Possible rootkit.0access.ed infection?

[levers]

Hello!

 

I am helping a work colleague who noticed some issues on his computer today. He has Malwarebytes PRO and it popped up an alert from the tray noting that it had detected and quarantined a threat of rootkit.0access.ed. He continued to work an then experienced a BSOD. It was a that point he mentioned it to me and we immediately ran a Malwarebytes quick scan, which found 1 instance of rootkit.0access.ed (scan log included below) and requested a restart. After the restart we scanned again with Malwarebytes and no problems were detected.

 

I have run the DDS scan and attached the requested log files below. Could someone please review them to determine if there are any further steps we need to take to make sure his system is clean?

 

I also noticed he has an icon called FileCure in the quick launch tray that is popping up an alert. He does not know where that came from and I suspect that is something that may need to be removed as well.

 

I will not have access to his computer until I return to the office tomorrow morning, but I can perform any further scans/fixes at that time.

 

Thank you so much for your assistance!

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.19.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Monte Leiferman :: MONTEL [administrator]

Protection: Enabled

11/19/2013 3:59:09 PM
mbam-log-2013-11-19 (15-59-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 258445
Time elapsed: 16 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_*202EETADPUG (Rootkit.0Access) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Monte Leiferman at 16:42:44 on 2013-11-19
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2013.847 [GMT -6:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\microsoft outlook\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\ParetoLogic\FileCure\FileCure.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SelectRebates\SelectRebates.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Monte Leiferman\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.





uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.130\McAfeeMSS_IE.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ShopAtHomeIEHelper Class: {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ShopAtHome Toolbar: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: ShopAtHome Toolbar: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [selectRebates] c:\program files\selectrebates\SelectRebates.exe
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunServices: [knockout] c:\docume~1\montel~1\locals~1\temp\knockout.exe
mRunServices: [WizardShell] c:\program files\intel\intel matrix storage manager\nld\raidwizmmodify.exe
mRunServices: [informationTechnology5.50.50727.198] c:\program files\common files\microsoft shared\help\microsoftrlibrary.exe
mRunServices: [settingsDefault18562] c:\program files\corel\corel graphics 11\custom data\preflight styles\defaultsettings1916.exe
mRunServices: [MonitorRAID] c:\program files\intel\intel matrix storage manager\nld\raidwizmmodify.exe
StartupFolder: c:\docume~1\montel~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\monte leiferman\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\montel~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.130\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: ab-sales.com
Trusted Zone: internet
















TCP: NameServer = 64.251.160.2 64.251.173.40
TCP: Interfaces\{ECB4A38B-54BB-490A-80C1-294B18B0ACDE} : DHCPNameServer = 64.251.160.2 64.251.173.40
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: SPP-ActiveSetup - regedit -s "c:\\program files\\jda\\abcustom\\service release\\NewUser.reg"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-11-19 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-21 701512]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2009-11-20 22016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-21 22856]
S?4 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.130\McCHSvc.exe [2013-9-6 235216]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2009-11-20 28800]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2009-11-20 17536]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~3\office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-11-19 17:48:52    --------    d-----w-    C:\2014 New Products
2013-11-12 16:29:13    --------    d-----w-    C:\2014 AB PLANS
2013-10-31 13:34:44    --------    d-----w-    C:\2014 Monster
.
==================== Find3M  ====================
.
2013-11-19 21:20:04    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 21:20:04    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 16:43:10.10 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/21/2009 2:14:57 PM
System Uptime: 11/19/2013 4:19:24 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0CKCXH
Processor: Pentium® Dual-Core  CPU      E5300  @ 2.60GHz | Socket 775 | 2593/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 197.874 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP530: 8/22/2013 12:05:57 PM - System Checkpoint
RP531: 8/23/2013 1:38:49 PM - System Checkpoint
RP532: 8/26/2013 8:05:47 AM - System Checkpoint
RP533: 8/27/2013 9:27:32 AM - System Checkpoint
RP534: 8/28/2013 12:07:56 PM - System Checkpoint
RP535: 8/29/2013 12:11:42 PM - System Checkpoint
RP536: 8/30/2013 12:13:16 PM - System Checkpoint
RP537: 9/3/2013 12:14:51 PM - System Checkpoint
RP538: 9/4/2013 12:28:29 PM - System Checkpoint
RP539: 9/6/2013 5:31:13 AM - System Checkpoint
RP540: 9/9/2013 8:29:28 AM - System Checkpoint
RP541: 9/10/2013 12:16:05 PM - System Checkpoint
RP542: 9/11/2013 12:00:27 PM - Removed Microsoft Office Live Meeting 2007
RP543: 9/11/2013 12:00:40 PM - Installed Microsoft Office Live Meeting 2007
RP544: 9/16/2013 12:26:09 PM - System Checkpoint
RP545: 9/17/2013 5:04:59 PM - System Checkpoint
RP546: 9/18/2013 5:20:29 PM - System Checkpoint
RP547: 9/19/2013 5:59:06 PM - System Checkpoint
RP548: 9/23/2013 12:57:57 PM - System Checkpoint
RP549: 9/24/2013 3:40:53 PM - System Checkpoint
RP550: 9/25/2013 4:37:06 PM - System Checkpoint
RP551: 9/26/2013 4:50:36 PM - System Checkpoint
RP552: 9/27/2013 5:14:23 PM - System Checkpoint
RP553: 9/30/2013 9:59:50 AM - System Checkpoint
RP554: 10/1/2013 10:00:13 AM - System Checkpoint
RP555: 10/2/2013 10:29:36 AM - System Checkpoint
RP556: 10/3/2013 10:48:45 AM - System Checkpoint
RP557: 10/4/2013 12:40:23 PM - System Checkpoint
RP558: 10/7/2013 11:50:03 AM - System Checkpoint
RP559: 10/8/2013 12:28:41 PM - System Checkpoint
RP560: 10/9/2013 12:32:59 PM - System Checkpoint
RP561: 10/10/2013 12:48:25 PM - System Checkpoint
RP562: 10/11/2013 4:01:20 PM - System Checkpoint
RP563: 10/12/2013 4:14:03 PM - System Checkpoint
RP564: 10/14/2013 9:57:09 AM - System Checkpoint
RP565: 10/15/2013 12:35:22 PM - System Checkpoint
RP566: 10/16/2013 4:38:13 PM - System Checkpoint
RP567: 10/18/2013 10:33:44 AM - System Checkpoint
RP568: 10/21/2013 12:56:25 PM - System Checkpoint
RP569: 10/22/2013 2:53:41 PM - System Checkpoint
RP570: 10/23/2013 2:55:53 PM - System Checkpoint
RP571: 10/28/2013 8:07:07 AM - System Checkpoint
RP572: 10/29/2013 10:01:47 AM - System Checkpoint
RP573: 10/30/2013 11:01:21 AM - System Checkpoint
RP574: 10/31/2013 12:07:34 PM - System Checkpoint
RP575: 11/1/2013 3:05:09 PM - System Checkpoint
RP576: 11/7/2013 12:36:22 PM - System Checkpoint
RP577: 11/8/2013 2:55:40 PM - System Checkpoint
RP578: 11/12/2013 12:33:16 PM - System Checkpoint
RP579: 11/13/2013 12:50:58 PM - System Checkpoint
RP580: 11/14/2013 5:17:24 PM - System Checkpoint
RP581: 11/18/2013 9:44:08 AM - System Checkpoint
RP582: 11/19/2013 11:21:57 AM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.03)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
BufferChm
Business Contact Manager for Outlook 2007 SP2
C4400
C4400_Help
Cards_Calendar_OrderGift_DoMorePlugout
Citrix Online Launcher
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Compatibility Pack for the 2007 Office system
CompetitiveCodeBook
Copy
CorelDRAW 11 SA
CorelDRAW Graphics Suite X4
CorelDRAW Graphics Suite X4 - Capture
CorelDRAW Graphics Suite X4 - Content
CorelDRAW Graphics Suite X4 - Draw
CorelDRAW Graphics Suite X4 - Filters
CorelDRAW Graphics Suite X4 - FontNav
CorelDRAW Graphics SUite X4 - ICA
CorelDRAW Graphics Suite X4 - IPM
CorelDRAW Graphics Suite X4 - Lang BR
CorelDRAW Graphics Suite X4 - Lang EN
CorelDRAW Graphics Suite X4 - Lang ES
CorelDRAW Graphics Suite X4 - Lang FR
CorelDRAW Graphics Suite X4 - PP
CorelDRAW Graphics Suite X4 - VBA
CorelDRAW SA 11
CorelDRAW® Graphics Suite X4
CorelDRAW® Graphics Suite X4 - Windows Shell Extension
CustomerResearchQFolder
Dell Backup and Recovery Manager
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Diagnostic Utility
DocProc
DocProcQFolder
Dropbox
ESET Online Scanner v3
eSupportQFolder
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.7.0.1172
GPBaseService
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB968764)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 3.5
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
Image Extractor
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java 6 Update 24
JDA PDF Writer
JDA Space Automation
JDA Space Planning
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
McAfee Security Scan Plus
Micro Vane Workstation 5.4
Micro Vane Workstation 5.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Office 2000 Premium
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Standard 2007
Microsoft Office Standard 2007 Trial
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MSN Toolbar
MSN Toolbar Platform
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
OCR Software by I.R.I.S. 10.0
OGA Notifier 2.0.0048.0
PanoStandAlone
ParetoLogic FileCure
Photodex Presenter
PowerDVD DX
Profitability Calculator
PS_AIO_03_C4400_ProductContext
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PSSWCORE
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scan
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
ShopAtHome SelectRebates
SmartWebPrinting
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Status
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb2291599)
Update for Windows XP (KB2141007)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VBA (2627.01)
VideoToolkit01
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
WebEx
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
XML Paper Specification Shared Components Pack 1.0
Yahoo! Detect
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/19/2013 3:54:45 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
11/19/2013 3:54:20 PM, error: System Error [1003]  - Error code 10000050, parameter1 99e9e000, parameter2 00000000, parameter3 80509973, parameter4 00000000.
11/19/2013 3:15:46 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/19/2013 3:15:18 PM, error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
11/19/2013 12:51:50 PM, error: iaStor [9]  - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
11/14/2013 7:13:52 AM, error: Service Control Manager [7022]  - The HP CUE DeviceDiscovery Service service hung on starting.
.
==== End Of File ===========================


 

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

[levers]

Thank you so much for your quick response.

 

Here are the requested logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-11-2013
Ran by Monte Leiferman (administrator) on MONTEL on 20-11-2013 09:16:23
Running from C:\Documents and Settings\Monte Leiferman\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\microsoft outlook\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ParetoLogic) C:\Program Files\ParetoLogic\FileCure\FileCure.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Microsoft Corp.) C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
() C:\Program Files\SelectRebates\SelectRebates.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Dropbox, Inc.) C:\Documents and Settings\Monte Leiferman\Application Data\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16806912 2008-08-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\WINDOWS\ALCMTR.EXE [57344 2008-08-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [iAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-02-11] (Intel Corporation)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM\...\Run: [MSN Toolbar] - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe [240992 2009-12-08] (Microsoft Corp.)
HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
HKLM\...\Run: [hpqSRMon] - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM\...\Run: [selectRebates] - C:\Program Files\SelectRebates\SelectRebates.exe [885216 2010-08-09] ()
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\RunServices: [knockout] - C:\DOCUME~1\MONTEL~1\LOCALS~1\Temp\knockout.exe
HKLM\...\RunServices: [WizardShell] - c:\program files\intel\intel matrix storage manager\nld\raidwizmmodify.exe
HKLM\...\RunServices: [informationTechnology5.50.50727.198] - c:\program files\common files\microsoft shared\help\microsoftrlibrary.exe
HKLM\...\RunServices: [settingsDefault18562] - c:\program files\corel\corel graphics 11\custom data\preflight styles\defaultsettings1916.exe
HKLM\...\RunServices: [MonitorRAID] - c:\program files\intel\intel matrix storage manager\nld\raidwizmmodify.exe
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-02-19] (Google Inc.)
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\Monte Leiferman\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Monte Leiferman\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\Monte Leiferman\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: ShopAtHomeIEHelper Class - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - ShopAtHome Toolbar - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab
DPF: {315581D7-2DE9-4685-A31D-FDE263FF2FB5} http://24.220.180.70/template/pWebView1.cab
DPF: {37D01D1F-7F85-4455-88DA-6328863886E8} https://secure.ab-sales.com/echannelcg_enu/19234/applets/SiebelAx_HI_Client.cab
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} https://secure.ab-sales.com/echannelcg_enu/19251/applets/SiebelAx_Desktop_Integration.cab
DPF: {B66D7C9D-905F-4A8E-A919-F6190334B9D0} https://secure.ab-sales.com/echannelcg_enu/19251/applets/SiebelAx_HI_Client.cab
DPF: {C1FC96DA-81BE-4836-B3A5-958F55E56E8E} https://secure.ab-sales.com/echannelcg_enu/19251/applets/SiebelAx_OutBound_mail.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://wholesalerrouting.webex.com/client/T27LB/event/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E4F2DB99-72F9-40CE-8B98-AF9615C99CEE} https://secure.ab-sales.com/echannelcg_enu/19234/applets/SiebelAx_Calendar.cab
DPF: {EAE0D004-1B84-4F67-AA92-35B3A0B4F045} https://secure.ab-sales.com/echannelcg_enu/19234/applets/SiebelAx_OutBound_mail.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 64.251.160.2 64.251.173.40

Chrome:
=======


CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll No File
CHR Plugin: (Photodex Presenter Plugin) - C:\Documents and Settings\Monte Leiferman\Application Data\Mozilla\plugins\npPxPlay.dll ( )
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Documents and Settings\Monte Leiferman\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\DOCUME~1\MONTEL~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOCUME~1\MONTEL~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\MONTEL~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\DOCUME~1\MONTEL~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

========================== Services (Whitelisted) =================

R2 BcmSqlStartupSvc; C:\microsoft outlook\Business Contact Manager\BcmSqlStartupSvc.exe [30312 2008-01-11] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45408 2008-11-24] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{d7b4d545-327d-3466-4d05-cecb6a7246e3}\   \   \???\{d7b4d545-327d-3466-4d05-cecb6a7246e3}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2009-08-26] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2009-08-26] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2009-08-26] (HP)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 RTLTEAMING; C:\Windows\System32\DRIVERS\RTLTEAMING.SYS [28800 2009-02-16] (Realtek Semiconductor Corporation)
S3 RTLVLAN; C:\Windows\System32\DRIVERS\RTLVLAN.SYS [17536 2009-02-16] (Realtek Semiconductor Corporation                           )
R2 RtNdPt5x; C:\Windows\System32\DRIVERS\RtNdPt5x.sys [22016 2008-07-09] (Realtek Semiconductor Corporation                           )
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-20 09:16 - 2013-11-20 09:16 - 00019721 _____ C:\Documents and Settings\Monte Leiferman\Desktop\FRST.txt
2013-11-20 09:16 - 2013-11-20 09:16 - 00000000 ____D C:\FRST
2013-11-20 09:14 - 2013-11-20 09:14 - 01090881 _____ (Farbar) C:\Documents and Settings\Monte Leiferman\Desktop\FRST.exe
2013-11-19 16:43 - 2013-11-19 16:43 - 00017196 _____ C:\Documents and Settings\Monte Leiferman\Desktop\attach.txt
2013-11-19 16:43 - 2013-11-19 16:43 - 00014292 _____ C:\Documents and Settings\Monte Leiferman\Desktop\dds.txt
2013-11-19 16:17 - 2013-11-20 09:09 - 00002523 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-19 15:53 - 2013-11-19 15:53 - 00081920 _____ C:\WINDOWS\Minidump\Mini111913-01.dmp
2013-11-19 15:53 - 2013-11-19 15:53 - 00000000 ____D C:\WINDOWS\Minidump
2013-11-19 15:18 - 2013-11-19 15:18 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-11-19 15:12 - 2013-11-19 15:12 - 00000786 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-19 11:49 - 2013-11-19 11:49 - 01319072 _____ C:\Stella Combo Pack.cdr
2013-11-19 11:48 - 2013-11-19 11:48 - 00000000 ____D C:\2014 New Products
2013-11-19 10:57 - 2013-11-19 10:57 - 00039347 _____ C:\Documents and Settings\Monte Leiferman\Desktop\Monst Prod November.xlsx
2013-11-18 08:29 - 2013-11-18 08:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2013-11-12 10:29 - 2013-11-12 13:45 - 00000000 ____D C:\2014 AB PLANS
2013-10-31 07:34 - 2013-10-31 07:35 - 00000000 ____D C:\2014 Monster
2013-10-21 07:11 - 2013-11-18 08:29 - 00001779 _____ C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk

==================== One Month Modified Files and Folders =======

2013-11-20 09:16 - 2013-11-20 09:16 - 00019721 _____ C:\Documents and Settings\Monte Leiferman\Desktop\FRST.txt
2013-11-20 09:16 - 2013-11-20 09:16 - 00000000 ____D C:\FRST
2013-11-20 09:14 - 2013-11-20 09:14 - 01090881 _____ (Farbar) C:\Documents and Settings\Monte Leiferman\Desktop\FRST.exe
2013-11-20 09:12 - 2012-06-26 06:27 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-20 09:12 - 2011-12-13 14:22 - 00000000 ___RD C:\Documents and Settings\Monte Leiferman\My Documents\Dropbox
2013-11-20 09:12 - 2011-12-13 14:19 - 00000000 ____D C:\Documents and Settings\Monte Leiferman\Application Data\Dropbox
2013-11-20 09:10 - 2012-10-21 14:24 - 00000490 _____ C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job
2013-11-20 09:10 - 2011-03-08 16:49 - 00000326 ___SH C:\WINDOWS\Tasks\fckmnfu.job
2013-11-20 09:10 - 2010-12-20 14:23 - 00000400 _____ C:\WINDOWS\Tasks\FileCure Startup.job
2013-11-20 09:10 - 2010-02-19 10:10 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-20 09:10 - 2008-04-25 15:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-20 09:10 - 2008-04-25 10:16 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-20 09:10 - 2008-04-25 03:25 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-11-20 09:10 - 2008-04-25 03:25 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-20 09:09 - 2013-11-19 16:17 - 00002523 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-20 09:09 - 2010-04-16 06:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979402_WM9$
2013-11-20 09:09 - 2009-12-21 14:15 - 00000278 ___SH C:\Documents and Settings\Monte Leiferman\ntuser.ini
2013-11-20 09:09 - 2008-04-25 15:32 - 00032386 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-20 08:45 - 2010-02-19 10:10 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-20 08:44 - 2010-10-07 12:38 - 00000000 ____D C:\Program Files\SelectRebates
2013-11-20 08:35 - 2012-06-19 08:07 - 00000000 ____D C:\Documents and Settings\Monte Leiferman\Desktop\outlook
2013-11-19 16:43 - 2013-11-19 16:43 - 00017196 _____ C:\Documents and Settings\Monte Leiferman\Desktop\attach.txt
2013-11-19 16:43 - 2013-11-19 16:43 - 00014292 _____ C:\Documents and Settings\Monte Leiferman\Desktop\dds.txt
2013-11-19 16:19 - 2009-12-24 06:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB973687$
2013-11-19 15:53 - 2013-11-19 15:53 - 00081920 _____ C:\WINDOWS\Minidump\Mini111913-01.dmp
2013-11-19 15:53 - 2013-11-19 15:53 - 00000000 ____D C:\WINDOWS\Minidump
2013-11-19 15:21 - 2008-04-25 15:32 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-11-19 15:20 - 2012-06-26 06:27 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-11-19 15:20 - 2011-06-15 08:52 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-11-19 15:20 - 2009-12-21 14:15 - 00000000 ____D C:\Documents and Settings\Monte Leiferman\Local Settings\Application Data\Adobe
2013-11-19 15:18 - 2013-11-19 15:18 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-11-19 15:13 - 2010-09-21 08:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-19 15:12 - 2013-11-19 15:12 - 00000786 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-19 15:12 - 2010-09-21 08:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-11-19 12:13 - 2010-02-19 10:06 - 00000000 ____D C:\Documents and Settings\Monte Leiferman\Local Settings\Application Data\Google
2013-11-19 12:13 - 2010-02-19 10:04 - 00000000 ____D C:\Program Files\Google
2013-11-19 11:49 - 2013-11-19 11:49 - 01319072 _____ C:\Stella Combo Pack.cdr
2013-11-19 11:48 - 2013-11-19 11:48 - 00000000 ____D C:\2014 New Products
2013-11-19 10:57 - 2013-11-19 10:57 - 00039347 _____ C:\Documents and Settings\Monte Leiferman\Desktop\Monst Prod November.xlsx
2013-11-19 09:31 - 2010-03-19 10:46 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-11-18 08:29 - 2013-11-18 08:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2013-11-18 08:29 - 2013-10-21 07:11 - 00001779 _____ C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
2013-11-18 08:29 - 2013-07-18 13:38 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-14 16:48 - 2013-09-23 14:33 - 00001815 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-11-13 18:00 - 2012-10-24 07:07 - 00000464 _____ C:\WINDOWS\Tasks\ParetoLogic Registration3.job
2013-11-13 15:41 - 2012-02-07 11:31 - 00133120 _____ C:\Documents and Settings\Monte Leiferman\Desktop\Rapid Transfer Form.xls
2013-11-12 13:45 - 2013-11-12 10:29 - 00000000 ____D C:\2014 AB PLANS
2013-11-08 09:08 - 2010-01-11 10:10 - 00000000 ____D C:\Documents and Settings\Monte Leiferman\Tracing
2013-11-08 08:02 - 2011-08-11 07:16 - 00000438 _____ C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
2013-11-07 09:01 - 2013-06-17 07:37 - 00000000 ____D C:\2013 Monthly PFP
2013-11-07 08:10 - 2008-04-25 03:22 - 00622926 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-07 03:24 - 2009-12-22 12:29 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2013-11-01 23:00 - 2010-12-20 14:23 - 00000384 _____ C:\WINDOWS\Tasks\FileCure Default.job
2013-11-01 10:58 - 2012-11-08 15:20 - 00000000 ____D C:\Documents and Settings\Monte Leiferman\Local Settings\Application Data\Deployment
2013-11-01 10:22 - 2010-02-02 12:08 - 00000000 ____D C:\Documents and Settings\Monte Leiferman\Local Settings\Application Data\Citrix
2013-10-31 13:59 - 2013-10-03 14:02 - 00056090 _____ C:\Documents and Settings\Monte Leiferman\Desktop\MonsterOCT. Order Form.xlsx
2013-10-31 13:59 - 2013-07-04 09:08 - 00070086 _____ C:\Documents and Settings\Monte Leiferman\Desktop\Peace Tea-July Product.xlsx
2013-10-31 07:35 - 2013-10-31 07:34 - 00000000 ____D C:\2014 Monster
2013-10-23 12:58 - 2013-07-25 13:23 - 00000000 ____D C:\2014 Pricing
ZeroAccess:
C:\Documents and Settings\Monte Leiferman\Local Settings\Application Data\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-11-2013
Ran by Monte Leiferman at 2013-11-20 09:17:03
Running from C:\Documents and Settings\Monte Leiferman\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 2.1.5)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.152)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 100.0.170.000)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
C4400 (Version: 100.0.206.000)
C4400_Help (Version: 100.0.206.000)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000)
Citrix Online Launcher (Version: 1.0.141)
Citrix online plug-in - web (Version: 11.2.0.31560)
Citrix online plug-in (DV) (Version: 11.2.0.31560)
Citrix online plug-in (HDX) (Version: 11.2.0.31560)
Citrix online plug-in (USB) (Version: 11.2.0.31560)
Citrix online plug-in (Web) (Version: 11.2.0.31560)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
CompetitiveCodeBook (Version: 4.0)
Copy (Version: 100.0.170.000)
CorelDRAW 11 SA (Version: 11)
CorelDRAW Graphics Suite X4 - Capture (Version: 14.1)
CorelDRAW Graphics Suite X4 - Content (Version: 14.1)
CorelDRAW Graphics Suite X4 - Draw (Version: 14.1)
CorelDRAW Graphics Suite X4 - Filters (Version: 14.1)
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.1)
CorelDRAW Graphics SUite X4 - ICA (Version: 14.1)
CorelDRAW Graphics Suite X4 - IPM (Version: 14.1)
CorelDRAW Graphics Suite X4 - Lang BR (Version: 14.1)
CorelDRAW Graphics Suite X4 - Lang EN (Version: 14.1)
CorelDRAW Graphics Suite X4 - Lang ES (Version: 14.1)
CorelDRAW Graphics Suite X4 - Lang FR (Version: 14.1)
CorelDRAW Graphics Suite X4 - PP (Version: 14.1)
CorelDRAW Graphics Suite X4 - VBA (Version: 14.1)
CorelDRAW Graphics Suite X4 (Version: 14.1)
CorelDRAW SA 11 (Version: 11)
CorelDRAW® Graphics Suite X4
CorelDRAW® Graphics Suite X4 - Windows Shell Extension
CorelDRAW® Graphics Suite X4 - Windows Shell Extension (Version: 1.1)
CustomerResearchQFolder (Version: 1.00.0000)
Dell Backup and Recovery Manager (Version: 1.0.0)
Destination Component (Version: 100.0.0.0)
DeviceDiscovery (Version: 100.0.190.000)
DeviceManagementQFolder (Version: 1.00.0000)
Diagnostic Utility (Version: 1.00.0000)
DocProc (Version: 10.0.0.0)
DocProcQFolder (Version: 1.00.0000)
Dropbox (HKCU Version: 2.0.22)
ESET Online Scanner v3
eSupportQFolder (Version: 1.00.0000)
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892) (Version: 9.3.4053)
Google Chrome (Version: 31.0.1650.57)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4601.54)
Google Update Helper (Version: 1.3.21.165)
GoToMeeting 5.7.0.1172 (HKCU Version: 5.7.0.1172)
GPBaseService (Version: 100.0.187.000)
GPBaseService2 (Version: 130.0.371.000)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3 (Version: 10.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.002.005.003)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000)
HPProductAssistant (Version: 130.0.371.000)
Image Extractor (Version: 2.1.0)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes (Version: 11.1.0.126)
Java Auto Updater (Version: 2.0.3.1)
Java 6 Update 24 (Version: 6.0.240)
JDA PDF Writer (Version: 7.7.0.0002)
JDA Space Automation (Version: 7.7.0.0012)
JDA Space Planning (Version: 7.7.1.0011)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 100.0.170.000)
McAfee Security Scan Plus (Version: 3.8.130.10)
Micro Vane Workstation 5.4 (Version: 5.04.0000)
Micro Vane Workstation 5.5 (Version: 5.05.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Default Manager (Version: 2.1.54.0)
Microsoft Office 2000 Premium (Version: 9.00.2720)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.215)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Professional 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional 2007 Trial (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Standard 2007 (Version: 12.0.6425.1000)
Microsoft Office Standard 2007 Trial (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Search Enhancement Pack (Version: 3.0.126.0)
Microsoft Silverlight (Version: 4.0.60129.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6425.1000)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.3.4035.00)
Microsoft SQL Server Native Client (Version: 9.00.4035.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.4035.00)
Microsoft SQL Server VSS Writer (Version: 9.00.4035.00)
Microsoft UI Engine (Version: 4.0.0318.1)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works (Version: 9.7.0621)
MSN Toolbar (Version: 4.0.0379.0)
MSN Toolbar Platform (Version: 4.0.0379.0)
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
OCR Software by I.R.I.S. 10.0 (Version: 10.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PanoStandAlone (Version: 100.0.170.000)
ParetoLogic FileCure (Version: 2.0.0.0)
Photodex Presenter
PowerDVD DX (Version: 8.2.5024)
Profitability Calculator (Version: 3.5.0)
PS_AIO_03_C4400_ProductContext (Version: 100.0.215.000)
PS_AIO_03_C4400_Software (Version: 100.0.206.000)
PS_AIO_03_C4400_Software_Min (Version: 100.0.213.000)
PSSWCORE (Version: 2.02.0000)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE 10.3 (Version: 10.3)
Roxio Creator DE 10.3 (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio Update Manager (Version: 6.0.0)
Scan (Version: 10.1.0.0)
ShopAtHome SelectRebates
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 130.0.373.000)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Status (Version: 100.0.175.000)
Toolbox (Version: 100.0.170.000)
TrayApp (Version: 100.0.170.000)
UnloadSupport (Version: 10.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb2291599)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951618-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
VBA (2627.01) (Version: 6.03.00.9188)
VideoToolkit01 (Version: 100.0.128.000)
Visual Basic for Applications ® Core - English (Version: 6.4.99.69)
Visual Basic for Applications ® Core (Version: 6.4.99.69)
WebEx
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 100.0.170.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Search 4.0 (Version: 04.00.6001.503)
XML Paper Specification Shared Components Pack 1.0
Yahoo! Detect
Yahoo! Toolbar

==================== Restore Points  =========================

22-08-2013 17:05:57 System Checkpoint
23-08-2013 18:38:49 System Checkpoint
26-08-2013 13:05:47 System Checkpoint
27-08-2013 14:27:32 System Checkpoint
28-08-2013 17:07:56 System Checkpoint
29-08-2013 17:11:42 System Checkpoint
30-08-2013 17:13:16 System Checkpoint
03-09-2013 17:14:51 System Checkpoint
04-09-2013 17:28:29 System Checkpoint
06-09-2013 10:31:13 System Checkpoint
09-09-2013 13:29:28 System Checkpoint
10-09-2013 17:16:05 System Checkpoint
11-09-2013 17:00:27 Removed Microsoft Office Live Meeting 2007
11-09-2013 17:00:40 Installed Microsoft Office Live Meeting 2007
16-09-2013 17:26:09 System Checkpoint
17-09-2013 22:04:59 System Checkpoint
18-09-2013 22:20:29 System Checkpoint
19-09-2013 22:59:06 System Checkpoint
23-09-2013 17:57:57 System Checkpoint
24-09-2013 20:40:53 System Checkpoint
25-09-2013 21:37:06 System Checkpoint
26-09-2013 21:50:36 System Checkpoint
27-09-2013 22:14:23 System Checkpoint
30-09-2013 14:59:50 System Checkpoint
01-10-2013 15:00:13 System Checkpoint
02-10-2013 15:29:36 System Checkpoint
03-10-2013 15:48:45 System Checkpoint
04-10-2013 17:40:23 System Checkpoint
07-10-2013 16:50:03 System Checkpoint
08-10-2013 17:28:41 System Checkpoint
09-10-2013 17:32:59 System Checkpoint
10-10-2013 17:48:25 System Checkpoint
11-10-2013 21:01:20 System Checkpoint
12-10-2013 21:14:03 System Checkpoint
14-10-2013 14:57:09 System Checkpoint
15-10-2013 17:35:22 System Checkpoint
16-10-2013 21:38:13 System Checkpoint
18-10-2013 15:33:44 System Checkpoint
21-10-2013 17:56:25 System Checkpoint
22-10-2013 19:53:41 System Checkpoint
23-10-2013 19:55:53 System Checkpoint
28-10-2013 13:07:07 System Checkpoint
29-10-2013 15:01:47 System Checkpoint
30-10-2013 16:01:21 System Checkpoint
31-10-2013 17:07:34 System Checkpoint
01-11-2013 20:05:09 System Checkpoint
07-11-2013 18:36:22 System Checkpoint
08-11-2013 20:55:40 System Checkpoint
12-11-2013 18:33:16 System Checkpoint
13-11-2013 18:50:58 System Checkpoint
14-11-2013 23:17:24 System Checkpoint
18-11-2013 15:44:08 System Checkpoint
19-11-2013 17:21:57 System Checkpoint

==================== Hosts content: ==========================

2011-04-12 12:15 - 2011-04-12 12:15 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\fckmnfu.job => ?
Task: C:\WINDOWS\Tasks\FileCure Default.job => C:\Program Files\ParetoLogic\FileCure\FileCure.exe
Task: C:\WINDOWS\Tasks\FileCure Startup.job => C:\Program Files\ParetoLogic\FileCure\FileCure.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe

==================== Loaded Modules (whitelisted) =============

2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-13 14:48 - 2013-03-13 14:48 - 24978944 _____ () C:\Documents and Settings\Monte Leiferman\Application Data\Dropbox\bin\libcef.dll
2010-10-07 12:38 - 2010-08-09 14:25 - 00177616 _____ () C:\Program Files\SelectRebates\SRebates.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/19/2013 03:21:53 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium.  The Windows installer cannot continue.

Error: (11/19/2013 01:37:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2652406

Error: (11/19/2013 01:37:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2652406

Error: (11/19/2013 01:37:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/19/2013 01:33:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2432625

Error: (11/19/2013 01:33:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2432625

Error: (11/19/2013 01:33:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/19/2013 01:33:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2416921

Error: (11/19/2013 01:33:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2416921

Error: (11/19/2013 01:33:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (11/20/2013 09:11:56 AM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (11/20/2013 09:11:50 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (11/20/2013 09:10:23 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (11/20/2013 08:25:38 AM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (11/20/2013 08:25:30 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (11/19/2013 04:45:23 PM) (Source: 0) (User: )
Description: \Device\Ide\iaStor0

Error: (11/19/2013 04:21:36 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (11/19/2013 04:21:24 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (11/19/2013 03:55:04 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (11/19/2013 03:54:45 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Microsoft Office Sessions:
=========================
Error: (07/09/2013 07:32:44 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/31/2012 11:06:45 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 5219 seconds with 660 seconds of active time.  This session ended with a crash.

Error: (10/09/2012 06:59:10 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/03/2012 03:48:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 26231 seconds with 4020 seconds of active time.  This session ended with a crash.

Error: (09/26/2011 02:32:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 7533 seconds with 720 seconds of active time.  This session ended with a crash.

Error: (04/21/2011 01:20:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 100 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (11/19/2010 07:57:28 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 63143 seconds with 3960 seconds of active time.  This session ended with a crash.

Error: (08/12/2010 01:55:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 1458 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (01/14/2010 09:02:48 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 83 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (01/07/2010 07:06:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23711 seconds with 1500 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 2012.91 MB
Available physical RAM: 1110.33 MB
Total Pagefile: 3905.28 MB
Available Pagefile: 3136.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.66 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:232.79 GB) (Free:197.86 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Dec 15 2011) (CDROM) (Total:0.69 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[kevinf80]

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware,

Make sure that everything is checked, and click Remove Selected on any found items.

Post the produced log
 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

• Double click on AdwCleaner.exe to run the tool.
  
• Vista/Windows 7/8 users right-click and select Run As Administrator
  
• Click on the Scan button.
  
• AdwCleaner will begin...be patient as the scan may take some time to complete.
  
• When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  
• Look over the log especially under Files/Folders for any program you want to save.
  
• If there's a program you want to save, just uncheck it from AdwCleaner.
  
• If you're not sure, post the log for review.
  
• If you're ready to clean it all up.....click the Clean button.
  
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  
• Copy and paste the contents of that logfile in your next reply.
  
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  
• To restore an item that has been deleted (if necessary):
  
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
  

 

Next,

 

Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

 

• The file will be randomly named
  
• Reboot to safe mode
  
• Run Dr Web
  
• Tick the I agree box and select continue
  
• Click select objects for scanning
   
  
   
  
• Tick all boxes as shown
  
• Click the wrench and select automatically apply actions to threats
   
  
   
  
• Press start scan
  
• The scan will now commence
   
  
   
  
• Once the scan has finished click open report
   
  
   
  
• A notepad will open
  
• Select File > Save as..
  
• Save it to your desktop
  

 

This log will be excessive, Attach it to your next reply…

 

Next,

 

Download Security Check by screen317 from either of the following:
http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 

Post those logs in next reply...

 

Kevin...

 

 

 

 

 

 

 

 

fixlist.txt

[levers]

Thank you! I will proceed with these steps immediately.

 

In the meantime I discovered that another co-workers laptop is infected as well - we suspect through a forwarded email. I assume I should start a separate topic for that with the appropriate log files? (Should I include an FRST scan?)

[levers]

_{Went ahead and started a new thread for the other infected unit here: https://forums.malwarebytes.org/index.php?showtopic=136949}

[levers]

FRST Fix log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-11-2013
Ran by Monte Leiferman at 2013-11-20 12:49:31 Run:1
Running from C:\Documents and Settings\Monte Leiferman\Desktop\MalwareRemoval
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [selectRebates] - C:\Program Files\SelectRebates\SelectRebates.exe [885216 2010-08-09] ()
C:\Program Files\SelectRebates
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{d7b4d545-327d-3466-4d05-cecb6a7246e3}\   \   \???\{d7b4d545-327d-3466-4d05-cecb6a7246e3}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
2013-11-20 09:10 - 2011-03-08 16:49 - 00000326 ___SH C:\WINDOWS\Tasks\fckmnfu.job
C:\Documents and Settings\Monte Leiferman\Local Settings\Application Data\Google\Desktop\Install
C:\Program Files\Google\Desktop\Install
End

 

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SelectRebates => Value deleted successfully.
C:\Program Files\SelectRebates => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
*etadpug => Service deleted successfully.
Could not move "C:\WINDOWS\Tasks\fckmnfu.job" => Scheduled to move on reboot.
C:\Documents and Settings\Monte Leiferman\Local Settings\Application Data\Google\Desktop\Install => Moved successfully.
C:\Program Files\Google\Desktop\Install => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2013-11-20 13:01:29)<=

C:\WINDOWS\Tasks\fckmnfu.job => Is moved successfully.

==== End of Fixlog ====

[levers]

Malwarebytes log:

 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.20.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Monte Leiferman :: MONTEL [administrator]

Protection: Enabled

11/20/2013 1:06:58 PM
mbam-log-2013-11-20 (13-06-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 259117
Time elapsed: 17 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[levers]

AdwCleaner log:

 

# AdwCleaner v3.012 - Report created 20/11/2013 at 13:40:48
# Updated 11/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Monte Leiferman - MONTEL
# Running from : C:\Documents and Settings\Monte Leiferman\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\ParetoLogic
Folder Deleted : C:\Program Files\ParetoLogic
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
File Deleted : C:\WINDOWS\Tasks\paretologic registration3.job
File Deleted : C:\WINDOWS\Tasks\paretologic update version3.job

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\ParetoLogic

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v31.0.1650.57

[ File : C:\Documents and Settings\Monte Leiferman\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3499 octets] - [20/11/2013 13:34:02]
AdwCleaner[s0].txt - [3488 octets] - [20/11/2013 13:40:48]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3548 octets] ##########

[levers]

I ran the Dr.Web CureIt! scan and it said "no threats detected" but there was no option or link given to open the report or to save it.

 

Also when selecting objects for scanning "Autorun objects" was not an option as shown in the instruction images you posted.

[levers]

And finally the security check log:

 

 Results of screen317's Security Check version 0.99.77 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 6 Update 24 
 Java version out of Date!
 Adobe Reader 9 
 Adobe Reader XI 
 Google Chrome 31.0.1650.48 
 Google Chrome 31.0.1650.57 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 24% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

[kevinf80]

Do you have no Anti-Virus security program installed? do not see any in Security Check list.... If this is true install Microsoft Security Essentials from the following link:

 

http://www.microsoft.com/en-gb/download/details.aspx?id=5201

 

Install, update and run Quick Scan, let me know if any malware is found.

 

Next,

 

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

 

Let me know if the above completes, also if there are any remaining issues or concerns....

 

Kevin

[levers]

The computer's actual owner is on vaction for the next few days so I cannot find out for certain, but I believe he used to have MSE installed. I do not see it on here now though, so he must have uninstalled it for some reason and apparently did not replace it with anything else. However, the other computer I've been working on had MSE installed and active and it let this same infection through without detection. Is there a different free anti-virus I could install for them that would perhaps do a better job??

 

I will get busy with the Java upgrading in the meantime.

 

Thanks again very much for your time and assistance with this!

[kevinf80]

Let me know when you complete with Java. If you prefer to use a different set up have a look here:

 

http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software

[levers]

Java is all updated and old version removed. I think I will wait until the owner is back on Monday to ask what he would like to do regarding antivirus (stressing that he should have one) and will post back with a scan result at that time.

 

Anything else I should do in the meantime?

[kevinf80]

We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

• Turn off the real time scanner of any existing antivirus program while performing the online scan
  
• click on the Run ESET Online Scanner button
  
• Tick the box next to YES, I accept the Terms of Use.
  Click Start
  
• When asked, allow the add/on to be installed
  Click Start
  
• Make sure that the option Remove found threats is unticked
  
• Click on Advanced Settings, ensure the options
  
• Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  Click Scan
  
• wait for the virus definitions to be downloaded
  
• Wait for the scan to finish
  

 

When the scan is complete

 

• If no threats were found
  
• put a checkmark in "Uninstall application on close"
  
• close program
  
• report to me that nothing was found
  

 

If threats were found

 

• click on "list of threats found"
  
• click on "export to text file" and save it as ESET SCAN and save to the desktop
  
• Click on back
  
• put a checkmark in "Uninstall application on close"
  
• click on finish
  

 

close program

 

copy and paste the report here

 

If thi log comes back clean we can remove all tools etc....

 

Kevin

[levers]

Scan done. Only found 1 threat:

 

C:\Documents and Settings\Monte Leiferman\Local Settings\Temporary Internet Files\Content.IE5\BLD90P3D\rkvswicyja[1].js HTML/Iframe.B.Gen virus
 

[kevinf80]

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

 

http://oldtimer.geekstogo.com/OTM.exe.

http://www.itxassociates.com/OT-Tools/OTM.com

http://www.itxassociates.com/OT-Tools/OTM.exe 

 

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

• Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Filles
   

  :FilesC:\Documents and Settings\Monte Leiferman\Local Settings\Temporary Internet Files\Content.IE5\BLD90P3D\rkvswicyja[1].js:Commands[EmptyTemp]

   
  
• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTM
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

 

If the machine reboots, the Results log can be found here:

 

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

 

Where mmddyyyy_hhmmss is the date of the tool run.

 

How is your system responding now, any remaining issues or concerns...

 

Kevin...

[levers]

I'm out of the office now until Monday morning. I will do this first thing when I return and report back.

 

Thank you for your patience!

[kevinf80]

Ok, thanks for the update, post back when your ready....

[levers]

Hi Kevin, I am back and attempting the previous instructions. Should the MoveIt process with OTM take very long?

 

It's been running now for over 30 minutes but shows no indication that it is doing anything other than the hourglass cursor, and the desktop did not disappear.

 

Just wondering if it hung or if I simply need to be patient...

[levers]

Finally got it to run in safe mode.

 

Here's the log file:

 

All processes killed
========== FILES ==========
C:\Documents and Settings\Monte Leiferman\Local Settings\Temporary Internet Files\Content.IE5\BLD90P3D\rkvswicyja[1].js moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 321 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->Flash cache emptied: 41941 bytes
 
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 41550620 bytes
 
User: Monte Leiferman
->Temp folder emptied: 5458921 bytes
->Temporary Internet Files folder emptied: 1031955222 bytes
->Java cache emptied: 35990707 bytes
->Google Chrome cache emptied: 11934007 bytes
->Flash cache emptied: 113378 bytes
 
User: NetworkService
->Temp folder emptied: 844276 bytes
->Temporary Internet Files folder emptied: 32456811 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 138138 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 77832527 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1202766 bytes
RecycleBin emptied: 153629994 bytes
 
Total Files Cleaned = 1,329.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 11252013_141845
 

[kevinf80]

What is the statas of the system now, are there any remaining issues or concerns....

[levers]

Sorry for the delay. System seems to be running OK now as far as I can tell.

[kevinf80]

Excellent, do this;

 

We need to remove FRST, first it is very important to deal with its Quarantine folder using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful. 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

Uninstall adwcleaner.exe

•   Please close all open programs and internet browsers.
  
•   Double click on adwcleaner.exe to run the tool.
  
•   Click on Uninstall
  
• Click Yes at Would you like to Uninstall Adwcleaner
  

 

Next,

 

• Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
  
• Double click icon to start the program.
  If you are using Vista or Windows 7 accept UAC
  
• Then Click the big button.
  
• You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  
• Restart your computer when prompted.
  
• This will remove tools we have used and itself.
  

 

Any tools/logs remaining on the Desktop or downloads folder can be deleted.

 

If those steps complete and there are no remaining issues or concerns read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Kevin....

 

 

 

 

 

 

 

fixlist.txt