:53:45 AM - Software Distribution Service 3.0
RP2689: 9/19/2013 3:00:15 AM - Software Distribution Service 3.0
RP2690: 9/19/2013 3:37:34 AM - Software Distribution Service 3.0
RP2691: 9/20/2013 1:53:14 AM - Software Distribution Service 3.0
RP2692: 9/20/2013 3:00:15 AM - Software Distribution Service 3.0
RP2693: 9/20/2013 3:36:56 AM - Software Distribution Service 3.0
RP2694: 9/21/2013 1:52:47 AM - Software Distribution Service 3.0
RP2695: 9/21/2013 3:00:16 AM - Software Distribution Service 3.0
RP2696: 9/21/2013 3:37:01 AM - Software Distribution Service 3.0
RP2697: 9/22/2013 1:53:06 AM - Software Distribution Service 3.0
RP2698: 9/22/2013 3:00:15 AM - Software Distribution Service 3.0
RP2699: 9/22/2013 3:37:40 AM - Software Distribution Service 3.0
RP2700: 9/23/2013 1:53:17 AM - Software Distribution Service 3.0
RP2701: 9/23/2013 3:00:15 AM - Software Distribution Service 3.0
RP2702: 9/23/2013 3:37:38 AM - Software Distribution Service 3.0
RP2703: 9/24/2013 1:53:54 AM - Software Distribution Service 3.0
RP2704: 9/24/2013 3:00:15 AM - Software Distribution Service 3.0
RP2705: 9/24/2013 3:37:35 AM - Software Distribution Service 3.0
RP2706: 9/25/2013 1:53:19 AM - Software Distribution Service 3.0
RP2707: 9/25/2013 3:00:16 AM - Software Distribution Service 3.0
RP2708: 9/25/2013 3:36:56 AM - Software Distribution Service 3.0
RP2709: 9/26/2013 1:53:50 AM - Software Distribution Service 3.0
RP2710: 9/26/2013 3:00:15 AM - Software Distribution Service 3.0
RP2711: 9/26/2013 3:37:50 AM - Software Distribution Service 3.0
RP2712: 9/26/2013 8:16:48 AM - Software Distribution Service 3.0
RP2713: 9/27/2013 1:37:33 AM - Software Distribution Service 3.0
RP2714: 9/27/2013 3:00:15 AM - Software Distribution Service 3.0
RP2715: 9/27/2013 8:34:28 AM - Software Distribution Service 3.0
RP2716: 9/28/2013 1:37:07 AM - Software Distribution Service 3.0
RP2717: 9/28/2013 3:00:16 AM - Software Distribution Service 3.0
RP2718: 9/28/2013 8:34:27 AM - Software Distribution Service 3.0
RP2719: 9/29/2013 1:37:42 AM - Software Distribution Service 3.0
RP2720: 9/29/2013 3:00:15 AM - Software Distribution Service 3.0
RP2721: 9/29/2013 8:34:27 AM - Software Distribution Service 3.0
RP2722: 9/30/2013 1:37:52 AM - Software Distribution Service 3.0
RP2723: 9/30/2013 3:00:16 AM - Software Distribution Service 3.0
RP2724: 9/30/2013 8:34:28 AM - Software Distribution Service 3.0
RP2725: 10/1/2013 1:37:19 AM - Software Distribution Service 3.0
RP2726: 10/1/2013 3:00:20 AM - Software Distribution Service 3.0
RP2727: 10/1/2013 8:34:50 AM - Software Distribution Service 3.0
RP2728: 10/2/2013 1:37:43 AM - Software Distribution Service 3.0
RP2729: 10/2/2013 3:00:15 AM - Software Distribution Service 3.0
RP2730: 10/2/2013 8:34:38 AM - Software Distribution Service 3.0
RP2731: 10/3/2013 1:38:05 AM - Software Distribution Service 3.0
RP2732: 10/3/2013 3:00:15 AM - Software Distribution Service 3.0
RP2733: 10/3/2013 8:36:20 AM - Software Distribution Service 3.0
RP2734: 10/4/2013 1:37:35 AM - Software Distribution Service 3.0
RP2735: 10/4/2013 3:00:16 AM - Software Distribution Service 3.0
RP2736: 10/4/2013 8:35:42 AM - Software Distribution Service 3.0
RP2737: 10/5/2013 1:37:18 AM - Software Distribution Service 3.0
RP2738: 10/5/2013 3:00:16 AM - Software Distribution Service 3.0
RP2739: 10/5/2013 8:34:51 AM - Software Distribution Service 3.0
RP2740: 10/6/2013 1:37:34 AM - Software Distribution Service 3.0
RP2741: 10/6/2013 3:00:15 AM - Software Distribution Service 3.0
RP2742: 10/6/2013 8:34:46 AM - Software Distribution Service 3.0
RP2743: 10/7/2013 1:37:40 AM - Software Distribution Service 3.0
RP2744: 10/7/2013 3:00:15 AM - Software Distribution Service 3.0
RP2745: 10/7/2013 8:34:52 AM - Software Distribution Service 3.0
RP2746: 10/7/2013 9:04:22 AM - Software Distribution Service 3.0
RP2747: 10/8/2013 2:01:21 AM - Software Distribution Service 3.0
RP2748: 10/8/2013 3:00:15 AM - Software Distribution Service 3.0
RP2749: 10/8/2013 9:21:17 AM - Software Distribution Service 3.0
RP2750: 10/8/2013 2:09:58 PM - Printer Driver Adobe PDF Converter Installed
RP2751: 10/10/2013 5:11:09 PM - System Checkpoint
.
==== Installed Programs ======================
.
2007 Microsoft Office system
32 Bit HP CIO Components Installer
ABBYY FineReader 6.0 Sprint
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat 7.0 Standard - English, Français, Deutsch
Adobe Acrobat 7.1.0 Standard - English, Français, Deutsch
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.03)
Advertising Center
AMD Processor Driver
APC PowerChute Personal Edition 3.0
ATT-PRT22
Business Contact Manager for Outlook 2007 SP2
CCleaner
Corel WinDVD 2010
DocMaster 4.4
Dual-Core Optimizer
DVDFab 8.2.2.6 (25/12/2012) Qt
Easy HUD 5.0
Epson Copy Utility 3.5
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON Scan PDF EXtensions
EPSON WorkForce 520 Series Printer Uninstall
Google Chrome Frame
Google Quick Search Box
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HpSdpAppCoreApp
HPSSupply
InterVideo Register Manager
InterVideo WinDVD
ISIS Drivers
Java 6 Update 2
LG SP USB Driver
LG United Mobile Driver
LG USB WML Modem Driver
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft RichCopy 4.0
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Move Media Player
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Nero BackItUp
Nero BackItUp 4 Essentials
Nero ControlCenter
Nero Installer
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PDF Complete
Presto! BizCard 5
Quicken Basic 99
Quicken Startup Removal Tool [1]
R-Viewer.1.6.3768
Reader for PC
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
SwiftView Viewer
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB960763)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Office 11
WorkForce Pro GT-S50 Scanner Driver Update
Xvid 1.2.2 final uninstall
.
==== End Of File ===========================

MrCharlie · October 24, 2013

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

mule47 · October 25, 2013

Here is the Roguekiller report:

RogueKiller V8.7.5 [Oct 22 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Alan [Admin rights]
Mode : Scan -- Date : 10/24/2013 21:21:23
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][sUSP PATH] HKCR\[...]\InprocServer32 : (\\?\globalroot\Device\HarddiskVolume1\DOCUME~1\Alan\LOCALS~1\Temp\svpretx\skorapq\wow.dll [-]) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[inline] EAT @iexplore.exe (?_dwLastCheckMoment@CGlobalPropFileRefresher@@0KA) : query.dll -> HOOKED (Unknown @ 0x7DF444B9)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST380815AS +++++
--- User ---
[MBR] 41ee62e4c5d214a43e5eb6a0dffbc56e
[bSP] d5602b5d32682a40c793a0625fb15ae7 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76300 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_10242013_212123.txt >>

MrCharlie · October 25, 2013

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

mule47 · October 25, 2013

Here is first.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2013 01
Ran by Alan (administrator) on AKEITH on 24-10-2013 21:52:21
Running from C:\Documents and Settings\Alan\Desktop\Farbar
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(American Power Conversion Corporation) C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\RaMaint.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Prolific Technology Inc.) C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(American Power Conversion Corporation) C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsty.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(American Power Conversion Corporation) C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
(Sony Corporation) C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [LogMeIn GUI] - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2008-08-11] (LogMeIn, Inc.)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [synchronization Manager] - C:\Windows\system32\mobsync.exe [143360 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [setRefresh] - C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [525824 2003-11-20] (Hewlett-Packard Company)
HKLM\...\Run: [QuickFinder Scheduler] - C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE [77887 2005-02-14] (Novell, Inc., c/o Corel Corporation Limited)
HKLM\...\Run: [PDF Complete] - C:\Program Files\PDF Complete\pdfsty.exe [331288 2007-08-07] (PDF Complete Inc)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Reader Application Helper] - C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2013-06-25] (Sony Corporation)
Winlogon\Notify\LMIinit: C:\Windows\system32\LMIinit.dll (LogMeIn, Inc.)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-01-31] (Google Inc.)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume1\DOCUME~1\Alan\LOCALS~1\Temp\svpretx\skorapq\wow.dll ATTENTION! ====> ZeroAccess/Alureon?
MountPoints2: {15f20915-ef0c-11dd-8e97-806d6172696f} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
Startup: C:\Documents and Settings\Alan\Start Menu\Programs\Startup\Epson scanner Registration.lnk
ShortcutTarget: Epson scanner Registration.lnk -> E:\Common\EpsonReg\GTS50\Ereg.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\WINDOWS\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiderinsider.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.tiderinsider.com/
SearchScopes: HKLM - DefaultScope {2709BD69-DA30-45E2-8CB3-110C976A55DD} URL =
SearchScopes: HKLM - {F291F624-EA14-4038-B859-6348B2EDA03C} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1091&query={searchTerms}&invocationType=tb50hpcmdtie7-en-us
SearchScopes: HKCU - DefaultScope {2709BD69-DA30-45E2-8CB3-110C976A55DD} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3314312&CUI=UN91848698717510280&UM=2
SearchScopes: HKCU - {2709BD69-DA30-45E2-8CB3-110C976A55DD} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3314312&CUI=UN91848698717510280&UM=2
SearchScopes: HKCU - {3987350F-7CA7-4631-9193-6B71E4AF8DD2} URL = http://isearch.shopathome.com?user_id={5744CDB0-4C25-4756-BD13-034A857D3545}&q={searchTerms}
SearchScopes: HKCU - {48639E64-816C-1E71-A11F-AF2D7041DC94} URL = http://www.bing.com/search?q={searchTerms}&pc=Z013&form=ZGAIDF
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome\Application\30.0.1599.101\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} https://loandocs.swiftsend.com/RedirectHTTP.html?url=http%3A%2F%2Fproducts.swiftview.com%2Finstall.html%3Fid%3Dsv8%2F3_IN_1_CAB%26ctx%3D%26ref%3D
DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F127} https://secure.elynx.net/viewer/installers/svinstall_t_zhp_ss.exe
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=724
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\30.0.1599.101\npchrome_frame.dll (Google Inc.)
Tcpip\..\Interfaces\{2179F4EC-3C69-4F25-8999-09D25468B4CA}: [NameServer]192.168.1.254

========================== Services (Whitelisted) =================

R2 APC Data Service; C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe [21880 2010-09-14] (American Power Conversion Corporation)
R2 APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [705912 2010-09-14] (American Power Conversion Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [540184 2007-08-07] (PDF Complete Inc)
R2 PLFlash DeviceIoControl Service; C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe [81920 2008-09-24] (Prolific Technology Inc.)

==================== Drivers (Whitelisted) ====================

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-07-02] (Advanced Micro Devices)
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2010-12-07] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2010-12-07] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2010-12-07] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2010-12-07] (LG Electronics Inc.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2008-01-24] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2008-01-24] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2008-01-24] (HP)
S3 i81x; C:\Windows\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel® Corporation)
S3 iAimFP0; C:\Windows\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel® Corporation)
S3 iAimFP1; C:\Windows\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel® Corporation)
S3 iAimFP2; C:\Windows\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel® Corporation)
S3 iAimFP3; C:\Windows\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel® Corporation)
S3 iAimFP4; C:\Windows\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel® Corporation)
S3 iAimFP5; C:\Windows\System32\DRIVERS\wADV07nt.sys [11807 2004-08-03] (Intel® Corporation)
S3 iAimFP6; C:\Windows\System32\DRIVERS\wADV08nt.sys [11295 2004-08-03] (Intel® Corporation)
S3 iAimFP7; C:\Windows\System32\DRIVERS\wADV09nt.sys [11871 2004-08-03] (Intel® Corporation)
S3 iAimTV0; C:\Windows\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel® Corporation)
S3 iAimTV1; C:\Windows\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel® Corporation)
S3 iAimTV3; C:\Windows\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel® Corporation)
S3 iAimTV4; C:\Windows\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel® Corporation)
S3 iAimTV5; C:\Windows\System32\DRIVERS\wATV10nt.sys [25471 2004-08-03] (Intel® Corporation)
S3 iAimTV6; C:\Windows\System32\DRIVERS\wATV06nt.sys [22271 2004-08-03] (Intel® Corporation)
R2 LMIInfo; C:\Program Files\LogMeIn\x86\RaInfo.sys [13624 2013-05-28] (LogMeIn, Inc.)
R2 LMIRfsDriver; C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [47640 2008-08-11] (LogMeIn, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R1 MpKsl7106d4e2; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{732DC12E-E9B3-4439-9939-382DA464E7B2}\MpKsl7106d4e2.sys [40392 2013-10-24] (Microsoft Corporation)
S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA))
R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [54400 2007-07-30] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [22016 2007-07-30] (NVIDIA Corporation)
R3 oxmf; C:\Windows\System32\DRIVERS\oxmf.sys [21888 2007-01-24] (OEM)
R3 Oxmfuf; C:\Windows\System32\DRIVERS\oxmfuf.sys [5888 2007-01-24] (OEM)
R1 oxpar; C:\Windows\System32\DRIVERS\oxpar.sys [80128 2007-01-24] (OEM)
R3 oxser; C:\Windows\System32\DRIVERS\oxser.sys [70784 2007-01-24] (OEM)
S1 P3; C:\Windows\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
S4 Symmpi; C:\Windows\system32\DRIVERS\symmpi.sys [28416 2002-04-04] (LSI Logic)
S0 Lbd; system32\DRIVERS\Lbd.sys [x]
S4 LMIRfsClientNP; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;
U3 mbr; \??\C:\DOCUME~1\Alan\LOCALS~1\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-24 21:52 - 2013-10-24 21:52 - 00000000 ____D C:\FRST
2013-10-24 21:51 - 2013-10-24 21:51 - 00000000 ____D C:\Documents and Settings\Alan\Desktop\Farbar
2013-10-24 21:21 - 2013-10-24 21:21 - 00001621 _____ C:\Documents and Settings\Alan\Desktop\RKreport[0]_S_10242013_212123.txt
2013-10-24 16:44 - 2013-10-24 21:24 - 00000000 ____D C:\Documents and Settings\Alan\Desktop\RK_Quarantine
2013-10-24 16:03 - 2013-10-24 16:04 - 00027122 _____ C:\Documents and Settings\Alan\Desktop\attach.txt
2013-10-24 16:03 - 2013-10-24 16:04 - 00016149 _____ C:\Documents and Settings\Alan\Desktop\dds.txt
2013-10-24 16:02 - 2013-10-24 16:02 - 00688992 ____R (Swearware) C:\Documents and Settings\Alan\Desktop\dds.scr
2013-10-19 10:06 - 2013-10-19 10:06 - 00001790 _____ C:\Documents and Settings\All Users\Desktop\Reader for PC.lnk
2013-10-19 10:06 - 2013-10-19 10:06 - 00000000 ____D C:\Program Files\Common Files\Sony Shared
2013-10-19 10:06 - 2013-10-19 10:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Reader for PC
2013-10-11 03:07 - 2013-10-11 03:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-11 03:06 - 2013-10-11 03:07 - 00140695 _____ C:\WINDOWS\KB2862335.log
2013-10-11 03:06 - 2013-10-11 03:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-11 03:04 - 2013-10-11 03:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-11 03:03 - 2013-10-11 03:04 - 00021197 _____ C:\WINDOWS\KB2868038.log
2013-10-11 03:02 - 2013-10-11 03:07 - 00039662 _____ C:\WINDOWS\iis6.log
2013-10-11 03:02 - 2013-10-11 03:07 - 00037097 _____ C:\WINDOWS\FaxSetup.log
2013-10-11 03:02 - 2013-10-11 03:07 - 00017736 _____ C:\WINDOWS\ocgen.log
2013-10-11 03:02 - 2013-10-11 03:07 - 00016920 _____ C:\WINDOWS\tsoc.log
2013-10-11 03:02 - 2013-10-11 03:07 - 00012098 _____ C:\WINDOWS\comsetup.log
2013-10-11 03:02 - 2013-10-11 03:07 - 00011182 _____ C:\WINDOWS\msmqinst.log
2013-10-11 03:02 - 2013-10-11 03:07 - 00007344 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-11 03:02 - 2013-10-11 03:07 - 00006498 _____ C:\WINDOWS\netfxocm.log
2013-10-11 03:02 - 2013-10-11 03:07 - 00003411 _____ C:\WINDOWS\updspapi.log
2013-10-11 03:02 - 2013-10-11 03:07 - 00002550 _____ C:\WINDOWS\MedCtrOC.log
2013-10-11 03:02 - 2013-10-11 03:07 - 00002052 _____ C:\WINDOWS\ocmsn.log
2013-10-11 03:02 - 2013-10-11 03:07 - 00001866 _____ C:\WINDOWS\tabletoc.log
2013-10-11 03:02 - 2013-10-11 03:07 - 00001854 _____ C:\WINDOWS\msgsocm.log
2013-10-11 03:02 - 2013-10-11 03:07 - 00001393 _____ C:\WINDOWS\imsins.log
2013-10-11 03:02 - 2013-10-11 03:07 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-10-11 03:02 - 2013-10-11 03:02 - 00022687 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-11 03:02 - 2013-10-11 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-11 03:02 - 2013-10-11 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-11 03:02 - 2013-10-11 03:02 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-10-11 03:02 - 2013-10-11 03:02 - 00000000 _____ C:\WINDOWS\setupact.log
2013-10-11 03:00 - 2013-10-24 13:56 - 00013907 _____ C:\WINDOWS\setupapi.log
2013-10-11 02:00 - 2013-10-11 03:07 - 00155718 _____ C:\WINDOWS\KB2847311.log
2013-10-11 01:59 - 2013-07-02 21:12 - 00025088 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-10-11 01:58 - 2013-07-16 19:58 - 00123008 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-10-11 01:58 - 2013-07-16 19:58 - 00060160 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2013-10-11 01:58 - 2013-07-16 19:58 - 00046848 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2013-10-11 01:57 - 2013-08-08 19:55 - 00144128 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2013-10-11 01:57 - 2013-08-08 19:55 - 00005376 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2013-10-11 01:57 - 2009-03-18 06:02 - 00030336 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2013-10-10 16:27 - 2013-10-10 16:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Geek Squad
2013-10-10 16:26 - 2013-10-10 16:36 - 00000000 ____D C:\dataperk
2013-10-10 15:42 - 2013-10-10 15:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2013-10-10 15:41 - 2013-10-10 15:45 - 00000000 ____D C:\Program Files\CCleaner
2013-10-10 12:25 - 2013-10-10 12:25 - 00000000 ____D C:\Documents and Settings\Alan\Application Data\Malwarebytes
2013-10-10 11:47 - 2013-10-10 11:47 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-10 11:47 - 2013-10-10 11:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-10 11:47 - 2013-10-10 11:47 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-10 11:47 - 2013-10-10 11:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-10 11:47 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-10-09 03:10 - 2013-10-24 01:49 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-10-08 16:04 - 2013-10-08 16:05 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2013-10-08 16:04 - 2013-10-08 16:04 - 00001734 _____ C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2013-10-08 15:44 - 2013-10-08 15:44 - 00003038 _____ C:\fix_svchost.bat
2013-10-08 14:41 - 2013-10-08 14:44 - 00000000 ____D C:\WINDOWS\pss
2013-10-07 21:04 - 2013-10-07 21:04 - 00000000 ____D C:\Documents and Settings\Alan\Start Menu\Programs\WordOv
2013-10-07 21:02 - 2013-10-10 15:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Conduit
2013-10-07 21:02 - 2013-10-07 21:19 - 00000000 ____D C:\Documents and Settings\Alan\Local Settings\Application Data\Conduit
2013-10-07 21:02 - 2013-10-07 21:02 - 00000000 ____D C:\Program Files\Conduit
2013-10-07 21:01 - 2013-10-08 14:13 - 00000000 ____D C:\WINDOWS\system32\WNLT
2013-10-07 21:01 - 2013-10-07 21:03 - 00000000 _____ C:\END

==================== One Month Modified Files and Folders =======

2013-10-24 21:52 - 2013-10-24 21:52 - 00000000 ____D C:\FRST
2013-10-24 21:52 - 2010-02-05 17:07 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-24 21:51 - 2013-10-24 21:51 - 00000000 ____D C:\Documents and Settings\Alan\Desktop\Farbar
2013-10-24 21:24 - 2013-10-24 16:44 - 00000000 ____D C:\Documents and Settings\Alan\Desktop\RK_Quarantine
2013-10-24 21:21 - 2013-10-24 21:21 - 00001621 _____ C:\Documents and Settings\Alan\Desktop\RKreport[0]_S_10242013_212123.txt
2013-10-24 21:21 - 2013-03-22 07:14 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-24 16:41 - 2009-01-30 17:03 - 00002341 _____ C:\Documents and Settings\Alan\Desktop\WordPerfect.lnk
2013-10-24 16:40 - 2009-01-30 15:48 - 00000520 _____ C:\WINDOWS\HUD1.INI
2013-10-24 16:04 - 2013-10-24 16:03 - 00027122 _____ C:\Documents and Settings\Alan\Desktop\attach.txt
2013-10-24 16:04 - 2013-10-24 16:03 - 00016149 _____ C:\Documents and Settings\Alan\Desktop\dds.txt
2013-10-24 16:02 - 2013-10-24 16:02 - 00688992 ____R (Swearware) C:\Documents and Settings\Alan\Desktop\dds.scr
2013-10-24 15:30 - 2008-04-23 07:25 - 00000000 ____D C:\WINDOWS\Help
2013-10-24 13:57 - 2006-04-25 13:05 - 01510842 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-24 13:56 - 2013-10-11 03:00 - 00013907 _____ C:\WINDOWS\setupapi.log
2013-10-24 13:38 - 2011-01-03 15:11 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-10-24 11:52 - 2010-02-05 17:07 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-24 09:10 - 2009-01-30 16:25 - 00000486 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2013-10-24 05:46 - 2010-03-16 14:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LogMeIn
2013-10-24 05:21 - 2006-04-25 13:05 - 00032576 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-24 01:49 - 2013-10-09 03:10 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-10-23 15:50 - 2011-09-26 15:05 - 00002293 _____ C:\Documents and Settings\Alan\Desktop\Easy HUD 5.0.lnk
2013-10-23 10:54 - 2009-01-30 15:50 - 00001297 _____ C:\WINDOWS\QUICKEN.INI
2013-10-22 16:38 - 2009-01-30 15:32 - 00099472 _____ C:\Documents and Settings\Alan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-22 15:15 - 2006-04-25 05:22 - 00000451 _____ C:\WINDOWS\wiadebug.log
2013-10-19 10:06 - 2013-10-19 10:06 - 00001790 _____ C:\Documents and Settings\All Users\Desktop\Reader for PC.lnk
2013-10-19 10:06 - 2013-10-19 10:06 - 00000000 ____D C:\Program Files\Common Files\Sony Shared
2013-10-19 10:06 - 2013-10-19 10:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Reader for PC
2013-10-19 10:06 - 2011-10-19 13:06 - 00000000 ____D C:\Documents and Settings\Alan\Local Settings\Application Data\Sony Corporation
2013-10-14 09:46 - 2013-08-14 03:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-14 09:43 - 2009-02-04 07:24 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-14 03:04 - 2008-04-23 07:35 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-14 03:01 - 2008-04-23 07:25 - 00000000 ____D C:\WINDOWS\Registration
2013-10-11 07:51 - 2006-04-25 13:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-11 07:49 - 2013-02-01 13:52 - 00000000 ____D C:\Documents and Settings\Alan\Local Settings\Application Data\LogMeIn Rescue Applet
2013-10-11 07:49 - 2006-04-25 12:59 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-11 03:27 - 2006-04-25 05:22 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-11 03:26 - 2009-08-05 12:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 03:26 - 2006-04-25 12:39 - 00343424 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-11 03:10 - 2008-04-23 07:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-10-11 03:10 - 2006-04-25 12:43 - 00571780 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-11 03:07 - 2013-10-11 03:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-11 03:07 - 2013-10-11 03:06 - 00140695 _____ C:\WINDOWS\KB2862335.log
2013-10-11 03:07 - 2013-10-11 03:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-11 03:07 - 2013-10-11 03:02 - 00039662 _____ C:\WINDOWS\iis6.log
2013-10-11 03:07 - 2013-10-11 03:02 - 00037097 _____ C:\WINDOWS\FaxSetup.log
2013-10-11 03:07 - 2013-10-11 03:02 - 00017736 _____ C:\WINDOWS\ocgen.log
2013-10-11 03:07 - 2013-10-11 03:02 - 00016920 _____ C:\WINDOWS\tsoc.log
2013-10-11 03:07 - 2013-10-11 03:02 - 00012098 _____ C:\WINDOWS\comsetup.log
2013-10-11 03:07 - 2013-10-11 03:02 - 00011182 _____ C:\WINDOWS\msmqinst.log
2013-10-11 03:07 - 2013-10-11 03:02 - 00007344 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-11 03:07 - 2013-10-11 03:02 - 00006498 _____ C:\WINDOWS\netfxocm.log
2013-10-11 03:07 - 2013-10-11 03:02 - 00003411 _____ C:\WINDOWS\updspapi.log
2013-10-11 03:07 - 2013-10-11 03:02 - 00002550 _____ C:\WINDOWS\MedCtrOC.log
2013-10-11 03:07 - 2013-10-11 03:02 - 00002052 _____ C:\WINDOWS\ocmsn.log
2013-10-11 03:07 - 2013-10-11 03:02 - 00001866 _____ C:\WINDOWS\tabletoc.log
2013-10-11 03:07 - 2013-10-11 03:02 - 00001854 _____ C:\WINDOWS\msgsocm.log
2013-10-11 03:07 - 2013-10-11 03:02 - 00001393 _____ C:\WINDOWS\imsins.log
2013-10-11 03:07 - 2013-10-11 03:02 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-10-11 03:07 - 2013-10-11 02:00 - 00155718 _____ C:\WINDOWS\KB2847311.log
2013-10-11 03:06 - 2010-06-04 03:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2013-10-11 03:04 - 2013-10-11 03:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-11 03:04 - 2013-10-11 03:03 - 00021197 _____ C:\WINDOWS\KB2868038.log
2013-10-11 03:02 - 2013-10-11 03:02 - 00022687 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-11 03:02 - 2013-10-11 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-11 03:02 - 2013-10-11 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-11 03:02 - 2013-10-11 03:02 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-10-11 03:02 - 2013-10-11 03:02 - 00000000 _____ C:\WINDOWS\setupact.log
2013-10-10 16:36 - 2013-10-10 16:26 - 00000000 ____D C:\dataperk
2013-10-10 16:27 - 2013-10-10 16:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Geek Squad
2013-10-10 16:22 - 2011-08-22 09:16 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-10 16:22 - 2009-01-30 15:38 - 00000000 __SHD C:\Documents and Settings\Alan\UserData
2013-10-10 16:22 - 2009-01-30 15:32 - 00000000 ____D C:\Documents and Settings\Alan
2013-10-10 16:22 - 2008-04-23 07:25 - 00000000 ____D C:\WINDOWS\SoftwareDistribution.old
2013-10-10 15:45 - 2013-10-10 15:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2013-10-10 15:45 - 2013-10-10 15:41 - 00000000 ____D C:\Program Files\CCleaner
2013-10-10 15:28 - 2008-04-23 07:25 - 00000000 ____D C:\WINDOWS\system32\Catroot2.old
2013-10-10 15:27 - 2008-04-23 07:25 - 00000000 ____D C:\WINDOWS\Media
2013-10-10 15:21 - 2013-10-07 21:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Conduit
2013-10-10 12:25 - 2013-10-10 12:25 - 00000000 ____D C:\Documents and Settings\Alan\Application Data\Malwarebytes
2013-10-10 11:47 - 2013-10-10 11:47 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-10 11:47 - 2013-10-10 11:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-10 11:47 - 2013-10-10 11:47 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-10 11:47 - 2013-10-10 11:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-09 14:30 - 2009-01-30 15:49 - 00000205 _____ C:\WINDOWS\TV4WIN.INI
2013-10-09 03:01 - 2011-10-18 13:05 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2013-10-09 03:00 - 2012-05-01 03:01 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2013-10-09 03:00 - 2011-10-18 13:04 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-08 23:21 - 2012-06-05 08:12 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-08 23:21 - 2011-07-01 08:09 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-08 16:05 - 2013-10-08 16:04 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2013-10-08 16:05 - 2009-02-04 19:01 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-08 16:04 - 2013-10-08 16:04 - 00001734 _____ C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2013-10-08 16:04 - 2009-02-04 19:01 - 00000000 ____D C:\Program Files\Adobe
2013-10-08 16:03 - 2009-02-04 19:03 - 00000000 ____D C:\Documents and Settings\Alan\Local Settings\Application Data\Adobe
2013-10-08 15:52 - 2006-04-25 12:32 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2013-10-08 15:52 - 2006-04-25 12:32 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2013-10-08 15:47 - 2009-01-30 15:32 - 00000178 ___SH C:\Documents and Settings\Alan\ntuser.ini
2013-10-08 15:44 - 2013-10-08 15:44 - 00003038 _____ C:\fix_svchost.bat
2013-10-08 15:08 - 2006-04-25 12:32 - 00000684 _____ C:\WINDOWS\win.ini
2013-10-08 15:08 - 2006-04-25 12:24 - 00000223 __RSH C:\boot.ini
2013-10-08 15:08 - 2006-04-25 05:19 - 00000227 _____ C:\WINDOWS\system.ini
2013-10-08 14:44 - 2013-10-08 14:41 - 00000000 ____D C:\WINDOWS\pss
2013-10-08 14:14 - 2009-02-04 20:19 - 00000000 ____D C:\Documents and Settings\Alan\Application Data\AdobeUM
2013-10-08 14:13 - 2013-10-07 21:01 - 00000000 ____D C:\WINDOWS\system32\WNLT
2013-10-08 14:09 - 2009-02-04 19:01 - 00002407 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 7.0 Standard.lnk
2013-10-08 14:09 - 2009-02-04 19:01 - 00002365 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 7.0.lnk
2013-10-08 11:57 - 2010-03-09 09:10 - 00015240 _____ C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2013-10-08 03:03 - 2008-04-23 07:50 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2013-10-07 21:19 - 2013-10-07 21:02 - 00000000 ____D C:\Documents and Settings\Alan\Local Settings\Application Data\Conduit
2013-10-07 21:09 - 2011-02-14 10:47 - 00000000 ____D C:\Program Files\7-Zip
2013-10-07 21:04 - 2013-10-07 21:04 - 00000000 ____D C:\Documents and Settings\Alan\Start Menu\Programs\WordOv
2013-10-07 21:03 - 2013-10-07 21:01 - 00000000 _____ C:\END
2013-10-07 21:02 - 2013-10-07 21:02 - 00000000 ____D C:\Program Files\Conduit
2013-10-06 15:05 - 2009-01-30 15:39 - 00000000 ____D C:\Documents and Settings\Alan\Local Settings\Application Data\Google

Alureon:
C:\Documents and Settings\Alan\Local Settings\Temp\svpretx\skorapq\wow.dll

Some content of TEMP:
====================
C:\Documents and Settings\Alan\Local Settings\Temp\ntdll_dump.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Addition.txt

MrCharlie · October 25, 2013

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Download Malwarebytes Anti-Rootkit from HERE

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

mule47 · October 25, 2013

Attached are the files you mentioned.

on the 2nd scan with anti rookit it showed no issues, ie, system clean. There was one issue on first scan and I ran the cleaner. It did NOT prompt me to reboot so I did not and ran the 2nd scan which again showed no problems.

I seem to have internet access and windows firewall and windows update are functioning.

Thanks! What next?

Fixlog.txt

system-log.txt

mbar-log-2013-10-25 (08-38-10).txt

mbar-log-2013-10-25 (08-58-42).txt

MrCharlie · October 25, 2013

Well Done, lets run ComboFix to clear up any leftovers.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

mule47 · October 25, 2013

Combo fix run and the file you instructed is attached.

ComboFix.txt

mule47 · October 25, 2013

And I was not sure if you needed the log.txt file that was created but in case you do, here is cut and paste of same:

ComboFix 13-10-24.01 - Alan 10/25/2013 10:28:48.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2270 [GMT -5:00]
Running from: c:\documents and settings\Alan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Alan\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
C:\END
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\windows\system32\bidisp.dll
c:\windows\system32\SETC4E3.tmp
c:\windows\system32\SETC4E5.tmp
c:\windows\system32\SETC4E9.tmp
c:\windows\system32\SETC4EA.tmp
c:\windows\system32\SETC4F1.tmp
c:\windows\system32\SETC4F3.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-25 to 2013-10-25 )))))))))))))))))))))))))))))))
.
.
2013-10-25 13:38 . 2013-10-25 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-10-25 13:37 . 2013-10-25 13:58 105176 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-10-25 13:37 . 2013-10-25 13:37 47064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-10-25 08:42 . 2013-10-14 06:39 7796464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8D799870-14C4-4E4D-9C96-B5AF35B7C660}\mpengine.dll
2013-10-25 06:50 . 2013-10-14 06:39 7796464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-25 02:52 . 2013-10-25 13:22 -------- d-----w- C:\FRST
2013-10-19 15:06 . 2013-10-19 15:06 -------- d-----w- c:\program files\Common Files\Sony Shared
2013-10-11 06:59 . 2013-07-03 02:12 25088 ------w- c:\windows\system32\dllcache\hidparse.sys
2013-10-11 06:58 . 2013-07-17 00:58 123008 ------w- c:\windows\system32\dllcache\usbvideo.sys
2013-10-11 06:58 . 2013-07-17 00:58 46848 ------w- c:\windows\system32\dllcache\irbus.sys
2013-10-11 06:58 . 2013-07-17 00:58 60160 ------w- c:\windows\system32\dllcache\usbaudio.sys
2013-10-11 06:57 . 2013-08-09 00:55 144128 ------w- c:\windows\system32\dllcache\usbport.sys
2013-10-11 06:57 . 2013-08-09 00:55 5376 ------w- c:\windows\system32\dllcache\usbd.sys
2013-10-11 06:57 . 2009-03-18 11:02 30336 ------w- c:\windows\system32\dllcache\usbehci.sys
2013-10-10 21:29 . 2013-10-25 13:23 -------- d-----w- c:\windows\system32\CatRoot2
2013-10-10 21:27 . 2013-10-10 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Geek Squad
2013-10-10 21:26 . 2013-10-10 21:36 -------- d-----w- C:\dataperk
2013-10-10 20:41 . 2013-10-10 20:45 -------- d-----w- c:\program files\CCleaner
2013-10-10 17:25 . 2013-10-10 17:25 -------- d-----w- c:\documents and settings\Alan\Application Data\Malwarebytes
2013-10-10 16:47 . 2013-10-10 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-10-10 16:47 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-10 16:47 . 2013-10-10 16:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-08 20:44 . 2013-10-08 20:44 3038 ----a-w- C:\fix_svchost.bat
2013-10-08 02:02 . 2013-10-08 02:02 -------- d-----w- c:\program files\Conduit
2013-10-08 02:02 . 2013-10-10 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Conduit
2013-10-08 02:02 . 2013-10-08 02:19 -------- d-----w- c:\documents and settings\Alan\Local Settings\Application Data\Conduit
2013-10-08 02:01 . 2013-10-08 19:13 -------- d-----w- c:\windows\system32\WNLT
2013-10-08 02:00 . 2013-10-08 02:00 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-25 12:58 . 2010-03-16 19:21 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-10-25 12:58 . 2010-03-16 19:21 53064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2013-10-25 12:58 . 2010-03-16 19:21 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-10-25 12:58 . 2010-03-16 19:20 85832 ----a-w- c:\windows\system32\LMIinit.dll
2013-10-09 04:21 . 2012-06-05 13:12 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 04:21 . 2011-07-01 13:09 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:33 . 2006-02-28 02:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:33 . 2006-02-28 02:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33 . 2006-02-28 02:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33 . 2006-02-28 02:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2006-02-28 02:00 385024 ----a-w- c:\windows\system32\html.iec
2013-09-10 19:49 . 2013-09-10 19:49 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe
2013-09-10 19:48 . 2013-09-10 19:48 2805232 ----a-w- C:\fix_svchost_bat_download.exe
2013-09-10 19:42 . 2013-09-10 19:40 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
2013-08-29 01:31 . 2006-02-28 02:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-09 01:56 . 2006-02-28 02:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2006-02-28 02:00 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2010-03-09 14:06 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2006-02-28 02:00 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30 . 2006-02-28 02:00 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 19:18 . 2006-10-19 02:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-31 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-04 8466432]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office 11\Programs\QFSCHD110.EXE" [2005-02-15 77887]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-08-07 331288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 995176]
"Reader Application Helper"="c:\program files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2013-06-25 899400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"(A0)"="c:\documents and settings\Alan\Desktop\mbar\mbar.exe" [2013-10-08 1170744]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-08-15 659200]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe [2009-2-4 25214]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-9-14 271736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2013-10-25 12:58 85832 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 08:08 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-05-11 10:37 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Display]
2010-09-14 21:53 271736 ----a-w- c:\program files\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-12-03 16:12 976320 ----a-w- c:\program files\Epson Software\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FUFAXSTM]
2009-12-03 06:00 847872 ----a-w- c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-08-07 22:35 122368 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-09-24 18:57 2254120 ----a-w- c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-09-04 19:47 81920 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-09-04 19:47 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-08-08 21:52 421888 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Application Helper]
2013-06-25 23:24 899400 ----a-w- c:\program files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 oxpar;%OXPAR.SVCDESC%;c:\windows\system32\drivers\oxpar.sys [1/24/2007 5:28 AM 80128]
R2 APC Data Service;APC Data Service;c:\program files\APC\APC PowerChute Personal Edition\dataserv.exe [9/14/2010 4:54 PM 21880]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/30/2010 10:22 AM 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 13624]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [4/23/2008 7:53 AM 540184]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [10/25/2013 8:37 AM 47064]
R3 oxmf;OXPCI Bus enumerator;c:\windows\system32\drivers\oxmf.sys [1/24/2007 5:28 AM 21888]
R3 Oxmfuf;Filter driver for OX16PCI95x ports;c:\windows\system32\drivers\oxmfuf.sys [1/24/2007 5:28 AM 5888]
R3 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [1/24/2007 5:28 AM 70784]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2/10/2012 11:10 AM 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2/10/2012 11:10 AM 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2/10/2012 11:10 AM 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2/10/2012 11:10 AM 25088]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LMIINFO
*NewlyCreated* - MBAMCHAMELEON
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 04:21]
.
2013-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 22:07]
.
2013-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 22:07]
.
2013-10-25 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-08-12 15:12]
.
.
------- Supplementary Scan -------
.

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: caldirectsecuredocs.com\www
Trusted Zone: com\pennwest-edocs
Trusted Zone: com\swiftview
Trusted Zone: ditechsecuredocs.com\www
Trusted Zone: ditechsecuredocs.net\www
Trusted Zone: docmagic.com\www
Trusted Zone: elynx.net\ctest
Trusted Zone: elynx.net\forms
Trusted Zone: elynx.net\gmacforms
Trusted Zone: elynx.net\pro
Trusted Zone: elynx.net\secure
Trusted Zone: elynx.net\usign
Trusted Zone: elynx.net\webpost
Trusted Zone: facebook.com\www
Trusted Zone: gmacmsecuredocs.com\www
Trusted Zone: gmacmsecuredocs.net\www
Trusted Zone: gmamcsecuredocs.com\www
Trusted Zone: netflix.com\www
Trusted Zone: regions.com\www
Trusted Zone: ss3.swiftsend.com\loandocs
Trusted Zone: swiftsend.com\docs
Trusted Zone: swiftsend.com\loandocs
Trusted Zone: swiftsend2.com\docs
Trusted Zone: swiftsend2.com\loandocs
Trusted Zone: swiftview.com\www
Trusted Zone: tiderinsider.com\www
Trusted Zone: wamuloandocs.com\www
Trusted Zone: youtube.com\www
TCP: Interfaces\{2179F4EC-3C69-4F25-8999-09D25468B4CA}: NameServer = 192.168.1.254

.
- - - - ORPHANS REMOVED - - - -
.
c:\documents and settings\Alan\Start Menu\Programs\Startup\Epson scanner Registration.lnk - e:\common\EpsonReg\GTS50\Ereg.exe /remind /language=ENU /PRNM="00864"
Notify-NavLogon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-25 10:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2013-10-25 10:35:31
ComboFix-quarantined-files.txt 2013-10-25 15:35
.
Pre-Run: 45,330,251,776 bytes free
Post-Run: 45,334,446,080 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 4684C75BC12DADD75C7313AE314511EF
FA428FC7A93EBEC7E8C71B1E70D14422

MrCharlie · October 25, 2013

Looks Good, run another scan with RogueKiller and post the new log.

Then......

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Please uncheck elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you may want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted:
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

mule47 · October 25, 2013

when I went to download adwcleaner, I must have hit the wrong download link as I apparently started a download of some sponsored group. Within seconds I realized and stopped it. Nonetheless it has caused some type of other software to load. I did download the correct adwclelaner software and here is adw report cut and paste: (BTW, I attached the file from my Rogue Killer scan and below is a cut and paste of the malwarebytes scan.

# AdwCleaner v3.010 - Report created 25/10/2013 at 11:57:33

# Updated 20/10/2013 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : Alan - AKEITH

# Running from : C:\Documents and Settings\Alan\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

Service Deleted : CltMngSvc

Service Deleted : DefaultTabUpdate

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Conduit

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia

Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\optimizer pro v3.2

Folder Deleted : C:\Program Files\Conduit

[!] Folder Deleted : C:\Program Files\optimizer pro

Folder Deleted : C:\Program Files\Searchprotect

Folder Deleted : C:\Program Files\WhiteSmoke_New_V.13

Folder Deleted : C:\WINDOWS\system32\WNLT

Folder Deleted : C:\Documents and Settings\Alan\Local Settings\Application Data\Conduit

Folder Deleted : C:\Documents and Settings\Alan\Local Settings\Application Data\WhiteSmoke_New_V.13

Folder Deleted : C:\Documents and Settings\Alan\Application Data\DefaultTab

Folder Deleted : C:\Documents and Settings\Alan\Application Data\PriceGong

Folder Deleted : C:\Documents and Settings\Alan\Application Data\Searchprotect

Folder Deleted : C:\Documents and Settings\Alan\Application Data\SwvUpdater

File Deleted : C:\END

File Deleted : C:\Documents and Settings\Alan\Desktop\Optimizer Pro.lnk

File Deleted : C:\WINDOWS\Tasks\AmiUpdXp.job

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchProtect]

Key Deleted : HKCU\Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL

Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser

Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1

Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX

Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd

Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchProtectAll]

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3314312

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3317127

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5F520D40-805B-4169-BB2B-40E37EE57701}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76B15D0B-F0B6-4050-AA12-228C408E1AED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5F520D40-805B-4169-BB2B-40E37EE57701}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F520D40-805B-4169-BB2B-40E37EE57701}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{76B15D0B-F0B6-4050-AA12-228C408E1AED}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{76B15D0B-F0B6-4050-AA12-228C408E1AED}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CA6F4EC-CC2D-406B-8CD0-8E141EA38454}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C37A7939-6071-4E89-8560-A8BFFD266060}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5F520D40-805B-4169-BB2B-40E37EE57701}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{5F520D40-805B-4169-BB2B-40E37EE57701}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{5F520D40-805B-4169-BB2B-40E37EE57701}]

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\Default Tab

Key Deleted : HKCU\Software\DefaultTab

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\Optimizer Pro

Key Deleted : HKCU\Software\PriceGong

Key Deleted : HKCU\Software\SearchProtect

Key Deleted : HKCU\Software\smartbar

Key Deleted : HKCU\Software\WhiteSmoke_New_V.13

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab

Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Default Tab

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\Software\SearchProtect

Key Deleted : HKLM\Software\WhiteSmoke_New_V.13

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

*************************

AdwCleaner[R0].txt - [8620 octets] - [25/10/2013 11:50:45]

AdwCleaner[s0].txt - [8599 octets] - [25/10/2013 11:57:33]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8659 octets] ##########

Here is the report from my malwarebytes scan:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.10.25.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Alan :: AKEITH [administrator]

10/25/2013 12:07:55 PM

mbam-log-2013-10-25 (12-07-55).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 220144

Time elapsed: 9 minute(s), 24 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 1

C:\Documents and Settings\Alan\Local Settings\Application Data\GreatArcadeHits\GreatArcadeHitsIE.dll (PUP.Optional.GreatArcadeHits.A) -> Delete on reboot.

Registry Keys Detected: 18

HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

HKCR\Typelib\{5530C971-3D8F-471B-AC49-4CC23FA955E2} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

HKCR\Interface\{7FBC7ADD-4D75-4685-9BD4-30D3FBDD3AB4} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

HKCR\CLSID\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

HKCR\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

HKCR\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

HKCR\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.ExpressInstall.A) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browsersafeguard (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\BROWSERSAFEGUARD (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{856AD396-519D-4C7A-BED6-6785F64924BC} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BrowserSafeguard (PUP.Optional.BrowserSafeGuard.A) -> Data: C:\Program Files\Browsersafeguard\Browsersafeguard.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Browsersafeguard|sourceid (PUP.Optional.BrowserSafeGuard.A) -> Data: google_browsersafeguard-display-us-bleeping-728x90-36639128953 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 10

C:\Documents and Settings\Alan\Start Menu\Programs\GreatArcadeHits (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

\\192.168.1.100\fdrive\mydocs redirect\akeith\optimizer pro (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.

f:\mydocs redirect\akeith\optimizer pro (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.

C:\Program Files\Browsersafeguard (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\Program Files\Browsersafeguard\Resources (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Temp\ct3317127 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Application Data\GreatArcadeHits (PUP.Optional.GreatArcadeHits.A) -> Delete on reboot.

C:\Documents and Settings\Alan\Local Settings\Application Data\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49} (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Application Data\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Application Data\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

Files Detected: 55

C:\Documents and Settings\Alan\Local Settings\Application Data\GreatArcadeHits\GreatArcadeHitsIE.dll (PUP.Optional.GreatArcadeHits.A) -> Delete on reboot.

C:\Documents and Settings\Alan\Desktop\Setup.exe (PUP.Optional.ExpressInstall.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Temp\nst161.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Temp\nsw166.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Temp\dlLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Temp\newsetup.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Temp\ct3317127\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Temp\ct3317127\ielogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Temp\ct3317127\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\826V2L05\WhiteSmoke_New_V.13[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\BBS3OZIV\OptimizerPro[1].exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\BBS3OZIV\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\BBS3OZIV\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\M0REJUF4\Launcher[1].exe (PUP.Optional.InstallMonetizer) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\NNZLF5CN\Setup[1].exe (PUP.Optional.ExpressInstall.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\NNZLF5CN\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\NNZLF5CN\GreatArcadeHits[1].exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Start Menu\Programs\GreatArcadeHits\Play Games online on GreatArcadeHits.com.url (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Start Menu\Programs\GreatArcadeHits\Uninstall GreatArcadeHits.lnk (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\GreatArcadeHits.job (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

\\192.168.1.100\fdrive\mydocs redirect\akeith\optimizer pro\cookiesexception.txt (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.

f:\mydocs redirect\akeith\optimizer pro\cookiesexception.txt (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.

C:\Program Files\Browsersafeguard\ewebstorewrapper.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\Program Files\Browsersafeguard\BrowserSafeguard.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\Program Files\Browsersafeguard\install.log (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\Program Files\Browsersafeguard\makecert.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\Program Files\Browsersafeguard\TrustedRoot.cer (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\Program Files\Browsersafeguard\uninstall.browsersafeguard.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\Program Files\Browsersafeguard\Resources\certutil.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\Program Files\Browsersafeguard\Resources\libnspr4.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\Program Files\Browsersafeguard\Resources\libplc4.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\Program Files\Browsersafeguard\Resources\libplds4.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\Program Files\Browsersafeguard\Resources\nss3.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\Program Files\Browsersafeguard\Resources\smime3.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\Program Files\Browsersafeguard\Resources\softokn3.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\BrowserSafeguard Update Task.job (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Temp\ct3317127\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Temp\ct3317127\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Application Data\GreatArcadeHits\application.ico (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Application Data\GreatArcadeHits\cookies.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Application Data\GreatArcadeHits\gahcrx.zip (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Application Data\GreatArcadeHits\gahff.xpi (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Application Data\GreatArcadeHits\GAHUninstaller.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Application Data\GreatArcadeHits\GAHUpdate.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Application Data\GreatArcadeHits\Play Games online on GreatArcadeHits.com.url (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Application Data\GreatArcadeHits\premium.pem (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Application Data\GreatArcadeHits\static.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Application Data\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome.manifest (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Application Data\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\icon.png (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Application Data\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\install.rdf (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Application Data\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content\application.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Application Data\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content\overlay.xul (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Application Data\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content\page.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alan\Local Settings\Application Data\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\chrome\content\static.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

(end)

RKreport0_S_10252013_114233.txt

MrCharlie · October 25, 2013

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[RUN][sUSP PATH] HKLM\[...]\RunOnce : (A0) (cmd /c "C:\Documents and Settings\Alan\Desktop\mbar\mbar.exe" /rdv /s [7]) -> FOUND

Now click Delete on the right hand column under Options

-------------

Yes, that's be coming a problem when downloading from that site, lots of sponsored ads.

I'm going to re-write my speeches to make sure the correct download button is clicked.

Did you get all the adware you downloaded uninstalled?

AdwCleaner should take care of most of it.

How's the computer running now??

MrC

mule47 · October 25, 2013

I ran Rouge Killer again and a couple of things showed up but not the file you mentioned in your post. I cut and pasted the report at the bottom of this post.

I am not sure if all the adware is uninstalled. Probably is as I ran the cleaner as instructed. However, my desktop has a ton of icons, folders and files on it. which I assume were not cleaned. Should I send those to the recycle bin, or keep for a bit?

The PC seems to be running fine and the issues I was having (in particular the wave volume going to zero over and over) seem to have stopped. In addition, the junk that hit when I hit the wrong download button seems to be gone also.

Tks so much and I will make a paypal donation for your kind help. Pls let me know if I need to do anything further.

Here is the latest Rogue report:

RogueKiller V8.7.5 [Oct 22 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Alan [Admin rights]

Mode : Scan -- Date : 10/25/2013 13:28:07

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST380815AS +++++

--- User ---

[MBR] 41ee62e4c5d214a43e5eb6a0dffbc56e

[bSP] d5602b5d32682a40c793a0625fb15ae7 : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76300 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[0]_S_10252013_132807.txt >>

RKreport[0]_S_10242013_212123.txt;RKreport[0]_S_10252013_114233.txt

MrCharlie · October 25, 2013

RogueKiller looks OK now.

Leave the icons alone for now.

Run another scan with FRST, post the new log and we'll make sure all the adware is gone.

MrC

mule47 · October 25, 2013

Done and here is new log

FRST.txt

MrCharlie · October 25, 2013

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

----------------------------------------

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
If you get Unsupported operating system. Aborting now, just reboot and try again.
A Notepad document should open automatically called checkup.txt.
Please Post the contents of that document.
Do Not Attach It!!!

MrC

mule47 · October 25, 2013

Done both. Here is the cut and paste:

Results of screen317's Security Check version 0.99.74

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Please wait while WMIC is being installed.d

i

s

p

l

a

y

N

a

m

e

ECHO is off.

M

i

c

r

o

s

o

f

t

ECHO is off.

S

e

c

u

r

i

t

y

ECHO is off.

E

s

e

n

t

i

a

l

s

ECHO is off.

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

CCleaner

Java 6 Update 2

Java version out of Date!

Adobe Reader XI

Google Chrome 30.0.1599.101

Google Chrome 30.0.1599.69

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Fixlog.txt

MrCharlie · October 25, 2013

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:

~~~~~~~~~~~~~~~~~~~~~~~~~~

Java™ 6 Update 2 <---please uninstall this and any other Java from your add/remove programs.

Java version out of Date! <-------Download and install the latest version (Java™ 7 Update 45) from Here. Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used FRST:
Download the fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-----------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (also HERE)

Good Luck and Thanks for using the forum, MrC

mule47 · October 25, 2013

I made a Paypal donation for your kind help. You helped me wonderfully and I think you have even made my pc generally sounder and faster.

God Bless and tks again!

MrCharlie · October 25, 2013

OK..Take Care MrC

Maurice Naggar · October 26, 2013

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Hijack.shell 32 won't remove with Malwarebytes anit Malware

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information