Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUP Delta A & Flashbroker/IFlashbroker5


  • This topic is locked This topic is locked
34 replies to this topic

#1 RJM92550

RJM92550

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:01:23 AM

Posted 30 August 2013 - 10:54 PM

PUP DELTA A was found and removed by antivirus, but in reading the latest scan log, noted registry entries Flashbroker and IFlashbroker5 references. Not sure if these are related to the redirect malware or not and just want to ensure that all of the redirect malware has been removed.

 

That I keep getting PUP:Win32:Installer-L [PUP] infected entries on each succeeding scan makes me think I haven't gotten rid of this virus yet. Not sure what else I can do - can you help?

 

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by Owner at 20:39:29 on 2013-08-30
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.510.52 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall *Enabled* 
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\VERIZONDM\bin\sprtsvc.exe
C:\Program Files\VERIZONDM\bin\tgsrvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uSearchAssistant = hxxp://www.google.com
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
dURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - c:\program files\check point software technologies ltd\zonealarm\1.8.22.0\bh\zonealarm.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - c:\program files\avast software\avast! ad blocker ie\Adblocker32.dll
TB: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - c:\program files\aol toolbar\aoltb.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\MSOFFICE.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.8.05.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228773916687
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1351888424062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{50D02669-FF92-4AE3-A1A4-3061A4F4338B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B17B7344-E45B-4839-A718-C5BA0A5A892D} : DHCPNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.62\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\rh7otq8g.default-1377308532187\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - plugin: c:\documents and settings\owner\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - ExtSQL: 2013-08-22 21:10; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-08-27 15:59; [email protected]; c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-8-27 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-8-27 175176]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 386840]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-8-27 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-8-27 369584]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2013-3-27 527848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-8-27 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-8-27 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-8-27 46808]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2013-7-23 346696]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-4-11 141792]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-8-14 3291008]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-5-16 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-5-16 185640]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 cpuz134;cpuz134;\??\c:\docume~1\owner\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2011-5-8 30576]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2008-12-8 550272]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
.
=============== Created Last 30 ================
.
2013-08-28 00:28:24 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-08-28 00:27:32 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-27 23:00:53 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-27 23:00:53 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-27 23:00:52 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-27 23:00:51 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-27 22:57:51 41664 ----a-w- c:\windows\avastSS.scr
2013-08-27 22:56:29 -------- d-----w- c:\program files\AVAST Software
2013-08-27 22:55:34 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-08-27 21:22:12 -------- d-sha-r- C:\cmdcons
2013-08-27 21:19:07 98816 ----a-w- c:\windows\sed.exe
2013-08-27 21:19:07 256000 ----a-w- c:\windows\PEV.exe
2013-08-27 21:19:07 208896 ----a-w- c:\windows\MBR.exe
2013-08-27 20:38:24 5114158 ----a-w- c:\documents and settings\owner\RJM CmboFx.exe
2013-08-24 01:42:29 87493 ---ha-w- c:\program files\mozilla firefox\old firefox data\fyru8ga0.default-1353106422218\extensions\[email protected]\uninstall.exe
2013-08-24 01:42:23 28160 ---ha-w- c:\program files\mozilla firefox\old firefox data\fyru8ga0.default-1353106422218\extensions\[email protected]\components\FFDisp.dll
2013-08-14 18:11:04 4774272 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-08-14 18:11:04 4774272 ----a-w- c:\program files\mozilla firefox\browser\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-08-14 05:18:53 -------- d-----w- c:\windows\system32\MRT
.
==================== Find3M  ====================
.
2013-08-28 00:25:36 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-28 00:25:36 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-21 06:32:03 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-21 06:32:01 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-03 21:18:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47:13 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52:59 385024 ----a-w- c:\windows\system32\html.iec
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 02:59:11 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 20:41:54.42 ===============
 

Attached File  attach txt.txt   25.07KB   0 downloads



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 9,046 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 AM

Posted 04 September 2013 - 10:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/506215 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 RJM92550

RJM92550
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:01:23 AM

Posted 06 September 2013 - 12:49 AM

Ok, well, it's been awhile since I first wrote you, so I'll try to remember everything that occurred and what I did to mitigate the damage. I had what I suspect was a browser redirect on Firefox around 8/21. I ran malwarebytes which found the virus Delta A Optional PUP and quarantined it, then ran combofix whose files didn't match any in my quarantine log. Because I continued to get single hits on my antivirus and malwarebytes, I wrote to BC to help me determine if I'm still infected. I researched every file listed in the malware quarantine online:

 

Registry Keys Detected: 11

HKCR\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\checkpoint.zonealarmdskBnd.1 (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\checkpoint.zonealarmdskBnd (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\checkpoint.zonealarmappCore.1 (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\checkpoint.zonealarmappCore (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
 

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} (PUP.Optional.Delta.A) -> Data: ZoneAlarm Security Toolbar -> Quarantined and deleted successfully.
 

Registry Data Items Detected: 4 

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.Snapdo) -> Bad: (http://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=cc8d5edf-bc82-4fb5-b692-835b95bfe23b&searchtype=ds&q={searchTerms}) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (PUP.Optional.Snapdo) -> Bad: (http://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=cc8d5edf-bc82-4fb5-b692-835b95bfe23b&searchtype=ds&q={searchTerms}) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.Snapdo) -> Bad: (http://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=cc8d5edf-bc82-4fb5-b692-835b95bfe23b&searchtype=ds&q={searchTerms}) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.Snapdo) -> Bad: (http://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=cc8d5edf-bc82-4fb5-b692-835b95bfe23b&searchtype=ds&q={searchTerms}) Good: (http://www.google.com) -> Quarantined and repaired successfully.

 

Files Detected: 2
 C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
 C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmApp.dll (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
 

While waiting to hear back from you, I started researching the malware and read that there could be other files located in my Windows and system32 folders. I found 10 files in Windows with farsi type filenames whose file sizes were all around 97,000kb each, I deleted them and then wondered if I should've waited for you. Later on I found the following 3 folders in my system32 folder, complete with manifest files:

 

x86System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

x86System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492

MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

 

In researching these file names, discovered they could possibly be Trojan Programs that steal bank information and users passwords. So I moved them from the system32 folder and placed them in a backup folder to discuss with you. Interestingly enough, since I moved them out of the system32 folder, I've stopped getting hits on my a/v and malware scans.

 

As instructed, I haven't done anything more in anticipation of receiving your feedback on my first dds log as well as the attached log that I submitted with my 1st report. I would just like your help in telling me how to ensure that this trojan or virus or whatever it is has been completely removed from my system.

 

Here's the updated dds log. I have Win XP Home Edition, Version 2002, SP3, Pentium 4, 2.40 GHz, 512 RAM, 32 bit. No I don't have the XP disk - it was originally a custom built Win2K that was upgraded to XP by my computer techs shortly after getting it as hand-me-down from sister.

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by Owner at 22:11:30 on 2013-09-05
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.510.118 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall *Enabled* 
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\VERIZONDM\bin\sprtsvc.exe
C:\Program Files\VERIZONDM\bin\tgsrvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\1229571471\ee\aolsoftware.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\AOL\1229571471\ee\aolupdates.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uSearchAssistant = hxxp://www.google.com
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
dURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - c:\program files\check point software technologies ltd\zonealarm\1.8.22.0\bh\zonealarm.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - c:\program files\avast software\avast! ad blocker ie\Adblocker32.dll
TB: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - c:\program files\aol toolbar\aoltb.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\MSOFFICE.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.8.05.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228773916687
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1351888424062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{50D02669-FF92-4AE3-A1A4-3061A4F4338B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B17B7344-E45B-4839-A718-C5BA0A5A892D} : DHCPNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.66\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\rh7otq8g.default-1377308532187\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - plugin: c:\documents and settings\owner\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1203133.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - ExtSQL: 2013-08-22 21:10; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-08-27 15:59; [email protected]; c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-8-27 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-8-27 175176]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 386840]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-8-27 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-8-27 369584]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2013-3-27 527848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-8-27 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-8-27 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-8-27 46808]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2013-7-23 346696]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-4-11 141792]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-8-14 3291008]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-5-16 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-5-16 185640]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 cpuz134;cpuz134;\??\c:\docume~1\owner\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2011-5-8 30576]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2008-12-8 550272]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
.
=============== Created Last 30 ================
.
2013-09-01 10:13:22 -------- d-----w- c:\documents and settings\owner\application data\Avast Ad Blocker
2013-09-01 04:43:54 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-09-01 04:43:42 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-27 23:00:53 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-27 23:00:53 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-27 23:00:52 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-27 23:00:51 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-27 22:57:51 41664 ----a-w- c:\windows\avastSS.scr
2013-08-27 22:56:29 -------- d-----w- c:\program files\AVAST Software
2013-08-27 22:55:34 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-08-27 21:22:12 -------- d-sha-r- C:\cmdcons
2013-08-27 21:19:07 98816 ----a-w- c:\windows\sed.exe
2013-08-27 21:19:07 256000 ----a-w- c:\windows\PEV.exe
2013-08-27 21:19:07 208896 ----a-w- c:\windows\MBR.exe
2013-08-27 20:38:24 5114158 ----a-w- c:\documents and settings\owner\RJM CmboFx.exe
2013-08-24 01:42:29 87493 ---ha-w- c:\program files\mozilla firefox\old firefox data\fyru8ga0.default-1353106422218\extensions\[email protected]\uninstall.exe
2013-08-24 01:42:23 28160 ---ha-w- c:\program files\mozilla firefox\old firefox data\fyru8ga0.default-1353106422218\extensions\[email protected]\components\FFDisp.dll
2013-08-14 18:11:04 4774272 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-08-14 18:11:04 4774272 ----a-w- c:\program files\mozilla firefox\browser\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-08-14 05:18:53 -------- d-----w- c:\windows\system32\MRT
.
==================== Find3M  ====================
.
2013-09-01 04:43:08 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-01 04:43:08 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-21 06:32:03 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-21 06:32:01 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-03 21:18:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47:13 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52:59 385024 ----a-w- c:\windows\system32\html.iec
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 02:59:11 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 22:14:53.39 ===============
 

Thanks for whatever you can do on my behalf -

 

RJ 9/5/13



#4 Oh My

Oh My

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 12,840 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:23 AM

Posted 06 September 2013 - 09:07 AM

Greetings RJM92550 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run these programs for me.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • FRST results
  • Addition log

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 RJM92550

RJM92550
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:01:23 AM

Posted 06 September 2013 - 01:01 PM

Good morning, Gary - thank you so much for your assistance. My name is RJ :halloween: .

 

I followed your recommendations and paste the appropriate text as requested below:

 

# AdwCleaner v3.002 - Report created 06/09/2013 at 10:33:33
# Updated 01/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - RALONNE
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Owner\IECompatCache
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Owner\Application Data\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Documents and Settings\AA\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\AA\Application Data\CheckPoint\ZoneAlarm LTD Toolbar
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2645238
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A0E8BC7D-6959-40B6-8E05-204D9768AD6E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A0E8BC7D-6959-40B6-8E05-204D9768AD6E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\Blabbers
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Product Deleted : Google Update Helper
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
 
-\\ Mozilla Firefox v23.0.1 (en-US)
 
[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rh7otq8g.default-1377308532187\prefs.js ]
 
Line Deleted : user_pref("plugin.blocklisted.npviewpoint", true);
 
[ File : C:\Documents and Settings\AA\Application Data\Mozilla\Firefox\Profiles\alxg8ann.default\prefs.js ]
 
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.avira.com/?l=dis&o=APN10266&gct=hp&dc=US&locale=en_US");
Line Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10266&locale=en_US&apn_uid=369a15da-e0ea-4d13-af16-3b090075a342&apn_ptnrs=%5EAGX&apn_sauid=A51B4A35-925E-427E[...]
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
 
-\\ Google Chrome v29.0.1547.66
 
[ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [9317 octets] - [06/09/2013 10:29:27]
AdwCleaner[S0].txt - [9154 octets] - [06/09/2013 10:33:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9214 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.8 (09.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Owner on Fri 09/06/2013 at 10:42:16.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\aol toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\aol toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EF64538-8B54-4573-B48F-4D34B0238AB2}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\aol toolbar"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\apn"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\aol toolbar"
Successfully deleted: [Folder] "C:\Program Files\aol toolbar"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\user.js
Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\bing.xml.old"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/06/2013 at 10:51:40.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-09-2013
Ran by Owner (administrator) on RALONNE on 06-09-2013 10:53:29
Running from C:\Documents and Settings\Owner\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(SupportSoft, Inc.) C:\Program Files\VERIZONDM\bin\sprtsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SupportSoft, Inc.) C:\Program Files\VERIZONDM\bin\tgsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
(America Online, Inc.) C:\WINDOWS\wanmpsvc.exe
() C:\Program Files\Microsoft Office\Office\WINWORD.EXE
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [ZoneAlarm] - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-03-27] (Check Point Software Technologies LTD)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxsrvc.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HonorAutoRunSetting] 1
HKLM\...\Policies\Explorer: [NoDriveAutoRun] 67108863
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 323
HKCU\...\Policies\Explorer: [NoDriveTypeAutoRun] 323
HKCU\...\Policies\Explorer: [NoDriveAutoRun] 67108863
Startup: C:\Documents and Settings\AA\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.Lnk
ShortcutTarget: Microsoft Office Shortcut Bar.Lnk -> C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.Lnk
ShortcutTarget: Microsoft Office Shortcut Bar.Lnk -> C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {4F9FC92B-72F5-4785-8E11-277ADEB7EB43} URL = http://www.bing.com/search?FORM=BDT3DF&PC=BDT3&dt=070613&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {CC3F432D-B388-4359-BD2F-F8E5609ADB22} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: No Name - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -  No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
BHO: avast! Ad Blocker - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software)
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll No File
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -AOL Toolbar - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll No File
Toolbar: HKCU -No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.8.05.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rh7otq8g.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Documents and Settings\Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: adblocker - C:\Program Files\Mozilla Firefox\extensions\[email protected]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [[email protected]] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (downloadUpdater) - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (AOL Media Playback Plugin) - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll (America Online, Inc.)
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Documents and Settings\Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (avast! Ad Blocker) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0
CHR Extension: (avast! Online Security) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_1
CHR Extension: (Skype Click to Call) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0
CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\DOCUME~1\Owner\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [fplhdcjmbpfkejbhngmlngaecbjmoimd] - C:\Program Files\AVAST Software\Avast\AdBlocker\Chrome\avast-adblocker-chrome.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
 
========================== Services (Whitelisted) =================
 
S4 AOL ACS; C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe [42312 2010-07-13] (AOL Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [346696 2013-07-30] (Verizon)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [141792 2010-10-13] (McAfee, Inc.)
S3 NetSvc; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [139264 2002-09-27] (Intel® Corporation)
R2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2007-10-12] ()
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3291008 2013-08-14] (Skype Technologies S.A.)
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-07-15] (Analog Devices, Inc.)
R2 sprtsvc_verizondm; C:\Program Files\VERIZONDM\bin\sprtsvc.exe [206120 2011-05-16] (SupportSoft, Inc.)
R2 tgsrvc_verizondm; C:\Program Files\VERIZONDM\bin\tgsrvc.exe [185640 2011-05-16] (SupportSoft, Inc.)
S2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD)
R2 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2003-08-27] (America Online, Inc.)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
 
==================== Drivers (Whitelisted) ====================
 
R2 ASCTRM; C:\Windows\System32\Drivers\ASCTRM.sys [8552 2008-12-13] (Windows ® 2000 DDK provider)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-08-27] ()
R3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [681469 2004-02-10] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [95600 2010-10-13] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [386840 2010-10-13] (McAfee, Inc.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 rt2870; C:\Windows\System32\DRIVERS\rt2870.sys [550272 2007-11-16] (Ralink Technology, Corp.)
R1 Vsdatant; C:\Windows\System32\vsdatant.sys [527848 2013-03-27] (Check Point Software Technologies LTD)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz134; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 TlntSvr; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-06 10:52 - 2013-09-06 10:52 - 00001734 _____ C:\Documents and Settings\Owner\Desktop\JRT Results.txt
2013-09-06 10:51 - 2013-09-06 10:51 - 00001734 _____ C:\Documents and Settings\Owner\Desktop\JRT.txt
2013-09-06 10:42 - 2013-09-06 10:42 - 00000000 ____D C:\WINDOWS\ERUNT
2013-09-06 10:37 - 2013-09-06 10:37 - 00009294 _____ C:\Documents and Settings\Owner\Desktop\AdwCleaner[S0].txt
2013-09-06 10:28 - 2013-09-06 10:34 - 00000000 ____D C:\AdwCleaner
2013-09-06 10:20 - 2013-09-06 10:20 - 01081729 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2013-09-06 10:19 - 2013-09-06 10:19 - 01028823 _____ (Thisisu) C:\Documents and Settings\Owner\Desktop\JRT.exe
2013-09-06 10:18 - 2013-09-06 10:18 - 01037222 _____ C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
2013-09-01 03:13 - 2013-09-01 03:13 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Avast Ad Blocker
2013-08-31 21:44 - 2013-08-31 21:44 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-31 21:43 - 2013-08-31 21:43 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-08-31 21:43 - 2013-08-31 21:43 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-08-31 21:43 - 2013-08-31 21:43 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-08-31 21:43 - 2013-08-31 21:43 - 00144896 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-08-31 21:43 - 2013-08-31 21:43 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-08-31 21:06 - 2013-08-31 21:06 - 00000664 _____ C:\Documents and Settings\Owner\My Documents\All Users Application Data.lnk
2013-08-31 21:05 - 2013-08-31 21:05 - 00000622 _____ C:\Documents and Settings\Owner\My Documents\Owner Application Data.lnk
2013-08-31 13:39 - 2013-08-31 13:39 - 00212853 _____ C:\Documents and Settings\Owner\My Documents\Friends - Fifties Friends 13-0831 AM.txt
2013-08-27 23:45 - 2013-08-27 23:45 - 00005236 _____ C:\WINDOWS\KB2834904-v2.log
2013-08-27 23:45 - 2013-08-27 23:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-08-27 16:01 - 2013-08-27 16:01 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-08-27 16:01 - 2013-08-27 16:01 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum
2013-08-27 16:01 - 2013-08-27 16:01 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2013-08-27 16:01 - 2013-08-27 16:01 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum
2013-08-27 16:01 - 2013-05-09 01:59 - 00029816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-08-27 16:00 - 2013-09-06 10:37 - 00000362 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-08-27 16:00 - 2013-08-27 16:01 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-08-27 16:00 - 2013-08-27 16:01 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-08-27 16:00 - 2013-08-27 16:01 - 00175176 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-08-27 16:00 - 2013-05-09 01:59 - 00066336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-08-27 16:00 - 2013-05-09 01:59 - 00056080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-08-27 16:00 - 2013-05-09 01:59 - 00049760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-08-27 16:00 - 2013-05-09 01:59 - 00049376 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-08-27 16:00 - 2013-05-09 01:58 - 00229648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-08-27 15:57 - 2013-05-09 01:58 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-08-27 15:56 - 2013-08-30 13:30 - 00000000 ____D C:\Program Files\AVAST Software
2013-08-27 15:55 - 2013-08-27 16:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-08-27 15:14 - 2013-09-06 00:26 - 00072704 _____ C:\WINDOWS\offitems.log
2013-08-27 15:03 - 2013-08-27 15:03 - 00014685 _____ C:\ComboFix.txt
2013-08-27 14:22 - 2013-08-27 14:22 - 00000000 _RSHD C:\cmdcons
2013-08-27 14:19 - 2011-06-25 23:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-08-27 14:19 - 2010-11-07 10:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-08-27 14:19 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-08-27 14:19 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-08-27 14:19 - 2000-08-30 17:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-08-27 14:19 - 2000-08-30 17:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-08-27 14:19 - 2000-08-30 17:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-08-27 14:19 - 2000-08-30 17:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-08-27 13:38 - 2013-08-27 13:38 - 05114158 _____ (Swearware) C:\Documents and Settings\Owner\RJM CmboFx.exe
2013-08-27 12:20 - 2013-08-27 12:20 - 00000592 _____ C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
2013-08-27 12:20 - 2013-08-27 12:20 - 00000000 ____D C:\Program Files\ERUNT
2013-08-26 21:22 - 2013-01-12 18:22 - 00001831 _____ C:\Documents and Settings\Owner\Start Menu\Programs\Google Chrome.lnk
2013-08-24 08:19 - 2013-08-24 10:35 - 00031763 _____ C:\Documents and Settings\Owner\My Documents\Friends - Wavin in Serenity 13-0824 AM.log
2013-08-18 22:59 - 2013-08-28 00:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-17 10:00 - 2013-08-17 10:00 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2013-08-14 08:45 - 2013-08-14 08:46 - 00015405 _____ C:\WINDOWS\KB2862772-IE8.log
2013-08-14 08:24 - 2013-08-14 08:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-14 08:23 - 2013-08-14 08:23 - 00008201 _____ C:\WINDOWS\KB2863058.log
2013-08-14 08:23 - 2013-08-14 08:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-14 08:23 - 2013-08-14 08:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-14 08:22 - 2013-08-14 08:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-14 08:08 - 2013-08-14 08:24 - 00016731 _____ C:\WINDOWS\KB2859537.log
2013-08-14 08:08 - 2013-08-14 08:24 - 00015880 _____ C:\WINDOWS\KB2850869.log
2013-08-13 22:18 - 2013-08-14 08:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-07 14:39 - 2011-10-16 10:35 - 00000508 _____ C:\Documents and Settings\Owner\My Documents\Internet Logs.lnk
 
==================== One Month Modified Files and Folders =======
 
2013-09-06 10:53 - 2013-09-06 10:53 - 00000000 ____D C:\FRST
2013-09-06 10:52 - 2013-09-06 10:52 - 00001734 _____ C:\Documents and Settings\Owner\Desktop\JRT Results.txt
2013-09-06 10:51 - 2013-09-06 10:51 - 00001734 _____ C:\Documents and Settings\Owner\Desktop\JRT.txt
2013-09-06 10:42 - 2013-09-06 10:42 - 00000000 ____D C:\WINDOWS\ERUNT
2013-09-06 10:38 - 2009-03-10 13:13 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Backups
2013-09-06 10:37 - 2013-09-06 10:37 - 00009294 _____ C:\Documents and Settings\Owner\Desktop\AdwCleaner[S0].txt
2013-09-06 10:37 - 2013-08-27 16:00 - 00000362 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-09-06 10:37 - 2008-12-08 13:35 - 01815221 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-06 10:36 - 2012-12-02 14:50 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-06 10:36 - 2008-12-08 13:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-06 10:36 - 2008-12-08 05:28 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-09-06 10:36 - 2008-12-08 05:28 - 00000048 _____ C:\WINDOWS\wiaservc.log
2013-09-06 10:35 - 2008-12-08 13:47 - 00032620 _____ C:\WINDOWS\SchedLgU.Txt
2013-09-06 10:35 - 2008-12-08 13:47 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
2013-09-06 10:35 - 2008-12-08 05:24 - 05767168 _____ C:\WINDOWS\system32\config\Sys_link00
2013-09-06 10:34 - 2013-09-06 10:28 - 00000000 ____D C:\AdwCleaner
2013-09-06 10:33 - 2013-02-14 10:04 - 00000000 ___HD C:\Documents and Settings\AA\Application Data\CheckPoint
2013-09-06 10:33 - 2011-07-31 08:25 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\CheckPoint
2013-09-06 10:33 - 2008-12-08 13:47 - 00000000 ____D C:\Documents and Settings\Owner
2013-09-06 10:29 - 2012-12-23 20:19 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-09-06 10:20 - 2013-09-06 10:20 - 01081729 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2013-09-06 10:19 - 2013-09-06 10:19 - 01028823 _____ (Thisisu) C:\Documents and Settings\Owner\Desktop\JRT.exe
2013-09-06 10:18 - 2013-09-06 10:18 - 01037222 _____ C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
2013-09-06 10:15 - 2012-12-02 14:50 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-06 09:31 - 2009-06-04 07:08 - 00000422 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{2664307C-5C8F-4150-B55B-EDC489A3EE4E}.job
2013-09-06 00:26 - 2013-08-27 15:14 - 00072704 _____ C:\WINDOWS\offitems.log
2013-09-05 04:20 - 2012-01-01 08:57 - 00027136 _____ C:\Documents and Settings\Owner\My Documents\Health Journal 2013.xls
2013-09-05 04:20 - 2009-01-04 13:30 - 00007350 _____ C:\WINDOWS\Owner8.xlb
2013-09-04 11:15 - 2009-06-03 07:49 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Volunteering & Editing
2013-09-04 09:27 - 2008-12-14 11:28 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\POFCU
2013-09-03 16:09 - 2008-12-14 11:29 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Banking & Bills
2013-09-01 03:13 - 2013-09-01 03:13 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Avast Ad Blocker
2013-08-31 21:44 - 2013-08-31 21:44 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-31 21:43 - 2013-08-31 21:43 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-08-31 21:43 - 2013-08-31 21:43 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-08-31 21:43 - 2013-08-31 21:43 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-08-31 21:43 - 2013-08-31 21:43 - 00144896 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-08-31 21:43 - 2013-08-31 21:43 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-08-31 21:43 - 2012-06-10 18:23 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-08-31 21:43 - 2010-05-12 20:33 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-08-31 21:06 - 2013-08-31 21:06 - 00000664 _____ C:\Documents and Settings\Owner\My Documents\All Users Application Data.lnk
2013-08-31 21:05 - 2013-08-31 21:05 - 00000622 _____ C:\Documents and Settings\Owner\My Documents\Owner Application Data.lnk
2013-08-31 15:28 - 2011-12-28 19:37 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\EDD BOFA
2013-08-31 15:02 - 2010-09-30 15:43 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\CDBurnerXP Projects
2013-08-31 13:48 - 2008-12-10 17:50 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Ralonne
2013-08-31 13:39 - 2013-08-31 13:39 - 00212853 _____ C:\Documents and Settings\Owner\My Documents\Friends - Fifties Friends 13-0831 AM.txt
2013-08-30 13:30 - 2013-08-27 15:56 - 00000000 ____D C:\Program Files\AVAST Software
2013-08-30 10:52 - 2009-11-03 23:36 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Unused Icons
2013-08-30 10:51 - 2011-02-07 22:34 - 00000000 ___HD C:\Documents and Settings\Owner\My Documents\My Albums
2013-08-30 10:43 - 2010-09-30 16:23 - 00000000 ____D C:\WINDOWS\ERDNT
2013-08-30 00:15 - 2008-12-14 11:24 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Graphics
2013-08-29 19:39 - 2012-06-10 18:41 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-08-28 11:38 - 2009-09-05 21:57 - 00166993 _____ C:\WINDOWS\wmsetup.log
2013-08-28 00:12 - 2013-08-18 22:59 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-27 23:45 - 2013-08-27 23:45 - 00005236 _____ C:\WINDOWS\KB2834904-v2.log
2013-08-27 23:45 - 2013-08-27 23:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-08-27 23:45 - 2009-09-08 12:12 - 01553019 _____ C:\WINDOWS\FaxSetup.log
2013-08-27 23:45 - 2009-09-08 12:12 - 00763655 _____ C:\WINDOWS\ocgen.log
2013-08-27 23:45 - 2009-09-08 12:12 - 00597505 _____ C:\WINDOWS\tsoc.log
2013-08-27 23:45 - 2009-09-08 12:12 - 00524752 _____ C:\WINDOWS\setupapi.log
2013-08-27 23:45 - 2009-09-08 12:12 - 00515468 _____ C:\WINDOWS\comsetup.log
2013-08-27 23:45 - 2009-09-08 12:12 - 00314844 _____ C:\WINDOWS\ntdtcsetup.log
2013-08-27 23:45 - 2009-09-08 12:12 - 00244424 _____ C:\WINDOWS\iis6.log
2013-08-27 23:45 - 2009-09-08 12:12 - 00086358 _____ C:\WINDOWS\ocmsn.log
2013-08-27 23:45 - 2009-09-08 12:12 - 00078185 _____ C:\WINDOWS\msgsocm.log
2013-08-27 23:45 - 2009-09-08 12:12 - 00001374 _____ C:\WINDOWS\imsins.log
2013-08-27 23:19 - 2008-12-08 13:40 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-08-27 23:18 - 2011-04-15 19:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2412687$
2013-08-27 20:01 - 2008-12-16 18:46 - 75778376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-08-27 16:42 - 2010-09-30 15:42 - 00000000 ____D C:\Program Files\CDBurnerXP
2013-08-27 16:41 - 2013-08-27 15:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-08-27 16:01 - 2013-08-27 16:01 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-08-27 16:01 - 2013-08-27 16:01 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum
2013-08-27 16:01 - 2013-08-27 16:01 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2013-08-27 16:01 - 2013-08-27 16:01 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum
2013-08-27 16:01 - 2013-08-27 16:00 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-08-27 16:01 - 2013-08-27 16:00 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-08-27 16:01 - 2013-08-27 16:00 - 00175176 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-08-27 16:00 - 2008-12-08 13:37 - 00002577 ____C C:\WINDOWS\system32\CONFIG.NT
2013-08-27 15:03 - 2013-08-27 15:03 - 00014685 _____ C:\ComboFix.txt
2013-08-27 15:03 - 2010-09-30 16:23 - 00000000 ____D C:\Qoobox
2013-08-27 14:56 - 2004-08-04 05:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-08-27 14:51 - 2012-11-02 13:03 - 00000000 ____D C:\Program Files\Avira
2013-08-27 14:51 - 2012-11-02 13:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
2013-08-27 14:22 - 2013-08-27 14:22 - 00000000 _RSHD C:\cmdcons
2013-08-27 14:22 - 2008-12-08 05:24 - 00000327 __RSH C:\boot.ini
2013-08-27 13:38 - 2013-08-27 13:38 - 05114158 _____ (Swearware) C:\Documents and Settings\Owner\RJM CmboFx.exe
2013-08-27 12:20 - 2013-08-27 12:20 - 00000592 _____ C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
2013-08-27 12:20 - 2013-08-27 12:20 - 00000000 ____D C:\Program Files\ERUNT
2013-08-27 12:12 - 2011-08-14 14:08 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-08-27 12:12 - 2009-04-12 16:09 - 00000000 ____D C:\Program Files\CCleaner
2013-08-27 11:41 - 2013-04-20 23:56 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\DoNotTrackPlus
2013-08-27 11:25 - 2010-09-30 16:38 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Malwarebytes
2013-08-27 11:24 - 2009-09-29 21:48 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Angele
2013-08-26 13:16 - 2008-12-10 18:39 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-08-26 13:11 - 2008-12-08 13:34 - 00000000 ____D C:\WINDOWS\Registration
2013-08-24 10:35 - 2013-08-24 08:19 - 00031763 _____ C:\Documents and Settings\Owner\My Documents\Friends - Wavin in Serenity 13-0824 AM.log
2013-08-22 21:10 - 2011-08-20 16:35 - 00000000 ___RD C:\Program Files\Skype
2013-08-22 21:10 - 2011-04-25 17:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2013-08-22 15:25 - 2008-12-09 07:41 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Career Related
2013-08-20 23:32 - 2012-09-18 09:15 - 00692104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-08-20 23:32 - 2012-09-18 09:15 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-08-20 17:45 - 2011-07-31 08:24 - 00000000 ____D C:\Program Files\CheckPoint
2013-08-19 19:47 - 2012-10-31 15:52 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-17 10:00 - 2013-08-17 10:00 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2013-08-17 09:43 - 2008-12-08 13:47 - 00000803 _____ C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
2013-08-16 09:37 - 2004-08-04 05:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2013-08-14 16:01 - 2009-04-02 23:24 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-08-14 08:46 - 2013-08-14 08:45 - 00015405 _____ C:\WINDOWS\KB2862772-IE8.log
2013-08-14 08:46 - 2009-10-15 22:45 - 00106534 _____ C:\WINDOWS\updspapi.log
2013-08-14 08:46 - 2009-09-08 12:12 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-08-14 08:45 - 2009-05-31 20:34 - 00000000 ____D C:\WINDOWS\ie8updates
2013-08-14 08:44 - 2013-08-13 22:18 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-14 08:28 - 2008-12-08 05:26 - 00571100 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-14 08:24 - 2013-08-14 08:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-14 08:24 - 2013-08-14 08:08 - 00016731 _____ C:\WINDOWS\KB2859537.log
2013-08-14 08:24 - 2013-08-14 08:08 - 00015880 _____ C:\WINDOWS\KB2850869.log
2013-08-14 08:23 - 2013-08-14 08:23 - 00008201 _____ C:\WINDOWS\KB2863058.log
2013-08-14 08:23 - 2013-08-14 08:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-14 08:23 - 2013-08-14 08:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-14 08:23 - 2008-12-11 07:00 - 00260864 ____C C:\WINDOWS\system32\TZLog.log
2013-08-14 08:22 - 2013-08-14 08:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-10 14:44 - 2013-06-20 13:22 - 00000986 _____ C:\WINDOWS\Output.txt
2013-08-10 14:44 - 2013-06-20 13:21 - 00002401 _____ C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk
2013-08-07 14:37 - 2013-06-19 14:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
2013-08-07 10:56 - 2013-08-03 12:02 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Photos
 
Files to move or delete:
====================
C:\Documents and Settings\Owner\RJM CmboFx.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Quarantine.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\jrt\erunt\ERUNT.EXE
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-09-2013
Ran by Owner at 2013-09-06 10:55:26
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
7-Zip 9.20
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 12.0 (Version: 12.0.3.133)
Advertising Center (Version: 0.0.0.2)
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
avast! Ad Blocker (Version: 1.0.0.0)
avast! Free Antivirus (Version: 8.0.1489.0)
CCleaner (Version: 4.05)
CDBurnerXP (Version: 4.0.022.370)
Creative PC-CAM Center Lite
Creative WebCam Monitor
Critical Update for Windows Media Player 11 (KB959772)
dBpowerAMP Music Converter
doPDF 7.3 printer
ERUNT 1.1j
Google Chrome (Version: 29.0.1547.66)
IHA_MessageCenter (Version: 1.6.0)
ImagXpress (Version: 7.0.74.0)
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet (Version: 6.04.0001)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
JavaFX 2.1.1 (Version: 2.1.1)
Learn2 Player (Uninstall Only)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 23.0.1 (x86 en-US) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MSN Toolbar (Version: 4.0.0379.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 9 Essentials
Nero BurnRights (Version: 3.4.13.100)
Nero BurnRights Help (Version: 3.4.4.100)
Nero ControlCenter (Version: 9.0.0.1)
Nero CoverDesigner (Version: 4.4.12.100)
Nero CoverDesigner Help (Version: 4.4.9.100)
Nero DiscSpeed (Version: 5.4.13.100)
Nero DiscSpeed Help (Version: 5.4.4.100)
Nero DriveSpeed (Version: 4.4.12.100)
Nero DriveSpeed Help (Version: 4.4.4.100)
Nero Express Help (Version: 9.4.33.100)
Nero InfoTool (Version: 6.4.12.100)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero StartSmart (Version: 9.4.33.100)
Nero StartSmart Help (Version: 9.4.27.100)
Nero StartSmart OEM (Version: 9.4.10.100)
NeroExpress (Version: 9.4.33.100)
neroxml (Version: 1.0.0)
PhotoImpression
QuickTime (Version: 7.74.80.86)
RealPlayer Basic
Skype Click to Call (Version: 6.11.13348)
Skype™ 6.6 (Version: 6.6.106)
SoundMAX
swMSM (Version: 12.0.0.1)
Tweak UI
Uninstall AOL Emergency Connect Utility 1.0
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB971180) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2808679) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC 9.0 Runtime (Version: 1.0.0)
Verizon Download Manager (Version: 15)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Vz In Home Agent (Version: 8.03.71)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
ZoneAlarm Firewall (Version: 11.0.000.018)
ZoneAlarm Firewall (Version: 11.0.000.504)
ZoneAlarm Free Firewall (Version: 11.0.768.000)
ZoneAlarm Security (Version: 11.0.000.018)
ZoneAlarm Security (Version: 11.0.000.504)
ZoneAlarm Security Toolbar  (Version: 1.8.22.0)
 
 
==================== Restore Points  =========================
 
04-06-2013 04:26:26 System Checkpoint
15-06-2013 21:25:39 Removed Java 7 Update 7
10-06-2013 08:28:33 System Checkpoint
11-06-2013 22:28:13 System Checkpoint
12-06-2013 05:25:29 Software Distribution Service 3.0
14-06-2013 01:44:42 System Checkpoint
17-06-2013 10:04:26 System Checkpoint
19-06-2013 20:59:00 Removed Java 7 Update 7
19-06-2013 21:00:21 Installed Java 7 Update 25
25-06-2013 14:58:40 System Checkpoint
27-06-2013 21:56:11 System Checkpoint
28-06-2013 22:36:06 System Checkpoint
01-07-2013 03:31:56 System Checkpoint
06-07-2013 08:40:27 System Checkpoint
06-07-2013 20:10:57 Software Distribution Service 3.0
06-07-2013 21:33:17 Software Distribution Service 3.0
06-07-2013 22:28:25 Removed Bing Desktop
08-07-2013 14:23:01 System Checkpoint
11-07-2013 07:33:15 Software Distribution Service 3.0
12-07-2013 08:08:52 System Checkpoint
04-08-2013 22:11:40 System Checkpoint
10-08-2013 20:26:00 System Checkpoint
13-08-2013 05:09:47 System Checkpoint
14-08-2013 05:16:25 Software Distribution Service 3.0
14-08-2013 15:14:10 Software Distribution Service 3.0
15-08-2013 16:50:44 System Checkpoint
17-08-2013 00:35:47 System Checkpoint
18-08-2013 02:02:40 System Checkpoint
19-08-2013 15:00:01 System Checkpoint
22-08-2013 04:24:11 System Checkpoint
23-08-2013 04:32:51 System Checkpoint
24-08-2013 04:59:58 System Checkpoint
26-08-2013 16:24:12 System Checkpoint
27-08-2013 20:12:53 System Checkpoint
27-08-2013 21:18:04 Removed Avira SearchFree Toolbar.
27-08-2013 22:56:29 avast! Free Antivirus Setup
27-08-2013 23:44:46 Removed Java 7 Update 25
28-08-2013 00:25:09 Installed Java 7 Update 25
28-08-2013 06:45:21 Software Distribution Service 3.0
29-08-2013 09:42:35 System Checkpoint
30-08-2013 17:46:28 Removed EZ Fonts
01-09-2013 02:49:56 System Checkpoint
01-09-2013 04:41:11 Removed Java 7 Update 25
01-09-2013 04:42:53 Installed Java 7 Update 25
03-09-2013 03:46:58 System Checkpoint
04-09-2013 22:26:20 System Checkpoint
 
==================== Hosts content: ==========================
 
2004-08-04 05:00 - 2013-08-27 14:55 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{2664307C-5C8F-4150-B55B-EDC489A3EE4E}.job => C:\WINDOWS\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
2004-08-04 05:00 - 2008-04-13 17:10 - 00177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfime.ime
2008-12-08 14:55 - 2001-10-04 17:50 - 00040820 _____ (SoundMAX) C:\WINDOWS\system32\SYNCOR11.DLL
2004-08-04 05:00 - 2009-02-09 05:10 - 00401408 _____ (Microsoft Corporation) c:\windows\system32\rpcss.dll
2004-08-04 05:00 - 2008-04-13 17:12 - 00082432 _____ (Microsoft Corporation) c:\windows\system32\WS2_32.dll
2004-08-04 05:00 - 2008-04-13 17:12 - 00019968 _____ (Microsoft Corporation) c:\windows\system32\WS2HELP.dll
2008-12-08 13:33 - 2008-04-13 17:12 - 00295424 _____ (Microsoft Corporation) c:\windows\system32\termsrv.dll
2008-12-08 13:33 - 2008-04-13 17:11 - 00011264 _____ (Microsoft Corporation) c:\windows\system32\ICAAPI.dll
2004-08-04 05:00 - 2008-04-14 06:42 - 00985088 _____ (Microsoft Corporation) c:\windows\system32\SETUPAPI.dll
2004-08-04 05:00 - 2012-08-24 06:53 - 00177664 _____ (Microsoft Corporation) c:\windows\system32\WINTRUST.dll
2004-08-04 05:00 - 2013-03-26 15:53 - 00601600 _____ (Microsoft Corporation) c:\windows\system32\CRYPT32.dll
2004-08-04 05:00 - 2009-09-04 14:03 - 00058880 _____ (Microsoft Corporation) c:\windows\system32\MSASN1.dll
2004-08-04 05:00 - 2008-04-13 17:11 - 00062464 _____ (Microsoft Corporation) c:\windows\system32\AUTHZ.dll
2004-08-04 05:00 - 2008-04-13 17:12 - 00116224 _____ (Microsoft Corporation) c:\windows\system32\mstlsapi.dll
2004-08-04 05:00 - 2008-04-13 17:11 - 00193536 _____ (Microsoft Corporation) c:\windows\system32\ACTIVEDS.dll
2004-08-04 05:00 - 2008-04-13 17:11 - 00143360 _____ (Microsoft Corporation) c:\windows\system32\adsldpc.dll
2004-08-04 05:00 - 2012-07-06 06:58 - 00337920 _____ (Microsoft Corporation) c:\windows\system32\NETAPI32.dll
2004-08-04 05:00 - 2009-07-17 12:01 - 00058880 _____ (Microsoft Corporation) c:\windows\system32\ATL.DLL
2008-12-08 14:55 - 2001-10-04 17:50 - 00040820 _____ (SoundMAX) C:\WINDOWS\System32\SYNCOR11.DLL
2004-08-04 05:00 - 2009-07-27 16:17 - 00135168 _____ (Microsoft Corporation) c:\windows\system32\shsvcs.dll
2004-08-04 05:00 - 2008-04-13 17:11 - 00126976 _____ (Microsoft Corporation) c:\windows\system32\dhcpcsvc.dll
2004-08-04 05:00 - 2011-03-02 23:55 - 00149504 _____ (Microsoft Corporation) c:\windows\system32\DNSAPI.dll
2004-08-04 05:00 - 2008-04-13 17:11 - 00094720 _____ (Microsoft Corporation) c:\windows\system32\iphlpapi.dll
2004-08-04 05:00 - 2008-04-13 17:11 - 00062464 _____ (Microsoft Corporation) c:\windows\system32\cryptsvc.dll
2004-08-04 05:00 - 2008-04-13 17:11 - 00194560 _____ (Microsoft Corporation) c:\windows\system32\certcli.dll
2004-08-04 05:00 - 2008-04-13 17:11 - 00512512 _____ (Microsoft Corporation) c:\windows\system32\CRYPTUI.dll
2004-08-04 05:00 - 2008-04-13 17:11 - 01082368 _____ (Microsoft Corporation) c:\windows\system32\ESENT.dll
2008-12-08 13:34 - 2008-04-13 17:12 - 00192512 _____ (Microsoft Corporation) c:\windows\system32\schedsvc.dll
2004-08-04 05:00 - 2008-04-13 17:12 - 00067072 _____ (Microsoft Corporation) c:\windows\system32\NTDSAPI.dll
2004-08-04 05:00 - 2008-04-13 17:12 - 00018432 _____ (Microsoft Corporation) c:\windows\system32\WTSAPI32.dll
2004-08-04 05:00 - 2008-04-13 17:11 - 00042496 _____ (Microsoft Corporation) c:\windows\system32\audiosrv.dll
2004-08-04 05:00 - 2008-04-13 17:11 - 00023040 _____ (Microsoft Corporation) c:\windows\system32\ersvc.dll
2011-01-29 23:54 - 2008-04-13 17:11 - 00021504 _____ (Microsoft Corporation) c:\windows\system32\hidserv.dll
2004-08-03 17:56 - 2008-04-13 17:11 - 00020992 _____ (Microsoft Corporation) c:\windows\system32\HID.DLL
2004-08-04 05:00 - 2008-07-07 13:26 - 00253952 _____ (Microsoft Corporation) c:\windows\system32\es.dll
2004-08-04 05:00 - 2008-04-13 17:12 - 00198144 _____ (Microsoft Corporation) c:\windows\system32\netman.dll
2004-08-04 05:00 - 2008-04-13 17:11 - 00087040 _____ (Microsoft Corporation) c:\windows\system32\MPRAPI.dll
2004-08-04 05:00 - 2008-04-13 17:12 - 00044032 _____ (Microsoft Corporation) c:\windows\system32\rtutils.dll
2004-08-04 05:00 - 2008-04-13 17:12 - 01703936 _____ (Microsoft Corporation) c:\windows\system32\netshell.dll
2004-08-04 05:00 - 2008-04-13 17:11 - 00163840 _____ (Microsoft Corporation) c:\windows\system32\credui.dll
2008-04-13 17:11 - 2008-04-13 17:11 - 00026112 _____ (Microsoft Corporation) c:\windows\system32\dot3api.dll
2008-04-13 17:11 - 2008-04-13 17:11 - 00009216 _____ (Microsoft Corporation) c:\windows\system32\dot3dlg.dll
2008-04-13 17:12 - 2008-04-13 17:12 - 00144384 _____ (Microsoft Corporation) c:\windows\system32\OneX.DLL
2008-04-13 17:11 - 2008-04-13 17:11 - 00126976 _____ (Microsoft Corporation) c:\windows\system32\eappcfg.dll
2004-08-04 05:00 - 2008-04-13 17:12 - 00413696 _____ (Microsoft Corporation) c:\windows\system32\MSVCP60.dll
2008-04-13 17:11 - 2008-04-13 17:11 - 00040960 _____ (Microsoft Corporation) c:\windows\system32\eappprxy.dll
2004-08-04 05:00 - 2008-04-13 17:12 - 00237056 _____ (Microsoft Corporation) c:\windows\system32\RASAPI32.dll
2004-08-04 05:00 - 2008-04-13 17:12 - 00061440 _____ (Microsoft Corporation) c:\windows\system32\rasman.dll
2004-08-04 05:00 - 2008-04-13 17:12 - 00181760 _____ (Microsoft Corporation) c:\windows\system32\TAPI32.dll
2004-08-03 17:56 - 2008-04-13 17:12 - 00052736 _____ (Microsoft Corporation) c:\windows\system32\WZCSAPI.DLL
2004-08-03 17:56 - 2008-04-13 17:12 - 00483840 _____ (Microsoft Corporation) c:\windows\system32\WZCSvc.DLL
2004-08-04 05:00 - 2008-04-13 17:11 - 00005632 _____ (Microsoft Corporation) c:\windows\system32\WMI.dll
2008-04-13 17:11 - 2008-04-13 17:11 - 00030720 _____ (Microsoft Corporation) c:\windows\system32\EapolQec.dll
2008-04-13 17:12 - 2008-04-13 17:12 - 00076800 _____ (Microsoft Corporation) c:\windows\system32\QUtil.dll
2004-08-04 05:00 - 2008-04-13 17:12 - 00039424 _____ (Microsoft Corporation) c:\windows\system32\sens.dll
2004-08-04 05:00 - 2008-04-13 17:12 - 00018944 _____ (Microsoft Corporation) c:\windows\system32\seclogon.dll
2008-12-08 13:34 - 2008-04-13 17:12 - 00171008 _____ (Microsoft Corporation) c:\windows\system32\srsvc.dll
2004-08-04 05:00 - 2008-04-13 17:12 - 00017408 _____ (Microsoft Corporation) c:\windows\system32\POWRPROF.dll
2004-08-04 05:00 - 2008-04-13 17:12 - 00090112 _____ (Microsoft Corporation) c:\windows\system32\trkwks.dll
2004-08-04 05:00 - 2008-04-13 17:12 - 00175104 _____ (Microsoft Corporation) c:\windows\system32\w32time.dll
2008-12-08 13:34 - 2008-04-13 17:12 - 00006656 _____ (Microsoft Corporation) c:\windows\system32\wuauserv.dll
2004-08-04 05:00 - 2008-04-13 17:12 - 00080896 _____ (Microsoft Corporation) c:\windows\system32\wscsvc.dll
2004-08-04 05:00 - 2008-04-13 17:11 - 02843136 _____ (Microsoft Corporation) c:\windows\system32\msi.dll
2004-08-04 05:00 - 2008-04-13 17:11 - 00331264 _____ (Microsoft Corporation) c:\windows\system32\ipnathlp.dll
2004-08-04 05:00 - 2008-04-13 17:12 - 00249856 _____ (Microsoft Corporation) c:\windows\system32\tapisrv.dll
2004-08-04 05:00 - 2008-04-13 17:12 - 00023040 _____ (Microsoft Corporation) c:\windows\system32\PSAPI.DLL
2013-09-06 10:40 - 2013-09-06 08:18 - 02098176 _____ () C:\Program Files\AVAST Software\Avast\defs\13090601\algo.dll
2013-02-01 13:28 - 2012-10-03 13:50 - 00023944 _____ (Softland) C:\WINDOWS\system32\dopdfmn7.dll
2009-10-21 15:01 - 2008-07-06 05:06 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll
2013-07-23 22:32 - 2012-06-06 14:35 - 00270336 _____ (The Apache Software Foundation) C:\Program Files\Verizon\IHA_MessageCenter\Bin\log4net.dll
2013-07-23 22:32 - 2012-06-06 14:35 - 00049152 _____ ( ) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Interop.IWshRuntimeLibrary.dll
2013-07-23 22:32 - 2012-06-06 14:35 - 00012288 _____ ( ) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Interop.NetFwTypeLib.dll
2013-07-23 22:32 - 2012-06-06 14:35 - 00007168 _____ ( ) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Interop.NATUPNPLib.dll
2004-08-04 05:00 - 2008-04-13 17:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 05:00 - 2008-04-13 17:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2009-11-06 11:58 - 2009-11-06 11:58 - 01164584 _____ (Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NB.dll
2009-11-06 11:58 - 2009-11-06 11:58 - 00451880 _____ (Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\LBFC.dll
2009-11-06 11:58 - 2009-11-06 11:58 - 00275752 _____ (Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBBurn.dll
2009-11-06 11:58 - 2009-11-06 11:58 - 00197928 _____ (Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NeroAPIGlueLayerUnicode.dll
2011-05-16 00:35 - 2011-05-16 00:35 - 00881960 _____ (SupportSoft, Inc.) C:\Program Files\VERIZONDM\bin\sprtsched.dll
2011-05-16 00:36 - 2011-05-16 00:36 - 00402728 _____ (SupportSoft, Inc.) C:\Program Files\VERIZONDM\bin\sprtfod.dll
2011-05-16 00:36 - 2011-05-16 00:36 - 01069056 _____ (SupportSoft, Inc.) C:\Program Files\VERIZONDM\bin\LIBEAY32.dll
2011-05-16 00:35 - 2011-05-16 00:35 - 00886056 _____ (SupportSoft, Inc.) C:\Program Files\VERIZONDM\bin\sprtsync.dll
2011-05-16 00:35 - 2011-05-16 00:35 - 00345384 _____ (SupportSoft, Inc.) C:\Program Files\VERIZONDM\bin\sprtupdate.dll
2004-08-04 05:00 - 2008-04-13 17:12 - 00333824 _____ (Microsoft Corporation) c:\windows\system32\wiaservc.dll
2004-08-04 05:00 - 2008-04-13 17:09 - 00016896 _____ (Microsoft Corporation) c:\windows\system32\CFGMGR32.dll
2004-08-04 05:00 - 2008-04-14 06:42 - 00985088 _____ (Microsoft Corporation) c:\windows\system32\setupapi.DLL
2004-08-04 05:00 - 2008-06-24 09:43 - 00074240 _____ (Microsoft Corporation) c:\windows\system32\mscms.dll
2004-08-04 05:00 - 2008-04-13 17:12 - 00053760 _____ (Microsoft Corporation) c:\windows\system32\WINSTA.dll
1997-07-11 01:00 - 1997-07-11 01:00 - 03782416 _____ () C:\Program Files\Microsoft Office\Office\mso97.dll
2008-12-08 13:34 - 2008-04-13 17:12 - 00409088 _____ (Microsoft Corporation) c:\windows\system32\qmgr.dll
2004-08-04 05:00 - 2008-04-13 17:12 - 00025088 _____ (Microsoft Corporation) c:\windows\system32\SHFOLDER.dll
2004-08-04 05:00 - 2011-11-16 07:21 - 00354816 _____ (Microsoft Corporation) c:\windows\system32\WINHTTP.dll
1997-07-11 01:00 - 1997-07-11 01:00 - 01158416 _____ () C:\Program Files\Microsoft Office\Office\wwintl32.dll
1997-07-11 01:00 - 1997-07-11 01:00 - 03782416 _____ () C:\Program Files\Microsoft Office\Office\MSO97.DLL
2013-02-01 13:28 - 2012-10-03 13:50 - 00565128 _____ (Softland) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dopdfui7.dll
2013-02-01 13:28 - 2012-10-03 13:50 - 00618376 _____ (Softland) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dopdfpr7.dll
 
==================== Alternate Data Streams (whitelisted) ==========
 
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/04/2013 05:00:27 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.66;lang=;id=;is_machine=1;upload=1;minidump=C:\Program Files\Google\CrashReports\45c498e3-836b-4da1-a8f3-72760efd47b1.dmp
 
Error: (09/04/2013 04:59:06 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.66;lang=;id=;is_machine=1;upload=1;minidump=C:\Program Files\Google\CrashReports\e08c9d7e-ca3e-471f-a8cc-a0eb265f30ee.dmp
 
Error: (09/03/2013 11:57:37 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.62;lang=;id=;is_machine=1;upload=1;minidump=C:\Program Files\Google\CrashReports\19d40230-bff1-4ad8-a418-cb869b08cba0.dmp
 
Error: (09/03/2013 11:29:13 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.62;lang=;id=;is_machine=1;upload=1;minidump=C:\Program Files\Google\CrashReports\57405437-29b8-4cad-9ad3-513d89067b60.dmp
 
Error: (08/30/2013 10:34:14 AM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.62;lang=;id=;is_machine=1;upload=1;minidump=C:\Program Files\Google\CrashReports\9b657999-6ebb-4afc-a67e-7172b4fb0856.dmp
 
Error: (08/28/2013 09:03:46 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.57;lang=;id=;is_machine=1;upload=1;minidump=C:\Program Files\Google\CrashReports\b59caef2-afcd-412c-8e46-ec6e245f165f.dmp
 
Error: (08/28/2013 11:24:28 AM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.57;lang=;id=;is_machine=1;upload=1;minidump=C:\Program Files\Google\CrashReports\0dfa7761-9712-49d8-aaea-74bf57e3a423.dmp
 
Error: (08/27/2013 04:46:28 PM) (Source: MsiInstaller) (User: RALONNE)
Description: Product: Java 7 Update 25 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
 
Error: (08/27/2013 04:46:27 PM) (Source: MsiInstaller) (User: RALONNE)
Description: Product: Java 7 Update 25 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
 
Error: (08/27/2013 04:46:25 PM) (Source: MsiInstaller) (User: RALONNE)
Description: Product: Java 7 Update 25 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
 
 
System errors:
=============
Error: (09/06/2013 10:36:54 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1058
 
Error: (09/06/2013 10:36:54 AM) (Source: Service Control Manager) (User: )
Description: The Alerter service depends on the Workstation service which failed to start because of the following error: 
%%1058
 
Error: (09/06/2013 10:15:09 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (09/06/2013 09:31:03 AM) (Source: Service Control Manager) (User: )
Description: The IHA_MessageCenter service failed to start due to the following error: 
%%1053
 
Error: (09/06/2013 09:31:03 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the IHA_MessageCenter service to connect.
 
Error: (09/06/2013 09:31:03 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1058
 
Error: (09/06/2013 09:31:03 AM) (Source: Service Control Manager) (User: )
Description: The Alerter service depends on the Workstation service which failed to start because of the following error: 
%%1058
 
Error: (09/06/2013 01:15:10 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (09/05/2013 08:15:07 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (09/05/2013 08:00:03 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1058
 
 
Microsoft Office Sessions:
=========================
Error: (09/04/2013 05:00:27 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.66;lang=;id=;is_machine=1;upload=1;minidump=C:\Program Files\Google\CrashReports\45c498e3-836b-4da1-a8f3-72760efd47b1.dmp
 
Error: (09/04/2013 04:59:06 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.66;lang=;id=;is_machine=1;upload=1;minidump=C:\Program Files\Google\CrashReports\e08c9d7e-ca3e-471f-a8cc-a0eb265f30ee.dmp
 
Error: (09/03/2013 11:57:37 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.62;lang=;id=;is_machine=1;upload=1;minidump=C:\Program Files\Google\CrashReports\19d40230-bff1-4ad8-a418-cb869b08cba0.dmp
 
Error: (09/03/2013 11:29:13 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.62;lang=;id=;is_machine=1;upload=1;minidump=C:\Program Files\Google\CrashReports\57405437-29b8-4cad-9ad3-513d89067b60.dmp
 
Error: (08/30/2013 10:34:14 AM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.62;lang=;id=;is_machine=1;upload=1;minidump=C:\Program Files\Google\CrashReports\9b657999-6ebb-4afc-a67e-7172b4fb0856.dmp
 
Error: (08/28/2013 09:03:46 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.57;lang=;id=;is_machine=1;upload=1;minidump=C:\Program Files\Google\CrashReports\b59caef2-afcd-412c-8e46-ec6e245f165f.dmp
 
Error: (08/28/2013 11:24:28 AM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.57;lang=;id=;is_machine=1;upload=1;minidump=C:\Program Files\Google\CrashReports\0dfa7761-9712-49d8-aaea-74bf57e3a423.dmp
 
Error: (08/27/2013 04:46:28 PM) (Source: MsiInstaller)(User: RALONNE)
Description: Product: Java 7 Update 25 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)
 
Error: (08/27/2013 04:46:27 PM) (Source: MsiInstaller)(User: RALONNE)
Description: Product: Java 7 Update 25 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)
 
Error: (08/27/2013 04:46:25 PM) (Source: MsiInstaller)(User: RALONNE)
Description: Product: Java 7 Update 25 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 51%
Total physical RAM: 509.8 MB
Available physical RAM: 245.38 MB
Total Pagefile: 2016.17 MB
Available Pagefile: 1754.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.25 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.52 GB) (Free:45.67 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: DCCCDCCC)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 Oh My

Oh My

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 12,840 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:23 AM

Posted 06 September 2013 - 04:20 PM

Hi RJ,

Thanks again for your patience. I know you had to wait a bit for help. We are quite busy these days. :)

Let's clean up some entries. Please do this for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {4F9FC92B-72F5-4785-8E11-277ADEB7EB43} URL = http://www.bing.com/search?FORM=BDT3DF&PC=BDT3&dt=070613&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {CC3F432D-B388-4359-BD2F-F8E5609ADB22} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
BHO: No Name - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -  No File
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll No File
Toolbar: HKCU -No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
CHR DefaultSearchURL: (Bing) - http://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR DefaultSuggestURL: (Bing) - http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (downloadUpdater) - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
C:\Documents and Settings\Owner\RJM CmboFx.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Quarantine.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\jrt\erunt\ERUNT.EXE
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST log
  • How is your computer behaving?

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 RJM92550

RJM92550
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:01:23 AM

Posted 06 September 2013 - 05:01 PM

Hi again, Gary - 

 

Since I discovered the PUP malware, I've been scanning my system with a/v and malwarebytes daily. And, as I mentioned in my report yesterday, ever since I removed the x86System.EnterpriseServices and MSIL_IEExecRemote folders from my PC, my a/v and malwarebytes scans have been coming up clean. The only residual problem seems to be with my Firefox browser that was redirected by the malware. I only reset it after the first a/v and malwarebytes scans because I had so many valuable bookmarks that I didn't want to lose. I backed up those booksmarks in the event that I might have to reinstall it however.

 

Do you recommend that I reinstall Firefox?

 

Also, what do I do with those x86SES and MSIL folders that I moved out of system32? Should I delete them? 

 

Thanks again ever so much for your invaluable assistance. Please let me know where we stand and what I should do with my last 2 questions. Here's the fixlog:

 

RJ

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-09-2013
Ran by Owner at 2013-09-06 14:38:46 Run:1
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {4F9FC92B-72F5-4785-8E11-277ADEB7EB43} URL = http://www.bing.com/search?FORM=BDT3DF&PC=BDT3&dt=070613&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
 
SearchScopes: HKCU - {CC3F432D-B388-4359-BD2F-F8E5609ADB22} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
BHO: No Name - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -  No File
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll No File
Toolbar: HKCU -No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (downloadUpdater) - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (Shockwave for Director)
- C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
C:\Documents and Settings\Owner\RJM CmboFx.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Quarantine.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\jrt\erunt\ERUNT.EXE
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
*****************
 
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => Value deleted successfully.
HKCR\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4F9FC92B-72F5-4785-8E11-277ADEB7EB43} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{4F9FC92B-72F5-4785-8E11-277ADEB7EB43} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC3F432D-B388-4359-BD2F-F8E5609ADB22} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{CC3F432D-B388-4359-BD2F-F8E5609ADB22} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully.
HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} => Key deleted successfully.
HKCR\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4} => Value deleted successfully.
HKCR\CLSID\{ba00b7b1-0351-477a-b948-23e3ee5a73d4} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Value deleted successfully.
HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Key not found.
CHR DefaultSearchURL: (Bing) - http://www.bing.com/search?setmkt=en-US&q={searchTerms} ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSuggestURL: (Bing) - http://api.bing.com/osjson.aspx?query={searchTerms}&language={language} ==> The Chrome "Settings" can be used to fix the entry.
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll not found.
C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll not found.
C:\Program Files\Mozilla Firefox\plugins\npdnu.dll not found.
C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll not found.
C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll not found.
C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll not found.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll not found.
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll not found.
c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll not found.
C:\Documents and Settings\Owner\RJM CmboFx.exe => Moved successfully.
C:\DOCUME~1\Owner\LOCALS~1\Temp\Quarantine.exe => Moved successfully.
C:\DOCUME~1\Owner\LOCALS~1\Temp\jrt\erunt\ERUNT.EXE => Moved successfully.
"C:\WINDOWS\system32\MRT.exe" => ":SummaryInformation" ADS not found.
C:\WINDOWS\system32\MRT.exe => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
 
==== End of Fixlog ====


#8 Oh My

Oh My

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 12,840 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:23 AM

Posted 06 September 2013 - 05:32 PM

Hi RJ,

Don't delete those folders yet.

Have you experienced any redirects with other browsers? We can wait a bit to see if a reinstall of Firefox is necessary.

Please do this.

===================================================

Junction

--------------------
  • Please download Junction.zip and save it to your desktop
  • Unzip it and place Junction.exe in the Windows directory (C:\Windows).
  • Go to Start => Run => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

  • A command window opens starting to scan the system. Although it may appear nothing is happening please wait until a log file opens.
  • Copy and paste the log in your next reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Junction log

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 RJM92550

RJM92550
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:01:23 AM

Posted 06 September 2013 - 05:53 PM

Uh oh - not sure what I did wrong but it appears this didn't work correctly, Gary. I only had your email directions pasted into a notepad file to reference as I followed your directions. I closed Zonealarm since it keeps asking for permissions, but left my avast up this time.

 

Should I close every app down before I run this?

 

Let me know and again, thanks.

 

RJ

 

 
Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com
 
 
Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.
 
 
...
     
...
     
...
     
...
     
...
     
...
     
...
     
...
     
...
     
...
     
...
     
...
     
...
     
...
     
...
     
...
     
...
     
...
     
...
     
...
Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.
 
 
 
     
...
     
...
     
...
     
...
     
...
     
...
     
...
     
...
     
...
     
...
     
...
     
...
     
...
     
..\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
   Print Name     : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
   Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
 
.\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
   Print Name     : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
   Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
 
 
     
...
     
...
     
...
     
...
     
..\\?\c:\\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a: JUNCTION
   Print Name     : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492
   Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492
 
.
     
...
     
...
     
...
     
...
     
...
     
...
     
.


#10 Oh My

Oh My

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 12,840 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:23 AM

Posted 06 September 2013 - 06:01 PM

No, you did it right.

 

So I moved them from the system32 folder and placed them in a backup folder to discuss with you.

What is the folder name you created?


Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 RJM92550

RJM92550
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:01:23 AM

Posted 06 September 2013 - 06:05 PM

Hahahahahaha! Folder name = Backups



#12 Oh My

Oh My

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 12,840 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:23 AM

Posted 06 September 2013 - 06:27 PM

OK, just need a little clarification. You said you were getting single hits but they stopped. I know that was after you moved the 3 folders. But I am interested in the 10 files you removed. Did you remove the 10 files, you still had hits afterwards, then you removed the 3 folders and the hits stopped? Were the hits PUP's?
Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 RJM92550

RJM92550
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:01:23 AM

Posted 06 September 2013 - 07:00 PM

Sorry, wasn't very clear, was I? 

 

Yes after I removed the 10 files that I found with farsi type filenames (I could kick myself for deleting them without thinking ahead), I had one more hit and it was the PUP:Win32:Installer-L [PUP] error that came up. So then I found the x86/msil folders and got no more detection hits.

 

However, I noticed in recent avast scans I get no detections but it lists 4-5 files like this:

 

Filename: c:\program files\...|>AttributionFile      Status: Error: Reached the end of the file (38)

Filename: c:\...|>FileChromeBrowserManifest5  Status: Error: Reached the end of the file (38)

Filename: c:\...|>FileChromeBrowserManifest5  Status: Error: Reached the end of the file (38)

Filename: c:\...|>AttributionFile                           Status: Error: Reached the end of the file (38)

Filename: c:\...|>FileChromeBrowserManifest5  Status: Error: Reached the end of the file (38)

Filename: c:\...|>FileChromeBrowserManifest5  Status: Error: Reached the end of the file (38)

 

Back on 8/31 it listed this for what I've determined to be approximately 350 different filenames; one example of which follows:

 

Filename: c:\program files\...\bgBody.png      Status: Error: Archive is password protected (42056)

 

These all fall under "some files could not be scanned" in the scan results listed in Avast. The password protected results stopped after i moved those x86 folders on 9/1. All I've gotten since then are the reached end of file scan results on every scan.

 

Does that answer your questions, Gary? Let me know.



#14 Oh My

Oh My

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 12,840 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:23 AM

Posted 06 September 2013 - 09:04 PM

Greetings RJ,

Yes that does answer my questions, thank you. Those files seem to be related to .NET Framework. Since your computer is running well I would leave them where they are and let some time pass. This is just a thought, but you may run into a .NET issue somewhere down the line. If so then you might have to reinstall. Sometimes that can be a bit tricky depending on which version of .NET you need to start with and build upon. There can be a certain order you need to follow.

I would like to run ESET Online Scanner because it does a very thorough job at identifying leftover entries. You might want to consider letting it run overnight as it could take a number of hours to complete.

Please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Are you currently having any issues?

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 RJM92550

RJM92550
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:01:23 AM

Posted 07 September 2013 - 12:14 AM

9/16/13 10:06PM - Eset is still running as I type this and thus far @ 99% has found a total of 5 threats. What's upsetting to me is that this malware only became known once I accidentally clicked a spam link in a Huffington Post article, back around the 21st of August, that made my system act weird. Until then neither malwarebytes nor avira had found any malware. I uninstalled avira at the direction of my sister's computer tech and reinstalled avast. However, I believe I had Avast when the Ask toolbar was bundled with a software update; the checkpoint (zonealarm) toolbar CAME WITH a zonealarm update within the last month or so! I got rid of the first Avast a/v when it let a trojan through.

 

I do not download software unless it appears to be my usual software update that's set to run automatically.  How can I be confident when told by a software update that I need to install these toolbars or else the software won't be updated?

 

Interestingly enough, I didn't like the ask toolbar and removed it within a couple weeks of having it, and this was at least a year ago; I removed the zonealarm toolbar from Firefox, but left it on IE since I rarely use IE. When my firefox got redirected, I immediately went into the about:config and reset all of the search urls and references from zonealarm to default. In fact I went through the entire about: config list and reset everything to default that referenced either zonealarm or anything else I didn't recognize. I don't know if that was a good thing or not, or if that's why i haven't had any of the browser redirect symptoms I've been reading about, but it must've helped mitigate some of the damage. Plus I changed my frequently used important PWs afterwards.

 

9/6/13 10:13PM Scan results:

 

C:\Program Files\Avira\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.11.11\zonealarmTlbr.dll a variant of Win32/Toolbar.Montiera.F application cleaned by deleting - quarantined
C:\System Volume Information\_restore{847B7C44-AA4D-4860-B56C-531DF5C67744}\RP794\A0703518.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\System Volume Information\_restore{847B7C44-AA4D-4860-B56C-531DF5C67744}\RP794\A0703520.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\System Volume Information\_restore{847B7C44-AA4D-4860-B56C-531DF5C67744}\RP794\A0703660.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
 

On the quarantined part of the eset scan should I have Eset delete those files?

 

Let me know the next steps at your earliest convenience, Gary and again thank you!!!!!!!!!

 

RJ






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users