Jump to content

Recommended Posts

Trying to help a friend who's computer is in very bad shape. Logs are below. Thanks in advance.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Sue Bartlett at 18:05:17 on 2014-02-04
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.2146 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\InternetUpdater\InternetUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\All Users\Application Data\Updater\Updater.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\lucky leap\updateluckyleap.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Sue Bartlett\Application Data\CBS Interactive\Download App\CBSI.AppStore.Main.exe
C:\Program Files\lucky leap\bin\utilluckyleap.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\All Users\Application Data\RHelpers\ChromeHelper\ChromeHelper.exe
C:\Documents and Settings\All Users\Application Data\RHelpers\FireFoxHelper\FireFoxHelper.exe
C:\Documents and Settings\All Users\Application Data\RHelpers\IEHelper\IeHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.


uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll
BHO: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - <orphaned>
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [updater] c:\documents and settings\all users\application data\updater\Updater.exe
uRun: [sgworks] regsvr32.exe "c:\documents and settings\sue bartlett\local settings\application data\sgworks\CNBP_254.DLL"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\suebar~1\startm~1\programs\startup\downlo~1.lnk - c:\documents and settings\sue bartlett\application data\cbs interactive\download app\CBSI.AppStore.Main.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe








TCP: NameServer = 192.168.1.254
TCP: Interfaces\{A4FBAB09-9F29-4CC4-855B-0060D38C4D84} : DHCPNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - <orphaned>
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.3.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 214696]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-9-26 37664]
R2 InternetUpdater;Internet Updater;c:\documents and settings\all users\application data\internetupdater\InternetUpdaterService.exe [2013-12-5 40448]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2009-3-4 8960]
R2 Update lucky leap;Update lucky leap;c:\program files\lucky leap\updateluckyleap.exe [2013-8-29 103200]
R2 Util lucky leap;Util lucky leap;c:\program files\lucky leap\bin\utilluckyleap.exe [2013-10-2 103200]
R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files\common files\avg secure search\vtoolbarupdater\17.3.0\ToolbarUpdater.exe [2014-1-5 1771544]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-3-4 110080]
S1 kseigfxc;kseigfxc;\??\c:\windows\system32\drivers\kseigfxc.sys --> c:\windows\system32\drivers\kseigfxc.sys [?]
S1 MpKslb0ed6b0a;MpKslb0ed6b0a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{06818d99-9c92-4428-a517-f17afde97484}\mpkslb0ed6b0a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{06818d99-9c92-4428-a517-f17afde97484}\MpKslb0ed6b0a.sys [?]
S1 uehmqhrr;uehmqhrr;\??\c:\windows\system32\drivers\uehmqhrr.sys --> c:\windows\system32\drivers\uehmqhrr.sys [?]
S2 CltMngSvc;Search Protect by Conduit Service;c:\progra~1\searchprotect\main\bin\cltmngsvc.exe --> c:\progra~1\searchprotect\main\bin\CltMngSvc.exe [?]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2009-3-4 11264]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2011-1-1 34136]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2009-3-4 16640]
.
=============== Created Last 30 ================
.
2014-02-04 23:40:27 62576 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c4377d17-ad20-425c-a9fe-79495e99953e}\offreg.dll
2014-02-04 23:39:15 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c4377d17-ad20-425c-a9fe-79495e99953e}\mpengine.dll
2014-02-04 15:36:37 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2014-02-04 15:36:37 -------- d-----w- c:\program files\Belarc
2014-02-04 15:34:01 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-04 15:34:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-04 15:31:05 98816 ----a-w- c:\windows\sed.exe
2014-02-04 15:31:05 256000 ----a-w- c:\windows\PEV.exe
2014-02-04 15:31:05 208896 ----a-w- c:\windows\MBR.exe
2014-02-02 19:49:35 7760024 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-01-14 21:16:45 -------- d-----w- c:\documents and settings\sue bartlett\local settings\application data\Sgworks
.
==================== Find3M  ====================
.
2014-02-04 23:35:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-04 23:35:27 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-14 01:22:03 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
.
============= FINISH: 18:05:46.15 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/20/2009 10:30:48 AM
System Uptime: 2/4/2014 5:27:58 PM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0P301D
Processor: Intel® Core2 Duo CPU     E7400  @ 2.80GHz | Socket 775 | 2792/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 202.153 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP694: 11/5/2013 2:31:39 AM - System Checkpoint
RP695: 11/5/2013 7:08:03 AM - Software Distribution Service 3.0
RP696: 11/6/2013 7:07:14 AM - Software Distribution Service 3.0
RP697: 11/7/2013 7:07:25 AM - Software Distribution Service 3.0
RP698: 11/8/2013 7:07:28 AM - Software Distribution Service 3.0
RP699: 11/10/2013 2:33:27 PM - Software Distribution Service 3.0
RP700: 11/11/2013 2:32:50 PM - Software Distribution Service 3.0
RP701: 11/12/2013 2:39:19 PM - Software Distribution Service 3.0
RP702: 11/13/2013 2:39:34 PM - Software Distribution Service 3.0
RP703: 11/13/2013 7:00:18 PM - Software Distribution Service 3.0
RP704: 11/14/2013 7:30:08 PM - Software Distribution Service 3.0
RP705: 11/15/2013 7:30:16 PM - Software Distribution Service 3.0
RP706: 11/16/2013 7:32:20 PM - Software Distribution Service 3.0
RP707: 11/17/2013 1:51:32 AM - Software Distribution Service 3.0
RP708: 11/17/2013 7:29:27 PM - Software Distribution Service 3.0
RP709: 11/18/2013 7:00:14 PM - Software Distribution Service 3.0
RP710: 11/19/2013 7:14:25 PM - Software Distribution Service 3.0
RP711: 11/20/2013 7:11:55 PM - Software Distribution Service 3.0
RP712: 11/21/2013 7:12:05 PM - Software Distribution Service 3.0
RP713: 11/22/2013 7:12:18 PM - Software Distribution Service 3.0
RP714: 11/23/2013 7:11:30 PM - Software Distribution Service 3.0
RP715: 11/24/2013 2:31:23 AM - Software Distribution Service 3.0
RP716: 11/24/2013 7:10:43 PM - Software Distribution Service 3.0
RP717: 11/25/2013 7:11:37 PM - Software Distribution Service 3.0
RP718: 11/26/2013 7:11:34 PM - Software Distribution Service 3.0
RP719: 11/27/2013 7:11:46 PM - Software Distribution Service 3.0
RP720: 11/28/2013 7:27:03 PM - System Checkpoint
RP721: 11/29/2013 7:28:08 PM - System Checkpoint
RP722: 11/30/2013 6:34:18 PM - Software Distribution Service 3.0
RP723: 12/1/2013 1:51:04 AM - Software Distribution Service 3.0
RP724: 12/1/2013 6:34:41 PM - Software Distribution Service 3.0
RP725: 12/2/2013 6:34:43 PM - Software Distribution Service 3.0
RP726: 12/3/2013 6:34:52 PM - Software Distribution Service 3.0
RP727: 12/4/2013 6:35:10 PM - Software Distribution Service 3.0
RP728: 12/5/2013 6:35:15 PM - Software Distribution Service 3.0
RP729: 12/7/2013 8:45:49 PM - Software Distribution Service 3.0
RP730: 12/9/2013 3:41:20 PM - Software Distribution Service 3.0
RP731: 12/10/2013 3:54:14 PM - Software Distribution Service 3.0
RP732: 12/11/2013 3:54:42 PM - Software Distribution Service 3.0
RP733: 12/12/2013 3:54:58 PM - Software Distribution Service 3.0
RP734: 12/12/2013 7:00:19 PM - Software Distribution Service 3.0
RP735: 12/13/2013 7:00:14 PM - Software Distribution Service 3.0
RP736: 12/13/2013 8:22:31 PM - Software Distribution Service 3.0
RP737: 12/14/2013 8:22:04 PM - Software Distribution Service 3.0
RP738: 12/15/2013 2:07:49 AM - Software Distribution Service 3.0
RP739: 12/16/2013 2:14:52 AM - System Checkpoint
RP740: 12/16/2013 9:11:43 PM - Software Distribution Service 3.0
RP741: 12/17/2013 9:11:09 PM - Software Distribution Service 3.0
RP742: 12/18/2013 9:10:06 PM - Software Distribution Service 3.0
RP743: 12/19/2013 9:09:06 PM - Software Distribution Service 3.0
RP744: 12/20/2013 9:09:16 PM - Software Distribution Service 3.0
RP745: 12/21/2013 9:23:28 PM - System Checkpoint
RP746: 12/22/2013 2:11:16 AM - Software Distribution Service 3.0
RP747: 12/22/2013 3:30:50 PM - Software Distribution Service 3.0
RP748: 12/23/2013 3:30:54 PM - Software Distribution Service 3.0
RP749: 12/26/2013 6:42:27 PM - System Checkpoint
RP750: 12/27/2013 4:35:53 PM - Software Distribution Service 3.0
RP751: 12/28/2013 4:36:03 PM - Software Distribution Service 3.0
RP752: 12/29/2013 1:43:38 AM - Software Distribution Service 3.0
RP753: 12/29/2013 4:36:09 PM - Software Distribution Service 3.0
RP754: 12/30/2013 4:36:20 PM - Software Distribution Service 3.0
RP755: 12/31/2013 4:36:26 PM - Software Distribution Service 3.0
RP756: 1/1/2014 4:36:38 PM - Software Distribution Service 3.0
RP757: 1/2/2014 8:28:14 PM - Software Distribution Service 3.0
RP758: 1/3/2014 8:27:56 PM - Software Distribution Service 3.0
RP759: 1/4/2014 8:28:19 PM - Software Distribution Service 3.0
RP760: 1/5/2014 8:29:01 PM - Software Distribution Service 3.0
RP761: 1/6/2014 8:28:42 PM - Software Distribution Service 3.0
RP762: 1/7/2014 8:27:50 PM - Software Distribution Service 3.0
RP763: 1/8/2014 8:28:10 PM - Software Distribution Service 3.0
RP764: 1/9/2014 8:29:03 PM - Software Distribution Service 3.0
RP765: 1/10/2014 8:28:00 PM - Software Distribution Service 3.0
RP766: 1/11/2014 8:27:52 PM - Software Distribution Service 3.0
RP767: 1/12/2014 2:27:46 AM - Software Distribution Service 3.0
RP768: 1/12/2014 8:28:13 PM - Software Distribution Service 3.0
RP769: 1/13/2014 8:27:51 PM - Software Distribution Service 3.0
RP770: 1/14/2014 7:00:14 PM - Software Distribution Service 3.0
RP771: 1/14/2014 8:27:34 PM - Software Distribution Service 3.0
RP772: 1/15/2014 1:03:23 AM - Software Distribution Service 3.0
RP773: 1/15/2014 5:03:29 AM - Software Distribution Service 3.0
RP774: 1/15/2014 9:03:34 AM - Software Distribution Service 3.0
RP775: 1/15/2014 1:03:41 PM - Software Distribution Service 3.0
RP776: 1/15/2014 5:03:42 PM - Software Distribution Service 3.0
RP777: 1/15/2014 7:00:18 PM - Software Distribution Service 3.0
RP778: 1/16/2014 7:23:50 PM - System Checkpoint
RP779: 1/16/2014 7:31:31 PM - Software Distribution Service 3.0
RP780: 1/17/2014 12:25:01 AM - Software Distribution Service 3.0
RP781: 1/17/2014 4:25:14 AM - Software Distribution Service 3.0
RP782: 1/17/2014 8:25:16 AM - Software Distribution Service 3.0
RP783: 1/17/2014 4:25:30 PM - Software Distribution Service 3.0
RP784: 1/17/2014 8:25:29 PM - Software Distribution Service 3.0
RP785: 1/18/2014 8:26:07 PM - Software Distribution Service 3.0
RP786: 1/19/2014 8:59:10 PM - System Checkpoint
RP787: 1/19/2014 9:39:22 PM - Software Distribution Service 3.0
RP788: 1/20/2014 10:30:29 PM - System Checkpoint
RP789: 1/21/2014 7:59:04 PM - Software Distribution Service 3.0
RP790: 1/22/2014 7:58:37 PM - Software Distribution Service 3.0
RP791: 1/23/2014 7:58:57 PM - Software Distribution Service 3.0
RP792: 1/24/2014 7:58:40 PM - Software Distribution Service 3.0
RP793: 1/25/2014 7:58:26 PM - Software Distribution Service 3.0
RP794: 1/26/2014 2:27:23 AM - Software Distribution Service 3.0
RP795: 1/26/2014 7:58:55 PM - Software Distribution Service 3.0
RP796: 1/27/2014 7:58:56 PM - Software Distribution Service 3.0
RP797: 1/28/2014 7:58:26 PM - Software Distribution Service 3.0
RP798: 1/29/2014 9:23:35 PM - Software Distribution Service 3.0
RP799: 1/31/2014 1:56:10 PM - Software Distribution Service 3.0
RP800: 1/31/2014 4:05:05 PM - Removed Skype Toolbars
RP801: 1/31/2014 4:05:42 PM - Removed Skype™ 5.10
RP802: 2/1/2014 1:50:26 PM - Software Distribution Service 3.0
RP803: 2/2/2014 2:13:05 AM - Software Distribution Service 3.0
RP804: 2/2/2014 1:49:32 PM - Software Distribution Service 3.0
RP805: 2/4/2014 9:27:28 AM - starting
RP806: 2/4/2014 5:39:01 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Reader XI (11.0.06)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Yahoo! Internet Mail
ATT-PRT22
AVG SafeGuard toolbar
Belarc Advisor 8.4
Bonjour
BufferChm
C4400
C4400_Help
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Choice Guard
Copy
CustomerResearchQFolder
Cyber Security
Dell Driver Download Manager
Dell Support Center
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Diagnostics Utility
DocProc
DocProcQFolder
Download App
eSupportQFolder
FL2003 Registration
Google Chrome
Google Update Helper
GPBaseService
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 2.5
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Internet Updater
iTunes
Java Auto Updater
Java 6 Update 26
Junk Mail filter update
Lernout & Hauspie TruVoice American English TTS Engine
lucky leap 3.0.0
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
OCR Software by I.R.I.S. 10.0
OGA Notifier 2.0.0048.0
PanoStandAlone
PowerDVD
PS_AIO_03_C4400_ProductContext
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PSSWCORE
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.85
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Sonic CinePlayer Decoder Pack
Status
Toolbox
TrayApp
Tube Dimmer
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Updater
VideoToolkit01
VisualBee for Microsoft PowerPoint
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Presentation Foundation
WordExtra
XML Paper Specification Shared Components Pack 1.0
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
2/4/2014 9:48:20 AM, error: Service Control Manager [7000]  - The Search Protect by Conduit Service service failed to start due to the following error:  The system cannot find the path specified.
2/4/2014 9:33:06 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  New Signature Version:   Previous Signature Version: 1.165.3156.0  Update Source: Microsoft Update Server  Update Stage: Search  Source Path: http://www.microsoft.com  Signature Type: AntiVirus  Update Type: Full  User: NT AUTHORITY\SYSTEM  Current Engine Version:   Previous Engine Version: 1.1.10201.0  Error code: 0x8024402c  Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/4/2014 9:29:28 AM, error: Service Control Manager [7034]  - The Internet Updater service terminated unexpectedly.  It has done this 1 time(s).
1/29/2014 9:07:29 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  tmtdi
1/29/2014 9:07:29 PM, error: Service Control Manager [7022]  - The HP CUE DeviceDiscovery Service service hung on starting.
1/29/2014 10:41:27 AM, error: Service Control Manager [7031]  - The Remote Procedure Call (RPC) service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Thanks for the help. All instructions read and restore point created before scan. Here is the report.

 

RogueKiller V8.8.5 [Feb  3 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Sue Bartlett [Admin rights]
Mode : Scan -- Date : 02/05/2014 09:32:41
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 8 ¤¤¤
[sUSP PATH][DLL] explorer.exe -- C:\Documents and Settings\Sue Bartlett\Local Settings\Application Data\Sgworks\CNBP_254.DLL [x] -> UNLOADED
[sUSP PATH] InternetUpdaterService.exe -- C:\Documents and Settings\All Users\Application Data\InternetUpdater\InternetUpdaterService.exe [-] -> KILLED [TermProc]
[sUSP PATH] updater.exe -- C:\Documents and Settings\All Users\Application Data\Updater\updater.exe [7] -> KILLED [Tree]
[sUSP PATH][DLL] regsvr32.exe -- C:\Documents and Settings\Sue Bartlett\Local Settings\Application Data\Sgworks\CNBP_254.DLL [-] -> regsvr32.exe KILLED [TermProc]
[sUSP PATH] CBSI.AppStore.Main.exe -- C:\Documents and Settings\Sue Bartlett\Application Data\CBS Interactive\Download App\CBSI.AppStore.Main.exe [7] -> KILLED [TermProc]
[sUSP PATH] ChromeHelper.exe -- C:\Documents and Settings\All Users\Application Data\RHelpers\ChromeHelper\ChromeHelper.exe [7] -> KILLED [Tree]
[sUSP PATH] FirefoxHelper.exe -- C:\Documents and Settings\All Users\Application Data\RHelpers\FireFoxHelper\FireFoxHelper.exe [7] -> KILLED [Tree]
[sUSP PATH] IeHelper.exe -- C:\Documents and Settings\All Users\Application Data\RHelpers\IeHelper\IeHelper.exe [7] -> KILLED [Tree]
 
¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Updater (C:\Documents and Settings\All Users\Application Data\Updater\updater.exe [7]) -> FOUND
[RUN][sUSP PATH] HKCU\[...]\Run : Sgworks (regsvr32.exe "C:\Documents and Settings\Sue Bartlett\Local Settings\Application Data\Sgworks\CNBP_254.DLL" [x][-]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-3790790032-3222438007-440945674-1005\[...]\Run : Updater (C:\Documents and Settings\All Users\Application Data\Updater\updater.exe [7]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-3790790032-3222438007-440945674-1005\[...]\Run : Sgworks (regsvr32.exe "C:\Documents and Settings\Sue Bartlett\Local Settings\Application Data\Sgworks\CNBP_254.DLL" [x][-]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDP725025GLA380 +++++
--- User ---
[MBR] 5916a31665d12f8ada58cbb9e62d862c
[bSP] 57ebeff2313f991a6fe753b171cc7198 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 238377 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_02052014_093241.txt >>
Link to post
Share on other sites

Please uninstall lucky leap 3.0.0 form your add/remove programs if possible.

Then..............

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

MrC

Link to post
Share on other sites

Below is the adwcleaner log. I had to attach the mbam one because it was too long.
 
 
# AdwCleaner v3.018 - Report created 05/02/2014 at 16:53:46
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Sue Bartlett - HOMEOFFICE
# Running from : C:\Documents and Settings\Sue Bartlett\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : CltMngSvc
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\Searchprotect
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Searchprotect
Folder Deleted : C:\Documents and Settings\Sue Bartlett\Local Settings\Application Data\Searchprotect
Folder Deleted : C:\Documents and Settings\Sue Bartlett\Local Settings\Application Data\visualbeeexe
Folder Deleted : C:\Documents and Settings\Sue Bartlett\Application Data\Systweak
[!] Folder Deleted : C:\Documents and Settings\Sue Bartlett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj
[!] Folder Deleted : C:\Documents and Settings\Sue Bartlett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\heoldelcflnigdllmlopiefhkkobendj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14Installer.Start
Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14Installer.Start.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@ei.TotalRecipeSearch_14.com/Plugin
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [updater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8E5B29C2-BC6E-40BE-B881-AEE35B1F4035}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : HKCU\Software\DynConIE
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\lucky leap
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\TotalRecipeSearch_14EI
Key Deleted : HKLM\Software\visualbee
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Documents and Settings\Sue Bartlett\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
Deleted : search_url
Deleted : suggest_url
Deleted : keyword
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [10270 octets] - [05/02/2014 16:52:14]
AdwCleaner[s0].txt - [10113 octets] - [05/02/2014 16:53:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10174 octets] ##########
 
 

 

mbam-log-2014-02-05 (16-58-10).txt

Link to post
Share on other sites

Thanks for the help. All instructions read and restore point created before scan. Here is the report.

Thanks for doing that, not many people do!

-----------------------------------------

I don't think you have any but lets check for any rootkits now:

I'd say you have "a little" adware on the system!

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png
  • Put a checkmark beside loaded modules.

    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg
  • Click the Start Scan button.

    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:


If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg


MrC

Link to post
Share on other sites

Run TDSSKiller again and choose Delete for this one only: (no need to post the log)

18:06:52.0921 0x0b9c \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

18:06:52.0921 0x0b9c \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

~~~~~~~~~~~~~~~~~~~~~~~~~

Then..........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Ok ran TDSSKiller again and deleted the one thing as you advised.

 

Combofix log below

 

ComboFix 14-02-05.02 - Sue Bartlett 02/05/2014  18:44:15.2.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.2498 [GMT -6:00]
Running from: c:\documents and settings\Sue Bartlett\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-06 to 2014-02-06  )))))))))))))))))))))))))))))))
.
.
2014-02-06 00:32 . 2014-02-06 00:32 -------- d-----w- C:\TDSSKiller_Quarantine
2014-02-06 00:12 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C6B3CA7-E867-4A6D-A3DF-797E61A4073B}\mpengine.dll
2014-02-05 22:56 . 2014-02-05 22:56 -------- d-----w- c:\documents and settings\Sue Bartlett\Application Data\Systweak
2014-02-05 22:52 . 2014-02-05 22:54 -------- d-----w- C:\AdwCleaner
2014-02-04 23:39 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-04 15:36 . 2014-02-04 15:36 -------- d-----w- c:\program files\Belarc
2014-02-04 15:36 . 2013-09-11 00:25 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2014-02-04 15:34 . 2014-02-04 15:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-04 15:34 . 2013-04-04 20:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-14 21:16 . 2014-02-05 23:21 -------- d-----w- c:\documents and settings\Sue Bartlett\Local Settings\Application Data\Sgworks
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-04 23:35 . 2012-05-23 01:33 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-04 23:35 . 2011-06-21 02:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-19 07:32 . 2010-01-28 15:25 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-11-27 20:21 . 2008-04-25 16:16 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-14 01:22 . 2013-09-27 00:57 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-11-13 02:59 . 2008-04-25 16:16 150528 ----a-w- c:\windows\system32\imagehlp.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\Sue Bartlett\Start Menu\Programs\Startup\
Download App.lnk - c:\documents and settings\Sue Bartlett\Application Data\CBS Interactive\Download App\CBSI.AppStore.Main.exe /HIDEWINDOW [2013-8-16 1377416]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/26/2013 6:57 PM 37664]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [3/4/2009 6:12 PM 8960]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [3/4/2009 8:01 PM 110080]
S1 kseigfxc;kseigfxc;\??\c:\windows\system32\drivers\kseigfxc.sys --> c:\windows\system32\drivers\kseigfxc.sys [?]
S1 MpKslb0ed6b0a;MpKslb0ed6b0a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06818D99-9C92-4428-A517-F17AFDE97484}\MpKslb0ed6b0a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06818D99-9C92-4428-A517-F17AFDE97484}\MpKslb0ed6b0a.sys [?]
S1 uehmqhrr;uehmqhrr;\??\c:\windows\system32\drivers\uehmqhrr.sys --> c:\windows\system32\drivers\uehmqhrr.sys [?]
S2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [?]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [3/4/2009 6:13 PM 11264]
S3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [1/1/2011 3:02 PM 34136]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [3/4/2009 6:12 PM 16640]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 86710116
*Deregistered* - 86710116
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 20:11 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 23:35]
.
2014-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2014-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-06 18:55]
.
2014-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-06 18:55]
.
2014-02-06 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 21:01]
.
2014-01-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Retry.job
- c:\program files\Dell Support Center\uaclauncher.exe [2013-04-13 22:00]
.
2014-01-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2013-04-13 22:00]
.
2014-02-05 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2013-04-13 22:00]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-86710116.sys
AddRemove-VisualBee for Microsoft PowerPoint - c:\documents and settings\Sue Bartlett\Local Settings\Application Data\VisualBeeExe\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-05 18:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3632)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2014-02-05  18:48:09
ComboFix-quarantined-files.txt  2014-02-06 00:48
ComboFix2.txt  2014-02-04 15:52
.
Pre-Run: 216,976,093,184 bytes free
Post-Run: 216,977,170,432 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 893814692835F2881DFB3D2C6BDB599A
CDB4DE4BBD714F152979DA2DCBEF57EB
Link to post
Share on other sites

Using ComboFix......
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Download the attached CFScript.txt, place it next to ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......
Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Link to post
Share on other sites

ComboFix 14-02-05.02 - Sue Bartlett 02/05/2014  19:18:47.3.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.2475 [GMT -6:00]

Running from: c:\documents and settings\Sue Bartlett\My Documents\Downloads\ComboFix.exe

Command switches used :: c:\documents and settings\Sue Bartlett\Desktop\CFScript.txt.url

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

(((((((((((((((((((((((((   Files Created from 2014-01-06 to 2014-02-06  )))))))))))))))))))))))))))))))

.

.

2014-02-06 00:32 . 2014-02-06 00:32 -------- d-----w- C:\TDSSKiller_Quarantine

2014-02-06 00:12 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C6B3CA7-E867-4A6D-A3DF-797E61A4073B}\mpengine.dll

2014-02-05 22:56 . 2014-02-05 22:56 -------- d-----w- c:\documents and settings\Sue Bartlett\Application Data\Systweak

2014-02-05 22:52 . 2014-02-05 22:54 -------- d-----w- C:\AdwCleaner

2014-02-04 23:39 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-02-04 15:36 . 2014-02-04 15:36 -------- d-----w- c:\program files\Belarc

2014-02-04 15:36 . 2013-09-11 00:25 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys

2014-02-04 15:34 . 2014-02-04 15:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2014-02-04 15:34 . 2013-04-04 20:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-01-14 21:16 . 2014-02-05 23:21 -------- d-----w- c:\documents and settings\Sue Bartlett\Local Settings\Application Data\Sgworks

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-02-04 23:35 . 2012-05-23 01:33 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-02-04 23:35 . 2011-06-21 02:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-01-19 07:32 . 2010-01-28 15:25 231584 ------w- c:\windows\system32\MpSigStub.exe

2013-11-27 20:21 . 2008-04-25 16:16 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2013-11-14 01:22 . 2013-09-27 00:57 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-11-13 02:59 . 2008-04-25 16:16 150528 ----a-w- c:\windows\system32\imagehlp.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]

.

c:\documents and settings\Sue Bartlett\Start Menu\Programs\Startup\

Download App.lnk - c:\documents and settings\Sue Bartlett\Application Data\CBS Interactive\Download App\CBSI.AppStore.Main.exe /HIDEWINDOW [2013-8-16 1377416]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/26/2013 6:57 PM 37664]

R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [3/4/2009 6:12 PM 8960]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [3/4/2009 8:01 PM 110080]

S1 kseigfxc;kseigfxc;\??\c:\windows\system32\drivers\kseigfxc.sys --> c:\windows\system32\drivers\kseigfxc.sys [?]

S1 MpKslb0ed6b0a;MpKslb0ed6b0a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06818D99-9C92-4428-A517-F17AFDE97484}\MpKslb0ed6b0a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06818D99-9C92-4428-A517-F17AFDE97484}\MpKslb0ed6b0a.sys [?]

S1 uehmqhrr;uehmqhrr;\??\c:\windows\system32\drivers\uehmqhrr.sys --> c:\windows\system32\drivers\uehmqhrr.sys [?]

S2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [?]

S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [3/4/2009 6:13 PM 11264]

S3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [1/1/2011 3:02 PM 34136]

S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [3/4/2009 6:12 PM 16640]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 86710116

*Deregistered* - 86710116

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-05 20:11 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2014-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 23:35]

.

2014-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]

.

2014-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-06 18:55]

.

2014-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-06 18:55]

.

2014-02-06 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 21:01]

.

2014-01-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Retry.job

- c:\program files\Dell Support Center\uaclauncher.exe [2013-04-13 22:00]

.

2014-01-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2013-04-13 22:00]

.

2014-02-05 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2013-04-13 22:00]

.

.

------- Supplementary Scan -------

.



uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

TCP: DhcpNameServer = 192.168.1.254

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2014-02-05 19:20

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ... 

.

scanning hidden files ...  

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3036)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2014-02-05  19:21:37

ComboFix-quarantined-files.txt  2014-02-06 01:21

ComboFix2.txt  2014-02-06 00:48

ComboFix3.txt  2014-02-04 15:52

.

Pre-Run: 216,993,882,112 bytes free

Post-Run: 216,974,770,176 bytes free

.

- - End Of File - - 3F5C79F8D4390F3CAD918D64FDB5F55C

CDB4DE4BBD714F152979DA2DCBEF57EB
Link to post
Share on other sites

Oops didnt notice that lol weird that it did that. New log below.

 

ComboFix 14-02-05.02 - Sue Bartlett 02/05/2014  19:41:01.4.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.2479 [GMT -6:00]
Running from: c:\documents and settings\Sue Bartlett\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Sue Bartlett\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-06 to 2014-02-06  )))))))))))))))))))))))))))))))
.
.
2014-02-06 00:32 . 2014-02-06 00:32 -------- d-----w- C:\TDSSKiller_Quarantine
2014-02-06 00:12 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C6B3CA7-E867-4A6D-A3DF-797E61A4073B}\mpengine.dll
2014-02-05 22:56 . 2014-02-05 22:56 -------- d-----w- c:\documents and settings\Sue Bartlett\Application Data\Systweak
2014-02-05 22:52 . 2014-02-05 22:54 -------- d-----w- C:\AdwCleaner
2014-02-04 23:39 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-04 15:36 . 2014-02-04 15:36 -------- d-----w- c:\program files\Belarc
2014-02-04 15:36 . 2013-09-11 00:25 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2014-02-04 15:34 . 2014-02-04 15:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-04 15:34 . 2013-04-04 20:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-14 21:16 . 2014-02-05 23:21 -------- d-----w- c:\documents and settings\Sue Bartlett\Local Settings\Application Data\Sgworks
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-04 23:35 . 2012-05-23 01:33 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-04 23:35 . 2011-06-21 02:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-19 07:32 . 2010-01-28 15:25 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-11-27 20:21 . 2008-04-25 16:16 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-14 01:22 . 2013-09-27 00:57 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-11-13 02:59 . 2008-04-25 16:16 150528 ----a-w- c:\windows\system32\imagehlp.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\Sue Bartlett\Start Menu\Programs\Startup\
Download App.lnk - c:\documents and settings\Sue Bartlett\Application Data\CBS Interactive\Download App\CBSI.AppStore.Main.exe /HIDEWINDOW [2013-8-16 1377416]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/26/2013 6:57 PM 37664]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [3/4/2009 6:12 PM 8960]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [3/4/2009 8:01 PM 110080]
S1 kseigfxc;kseigfxc;\??\c:\windows\system32\drivers\kseigfxc.sys --> c:\windows\system32\drivers\kseigfxc.sys [?]
S1 MpKslb0ed6b0a;MpKslb0ed6b0a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06818D99-9C92-4428-A517-F17AFDE97484}\MpKslb0ed6b0a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06818D99-9C92-4428-A517-F17AFDE97484}\MpKslb0ed6b0a.sys [?]
S1 uehmqhrr;uehmqhrr;\??\c:\windows\system32\drivers\uehmqhrr.sys --> c:\windows\system32\drivers\uehmqhrr.sys [?]
S2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [?]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [3/4/2009 6:13 PM 11264]
S3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [1/1/2011 3:02 PM 34136]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [3/4/2009 6:12 PM 16640]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 86710116
*Deregistered* - 86710116
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 20:11 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 23:35]
.
2014-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2014-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-06 18:55]
.
2014-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-06 18:55]
.
2014-02-06 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 21:01]
.
2014-01-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Retry.job
- c:\program files\Dell Support Center\uaclauncher.exe [2013-04-13 22:00]
.
2014-01-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2013-04-13 22:00]
.
2014-02-05 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2013-04-13 22:00]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-05 19:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3132)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2014-02-05  19:43:51
ComboFix-quarantined-files.txt  2014-02-06 01:43
ComboFix2.txt  2014-02-06 01:21
ComboFix3.txt  2014-02-06 00:48
ComboFix4.txt  2014-02-04 15:52
.
Pre-Run: 216,984,911,872 bytes free
Post-Run: 216,968,994,816 bytes free
.
- - End Of File - - 8F75D95ADB1ED20FD485175E561D0553
CDB4DE4BBD714F152979DA2DCBEF57EB
Link to post
Share on other sites

ComboFix 14-02-05.02 - Sue Bartlett 02/05/2014  20:28:07.5.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.2554 [GMT -6:00]

Running from: c:\documents and settings\Sue Bartlett\My Documents\Downloads\ComboFix.exe

Command switches used :: c:\documents and settings\Sue Bartlett\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

FILE ::

"c:\windows\system32\drivers\kseigfxc.sys"

"c:\windows\system32\drivers\uehmqhrr.sys"

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_kseigfxc

-------\Service_uehmqhrr

.

.

(((((((((((((((((((((((((   Files Created from 2014-01-06 to 2014-02-06  )))))))))))))))))))))))))))))))

.

.

2014-02-06 00:32 . 2014-02-06 00:32 -------- d-----w- C:\TDSSKiller_Quarantine

2014-02-06 00:12 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C6B3CA7-E867-4A6D-A3DF-797E61A4073B}\mpengine.dll

2014-02-05 22:56 . 2014-02-05 22:56 -------- d-----w- c:\documents and settings\Sue Bartlett\Application Data\Systweak

2014-02-05 22:52 . 2014-02-05 22:54 -------- d-----w- C:\AdwCleaner

2014-02-04 23:39 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-02-04 15:36 . 2014-02-04 15:36 -------- d-----w- c:\program files\Belarc

2014-02-04 15:36 . 2013-09-11 00:25 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys

2014-02-04 15:34 . 2014-02-04 15:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2014-02-04 15:34 . 2013-04-04 20:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-01-14 21:16 . 2014-02-05 23:21 -------- d-----w- c:\documents and settings\Sue Bartlett\Local Settings\Application Data\Sgworks

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-02-04 23:35 . 2012-05-23 01:33 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-02-04 23:35 . 2011-06-21 02:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-01-19 07:32 . 2010-01-28 15:25 231584 ------w- c:\windows\system32\MpSigStub.exe

2013-11-27 20:21 . 2008-04-25 16:16 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2013-11-14 01:22 . 2013-09-27 00:57 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-11-13 02:59 . 2008-04-25 16:16 150528 ----a-w- c:\windows\system32\imagehlp.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]

.

c:\documents and settings\Sue Bartlett\Start Menu\Programs\Startup\

Download App.lnk - c:\documents and settings\Sue Bartlett\Application Data\CBS Interactive\Download App\CBSI.AppStore.Main.exe /HIDEWINDOW [2013-8-16 1377416]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/26/2013 6:57 PM 37664]

R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [3/4/2009 6:12 PM 8960]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [3/4/2009 8:01 PM 110080]

S1 MpKslb0ed6b0a;MpKslb0ed6b0a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06818D99-9C92-4428-A517-F17AFDE97484}\MpKslb0ed6b0a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06818D99-9C92-4428-A517-F17AFDE97484}\MpKslb0ed6b0a.sys [?]

S2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [?]

S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [3/4/2009 6:13 PM 11264]

S3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [1/1/2011 3:02 PM 34136]

S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [3/4/2009 6:12 PM 16640]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-05 20:11 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2014-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 23:35]

.

2014-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]

.

2014-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-06 18:55]

.

2014-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-06 18:55]

.

2014-02-06 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 21:01]

.

2014-01-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Retry.job

- c:\program files\Dell Support Center\uaclauncher.exe [2013-04-13 22:00]

.

2014-01-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2013-04-13 22:00]

.

2014-02-05 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2013-04-13 22:00]

.

.

------- Supplementary Scan -------

.



uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

TCP: DhcpNameServer = 192.168.1.254

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2014-02-05 20:35

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ... 

.

scanning hidden files ...  

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2796)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Roxio\Drag-to-Disc\Shellex.dll

c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL

c:\program files\Roxio\Drag-to-Disc\ShellRes.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Microsoft LifeCam\MSCamS32.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\documents and settings\Sue Bartlett\Application Data\CBS Interactive\Download App\CBSI.AppStore.Main.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Completion time: 2014-02-05  20:37:22 - machine was rebooted

ComboFix-quarantined-files.txt  2014-02-06 02:37

ComboFix2.txt  2014-02-06 01:43

ComboFix3.txt  2014-02-06 01:21

ComboFix4.txt  2014-02-06 00:48

ComboFix5.txt  2014-02-06 02:27

.

Pre-Run: 217,031,892,992 bytes free

Post-Run: 217,009,790,976 bytes free

.

- - End Of File - - E7872406C37ACDF0F7374DF0FDDE508F

CDB4DE4BBD714F152979DA2DCBEF57EB
Link to post
Share on other sites

http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/dl/53/

If it's OK.......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC (be back in the AM)
Link to post
Share on other sites

My friend has a Trend Micro disc I will install for her once we are finished so that will be her Anti-Virus. I just dont have it on me at the moment. 

 

Results of screen317's Security Check version 0.99.79 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 6 Update 26 
 Java version out of Date!
 Adobe Reader XI 
 Google Chrome 31.0.1650.57 
 Google Chrome 31.0.1650.63 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Well it was looking good. After a restart both the browsers (ie and chrome) have been highjacked by search conduit again. I reset the browser settings back to original and removed it from the search and extensions area. I didnt see it in Add/Remove Programs again. Browsers look good then after a restart they are messed up again.

Link to post
Share on other sites

Well I see the Java is out of date and I've tried numerous times to update it and I keep getting this error:

 

Installation Failed. The wizard was interrupted before Java 7 Update 51 could be completely installed.

 

No matter what I do I keep getting that error.

 

See ya in the AM! Thanks.

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Good morning. Thanks again for the confirmation email regarding the donation. Wish I could send more, but tough times. :(

 

Hopefully enough to buy you dinner or something. :)

 

Below is the FRST.txt log and I attached the Addition.txt log per your instructions.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2014
Ran by Sue Bartlett (administrator) on HOMEOFFICE on 06-02-2014 08:59:32
Running from C:\Documents and Settings\Sue Bartlett\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [iAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16806912 2008-07-31] (Realtek Semiconductor Corp.)
HKLM\...\Run: [LifeCam] - C:\Program Files\Microsoft LifeCam\LifeExp.exe [279912 2007-05-17] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.net
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
SearchScopes: HKCU - {308B229F-4223-4C3F-B3F8-AD541E55CE6F} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=att-ie8
SearchScopes: HKCU - {340CF288-CA96-4AF8-8D0F-7C1D7D1ED0F9} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKCU - {742BBAEC-9134-460B-9BF8-429BBC99B457} URL = http://www.flickr.com/search/?q={searchTerms}
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -  No File
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Chrome:
=======
CHR HomePage:

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Motive Plugin) - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Documents and Settings\Sue Bartlett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-06]
CHR Extension: (Google Drive) - C:\Documents and Settings\Sue Bartlett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-06]
CHR Extension: (YouTube) - C:\Documents and Settings\Sue Bartlett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-06]
CHR Extension: (Google Search) - C:\Documents and Settings\Sue Bartlett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-06]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Sue Bartlett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR Extension: (Gmail) - C:\Documents and Settings\Sue Bartlett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-02-05] (Oracle Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S2 vToolbarUpdater17.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-11-13] (AVG Technologies)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [11264 2007-12-03] (Realtek Semiconductor Corporation)
R2 DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)
R2 DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)
R2 DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)
R2 DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)
R2 DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)
R2 DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)
R2 DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)
R2 DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-10-30] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-10-30] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-10-30] (HP)
R0 iaStor; C:\WINDOWS\System32\drivers\iaStor.sys [324120 2010-01-28] ()
R2 LANPkt; C:\WINDOWS\System32\DRIVERS\LANPkt.sys [8960 2007-11-20] (Realtek Semiconductor Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 RTLVLAN; C:\WINDOWS\System32\DRIVERS\RTLVLAN.SYS [16640 2007-11-20] (Realtek Semiconductor Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 MpKslb0ed6b0a; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06818D99-9C92-4428-A517-F17AFDE97484}\MpKslb0ed6b0a.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S1 tmtdi; system32\DRIVERS\tmtdi.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-06 08:59 - 2014-02-06 08:59 - 00013199 _____ () C:\Documents and Settings\Sue Bartlett\Desktop\FRST.txt
2014-02-06 08:59 - 2014-02-06 08:59 - 00000000 ____D () C:\FRST
2014-02-06 08:27 - 2014-02-06 08:27 - 01139200 _____ (Farbar) C:\Documents and Settings\Sue Bartlett\Desktop\FRST.exe
2014-02-05 22:11 - 2014-02-05 23:19 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-02-05 22:11 - 2014-02-05 22:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-02-05 21:57 - 2014-02-05 21:57 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-05 21:56 - 2014-02-05 21:56 - 00008385 _____ () C:\WINDOWS\KB2898785-IE8.log
2014-02-05 21:27 - 2014-02-05 21:47 - 00001930 _____ () C:\FixitRegBackup.reg
2014-02-05 21:27 - 2014-02-05 21:27 - 00987425 _____ () C:\Documents and Settings\Sue Bartlett\Desktop\SecurityCheck.exe
2014-02-05 21:14 - 2014-02-05 21:15 - 00000000 ____D () C:\Documents and Settings\Sue Bartlett\Desktop\HP Resources
2014-02-05 21:14 - 2014-02-05 21:14 - 00000000 ____D () C:\Documents and Settings\Sue Bartlett\Desktop\Camera Tools
2014-02-05 20:37 - 2014-02-05 20:37 - 00013606 _____ () C:\ComboFix.txt
2014-02-05 18:35 - 2014-02-05 18:35 - 00000000 _RSHD () C:\cmdcons
2014-02-05 18:35 - 2009-03-20 09:30 - 00000211 _____ () C:\Boot.bak
2014-02-05 18:35 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-02-05 18:34 - 2014-02-05 18:34 - 00000964 _____ () C:\Documents and Settings\Sue Bartlett\Desktop\Shortcut to ComboFix.exe.lnk
2014-02-05 18:32 - 2014-02-05 18:32 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-02-05 17:58 - 2014-02-05 17:58 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Sue Bartlett\Desktop\tdsskiller.exe
2014-02-05 16:52 - 2014-02-05 16:54 - 00000000 ____D () C:\AdwCleaner
2014-02-05 16:51 - 2014-02-05 16:51 - 01166132 _____ () C:\Documents and Settings\Sue Bartlett\Desktop\AdwCleaner.exe
2014-02-05 09:31 - 2014-02-05 09:33 - 00000000 ____D () C:\Documents and Settings\Sue Bartlett\Desktop\RK_Quarantine
2014-02-05 09:29 - 2014-02-05 09:29 - 03796480 _____ () C:\Documents and Settings\Sue Bartlett\Desktop\RogueKiller.exe
2014-02-04 18:20 - 2014-02-06 07:04 - 00001933 _____ () C:\Documents and Settings\Sue Bartlett\Desktop\Computer w- tons of popups - slowness - and just blah - Malware Removal Help - Malwarebytes Forum.url
2014-02-04 18:03 - 2014-02-04 18:03 - 00688992 ____R (Swearware) C:\Documents and Settings\Sue Bartlett\Desktop\dds.scr
2014-02-04 09:46 - 2014-02-05 20:32 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-02-04 09:46 - 2014-02-04 09:46 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-02-04 09:46 - 2014-02-04 09:46 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-02-04 09:46 - 2014-02-04 09:46 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-02-04 09:46 - 2014-02-04 09:46 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-02-04 09:36 - 2014-02-05 21:09 - 00000000 ____D () C:\Program Files\Belarc
2014-02-04 09:34 - 2014-02-04 09:34 - 00000786 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-04 09:34 - 2014-02-04 09:34 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-04 09:34 - 2014-02-04 09:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-02-04 09:34 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-04 09:31 - 2011-06-26 00:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-02-04 09:31 - 2010-11-07 11:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-02-04 09:31 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-02-04 09:31 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-02-04 09:31 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-02-04 09:31 - 2000-08-30 18:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-02-04 09:31 - 2000-08-30 18:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-02-04 09:31 - 2000-08-30 18:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-02-04 09:31 - 2000-08-30 18:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-02-04 09:29 - 2014-02-05 20:37 - 00000000 ____D () C:\Qoobox
2014-02-04 09:29 - 2014-02-05 20:32 - 00000000 ____D () C:\WINDOWS\erdnt
2014-01-25 02:00 - 2014-01-25 03:11 - 00000568 _____ () C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask-Retry.job
2014-01-20 10:00 - 2014-01-20 10:17 - 00000000 ____D () C:\Documents and Settings\Sue Bartlett\My Documents\Insurance
2014-01-15 19:00 - 2014-02-05 23:41 - 00051510 _____ () C:\WINDOWS\iis6.log
2014-01-15 19:00 - 2014-02-05 23:41 - 00018169 _____ () C:\WINDOWS\FaxSetup.log
2014-01-15 19:00 - 2014-02-05 23:41 - 00017334 _____ () C:\WINDOWS\ocgen.log
2014-01-15 19:00 - 2014-02-05 23:41 - 00011050 _____ () C:\WINDOWS\msmqinst.log
2014-01-15 19:00 - 2014-02-05 23:41 - 00010961 _____ () C:\WINDOWS\tsoc.log
2014-01-15 19:00 - 2014-02-05 23:41 - 00006510 _____ () C:\WINDOWS\comsetup.log
2014-01-15 19:00 - 2014-02-05 23:41 - 00005103 _____ () C:\WINDOWS\ntdtcsetup.log
2014-01-15 19:00 - 2014-02-05 23:41 - 00004507 _____ () C:\WINDOWS\imsins.log
2014-01-15 19:00 - 2014-02-05 23:41 - 00003244 _____ () C:\WINDOWS\netfxocm.log
2014-01-15 19:00 - 2014-02-05 23:41 - 00001632 _____ () C:\WINDOWS\MedCtrOC.log
2014-01-15 19:00 - 2014-02-05 23:41 - 00001227 _____ () C:\WINDOWS\ocmsn.log
2014-01-15 19:00 - 2014-02-05 23:41 - 00001186 _____ () C:\WINDOWS\msgsocm.log
2014-01-15 19:00 - 2014-02-05 23:41 - 00000622 _____ () C:\WINDOWS\tabletoc.log
2014-01-15 19:00 - 2014-02-05 23:40 - 00000296 _____ () C:\WINDOWS\setupact.log
2014-01-15 19:00 - 2014-01-15 19:00 - 00008614 _____ () C:\WINDOWS\KB2914368.log
2014-01-15 19:00 - 2014-01-15 19:00 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-01-15 19:00 - 2014-01-15 19:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 19:00 - 2014-01-15 19:00 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-01-14 15:16 - 2014-02-05 17:21 - 00000000 ____D () C:\Documents and Settings\Sue Bartlett\Local Settings\Application Data\Sgworks

==================== One Month Modified Files and Folders =======

2014-02-06 08:59 - 2014-02-06 08:59 - 00013199 _____ () C:\Documents and Settings\Sue Bartlett\Desktop\FRST.txt
2014-02-06 08:59 - 2014-02-06 08:59 - 00000000 ____D () C:\FRST
2014-02-06 08:59 - 2008-04-25 15:28 - 01643574 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-06 08:35 - 2012-05-22 19:33 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-06 08:27 - 2014-02-06 08:27 - 01139200 _____ (Farbar) C:\Documents and Settings\Sue Bartlett\Desktop\FRST.exe
2014-02-06 08:10 - 2013-09-06 12:55 - 00000898 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-06 07:55 - 2008-04-25 10:16 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-06 07:54 - 2013-09-06 12:55 - 00000894 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-06 07:54 - 2010-10-17 13:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2345886$
2014-02-06 07:54 - 2008-04-25 15:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-06 07:54 - 2008-04-25 03:25 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-02-06 07:54 - 2008-04-25 03:25 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-02-06 07:53 - 2009-03-20 09:37 - 00000178 ___SH () C:\Documents and Settings\Sue Bartlett\ntuser.ini
2014-02-06 07:53 - 2008-04-25 15:32 - 00032526 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-06 07:04 - 2014-02-04 18:20 - 00001933 _____ () C:\Documents and Settings\Sue Bartlett\Desktop\Computer w- tons of popups - slowness - and just blah - Malware Removal Help - Malwarebytes Forum.url
2014-02-05 23:41 - 2014-01-15 19:00 - 00051510 _____ () C:\WINDOWS\iis6.log
2014-02-05 23:41 - 2014-01-15 19:00 - 00018169 _____ () C:\WINDOWS\FaxSetup.log
2014-02-05 23:41 - 2014-01-15 19:00 - 00017334 _____ () C:\WINDOWS\ocgen.log
2014-02-05 23:41 - 2014-01-15 19:00 - 00011050 _____ () C:\WINDOWS\msmqinst.log
2014-02-05 23:41 - 2014-01-15 19:00 - 00010961 _____ () C:\WINDOWS\tsoc.log
2014-02-05 23:41 - 2014-01-15 19:00 - 00006510 _____ () C:\WINDOWS\comsetup.log
2014-02-05 23:41 - 2014-01-15 19:00 - 00005103 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-05 23:41 - 2014-01-15 19:00 - 00004507 _____ () C:\WINDOWS\imsins.log
2014-02-05 23:41 - 2014-01-15 19:00 - 00003244 _____ () C:\WINDOWS\netfxocm.log
2014-02-05 23:41 - 2014-01-15 19:00 - 00001632 _____ () C:\WINDOWS\MedCtrOC.log
2014-02-05 23:41 - 2014-01-15 19:00 - 00001227 _____ () C:\WINDOWS\ocmsn.log
2014-02-05 23:41 - 2014-01-15 19:00 - 00001186 _____ () C:\WINDOWS\msgsocm.log
2014-02-05 23:41 - 2014-01-15 19:00 - 00000622 _____ () C:\WINDOWS\tabletoc.log
2014-02-05 23:41 - 2008-04-25 03:22 - 00528524 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-05 23:40 - 2014-01-15 19:00 - 00000296 _____ () C:\WINDOWS\setupact.log
2014-02-05 23:19 - 2014-02-05 22:11 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-02-05 22:11 - 2014-02-05 22:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-02-05 22:10 - 2009-03-04 18:12 - 00000000 ____D () C:\Program Files\Java
2014-02-05 21:57 - 2014-02-05 21:57 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-05 21:56 - 2014-02-05 21:56 - 00008385 _____ () C:\WINDOWS\KB2898785-IE8.log
2014-02-05 21:51 - 2009-03-20 09:37 - 00000000 ____D () C:\Documents and Settings\Sue Bartlett\Local Settings\Application Data\Adobe
2014-02-05 21:51 - 2008-04-25 15:32 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-02-05 21:50 - 2012-05-22 19:33 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-05 21:50 - 2011-06-20 20:05 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-05 21:47 - 2014-02-05 21:27 - 00001930 _____ () C:\FixitRegBackup.reg
2014-02-05 21:27 - 2014-02-05 21:27 - 00987425 _____ () C:\Documents and Settings\Sue Bartlett\Desktop\SecurityCheck.exe
2014-02-05 21:15 - 2014-02-05 21:14 - 00000000 ____D () C:\Documents and Settings\Sue Bartlett\Desktop\HP Resources
2014-02-05 21:14 - 2014-02-05 21:14 - 00000000 ____D () C:\Documents and Settings\Sue Bartlett\Desktop\Camera Tools
2014-02-05 21:10 - 2010-01-28 10:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-02-05 21:09 - 2014-02-04 09:36 - 00000000 ____D () C:\Program Files\Belarc
2014-02-05 20:37 - 2014-02-05 20:37 - 00013606 _____ () C:\ComboFix.txt
2014-02-05 20:37 - 2014-02-04 09:29 - 00000000 ____D () C:\Qoobox
2014-02-05 20:33 - 2008-04-25 10:16 - 00000227 _____ () C:\WINDOWS\system.ini
2014-02-05 20:32 - 2014-02-04 09:46 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-02-05 20:32 - 2014-02-04 09:29 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-05 20:32 - 2008-04-25 03:21 - 40091648 _____ () C:\WINDOWS\system32\config\software.bak
2014-02-05 20:32 - 2008-04-25 03:21 - 06553600 _____ () C:\WINDOWS\system32\config\system.bak
2014-02-05 20:32 - 2008-04-25 03:21 - 00319488 _____ () C:\WINDOWS\system32\config\default.bak
2014-02-05 20:32 - 2008-04-25 03:21 - 00057344 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-02-05 20:32 - 2008-04-25 03:21 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-02-05 18:35 - 2014-02-05 18:35 - 00000000 _RSHD () C:\cmdcons
2014-02-05 18:35 - 2008-04-25 10:16 - 00000327 __RSH () C:\boot.ini
2014-02-05 18:34 - 2014-02-05 18:34 - 00000964 _____ () C:\Documents and Settings\Sue Bartlett\Desktop\Shortcut to ComboFix.exe.lnk
2014-02-05 18:32 - 2014-02-05 18:32 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-02-05 17:58 - 2014-02-05 17:58 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Sue Bartlett\Desktop\tdsskiller.exe
2014-02-05 17:21 - 2014-01-14 15:16 - 00000000 ____D () C:\Documents and Settings\Sue Bartlett\Local Settings\Application Data\Sgworks
2014-02-05 17:21 - 2010-09-27 19:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2347290$
2014-02-05 16:54 - 2014-02-05 16:52 - 00000000 ____D () C:\AdwCleaner
2014-02-05 16:54 - 2013-10-15 10:56 - 00185672 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-02-05 16:51 - 2014-02-05 16:51 - 01166132 _____ () C:\Documents and Settings\Sue Bartlett\Desktop\AdwCleaner.exe
2014-02-05 16:00 - 2013-04-13 07:59 - 00000506 _____ () C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2014-02-05 10:07 - 2013-09-26 18:57 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-02-05 09:33 - 2014-02-05 09:31 - 00000000 ____D () C:\Documents and Settings\Sue Bartlett\Desktop\RK_Quarantine
2014-02-05 09:29 - 2014-02-05 09:29 - 03796480 _____ () C:\Documents and Settings\Sue Bartlett\Desktop\RogueKiller.exe
2014-02-04 18:14 - 2008-04-25 03:17 - 00000000 ____D () C:\WINDOWS\Help
2014-02-04 18:06 - 2008-04-25 15:27 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-02-04 18:03 - 2014-02-04 18:03 - 00688992 ____R (Swearware) C:\Documents and Settings\Sue Bartlett\Desktop\dds.scr
2014-02-04 17:31 - 2013-12-31 16:00 - 00070504 _____ () C:\WINDOWS\setupapi.log
2014-02-04 09:47 - 2008-04-25 03:17 - 00000000 ____D () C:\WINDOWS\security
2014-02-04 09:46 - 2014-02-04 09:46 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-02-04 09:46 - 2014-02-04 09:46 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-02-04 09:46 - 2014-02-04 09:46 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-02-04 09:46 - 2014-02-04 09:46 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-02-04 09:39 - 2013-12-31 10:16 - 00000000 ____D () C:\Documents and Settings\Sue Bartlett\Application Data\WordExtra
2014-02-04 09:39 - 2009-03-20 09:37 - 00000000 ____D () C:\Documents and Settings\Sue Bartlett
2014-02-04 09:34 - 2014-02-04 09:34 - 00000786 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-04 09:34 - 2014-02-04 09:34 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-04 09:34 - 2014-02-04 09:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-01-31 16:11 - 2009-03-30 15:21 - 00002521 _____ () C:\Documents and Settings\Sue Bartlett\Desktop\Microsoft Office Outlook 2007.lnk
2014-01-31 16:05 - 2010-11-13 15:30 - 00000000 ____D () C:\Documents and Settings\Sue Bartlett\Application Data\Skype
2014-01-31 16:05 - 2010-11-13 15:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-01-31 13:41 - 2009-04-10 20:04 - 00000000 ____D () C:\Documents and Settings\Sue Bartlett\Application Data\HP
2014-01-27 19:30 - 2011-07-25 19:52 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-01-25 03:11 - 2014-01-25 02:00 - 00000568 _____ () C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask-Retry.job
2014-01-25 02:00 - 2013-04-13 07:59 - 00000568 _____ () C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
2014-01-23 17:25 - 2009-04-19 14:25 - 00000000 ____D () C:\ASueWordDocs
2014-01-20 10:17 - 2014-01-20 10:00 - 00000000 ____D () C:\Documents and Settings\Sue Bartlett\My Documents\Insurance
2014-01-19 01:32 - 2010-01-28 09:25 - 00231584 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-16 11:50 - 2009-03-29 16:19 - 00000000 ____D () C:\Documents and Settings\Sue Bartlett\Local Settings\Application Data\Microsoft Help
2014-01-15 19:24 - 2013-04-13 08:11 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-01-15 19:04 - 2009-03-29 16:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-01-15 19:03 - 2013-09-05 18:04 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-15 19:00 - 2014-01-15 19:00 - 00008614 _____ () C:\WINDOWS\KB2914368.log
2014-01-15 19:00 - 2014-01-15 19:00 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-01-15 19:00 - 2014-01-15 19:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 19:00 - 2014-01-15 19:00 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-01-15 19:00 - 2009-04-06 21:33 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Alureon:
C:\Documents and Settings\Sue Bartlett\Local Settings\Temp\sfvniww\svnyycc\wow.dll

Some content of TEMP:
====================
C:\Documents and Settings\Sue Bartlett\Local Settings\Temp\java-installer.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Please find this file and upload to VirusTotal for a free scan, let me know the results (just copy back the url)
http://www.virustotal.com/

C:\WINDOWS\System32\drivers\iaStor.sys

-----------------------------

Download the attached fixlist.txt to the same folder as FRST.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

----------------------------------------------------

Download and run JavaRa.exe as outlined here:
http://forums.whatthetech.com/index.php?showtopic=68632

Reboot and download the off-line version of Java from here and install:

http://www.java.com/en/download/manual.jsp

Let me know.....MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.