Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing SmartPCFix 3.09 - Will Not Uninstall


  • This topic is locked This topic is locked
20 replies to this topic

#1 trainreth

trainreth

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:20 AM

Posted 02 March 2014 - 10:43 PM

Hello! I am working on fixing a co-worker's laptop running Windows XP Professional that appeared to be infested with a variety of spyware and malware. I ran scans with AVG, Spybot Search and Destroy and AdwCleaner, and also uninstalled a program called Jump Flip that had hijacked the search function of all of the browsers. When investigating the installed programs, I found one called SmartPCFix 3.09 that appears to be some kind of rogue antivirus that will not let me uninstall it. I am hoping to get help in removing it, as well as anything else nasty that I may have missed. Upon logging in to Windows, I also get an alert in the system tray that the firewall is turned off, which goes away once all of the other various start up activities have finished (the firewall begins off, but turns itself on.. maybe after connecting to the internet) - I don't know if that means anything, but it seems odd.

 

So far, I have backed up the computer to an external hard drive and attempted to follow the instructions for creating logs using DDS, however DDS fails to complete as it locks up the entire computer when the progress bar reaches 80%.

 

Thank you in advance for any help!!



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 AM

Posted 03 March 2014 - 05:27 AM





Hello trainreth

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 trainreth

trainreth
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:20 AM

Posted 03 March 2014 - 09:24 AM

I was able to run FRST with no issues, so the FRST.txt is below, and the Addition.txt is attached. Thank you!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-03-2014
Ran by Abbey (administrator) on ABBEY-AF25A432A on 03-03-2014 09:13:08
Running from C:\Documents and Settings\Abbey\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Agere Systems) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Corporation) C:\WINDOWS\System32\accelerometerST.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2009-07-20] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [888832 2008-07-25] (Analog Devices, Inc.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-02-03] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [snp2uvc] - C:\WINDOWS\system32\csnp2uvc.dll [211840 2010-06-03] ( )
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [506936 2009-03-10] (Hewlett-Packard)
HKLM\...\Run: [AccelerometerSysTrayApplet] - c:\WINDOWS\System32\accelerometerST.exe [82488 2009-01-22] (Hewlett-Packard Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HPCam_Menu] - c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [hpqSRMon] - [X]
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1QzutCzz0AzytDyDzytC0DzzyEtC0AtA0EyBtN0D0Tzu0SyByDtCtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=91667452&ir=
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1382658258578
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 72.240.13.7 72.240.13.6 156.154.70.43

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Abbey\Application Data\Mozilla\Firefox\Profiles\ibfqm66s.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR Extension: (Google Docs) - C:\Documents and Settings\Abbey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-11]
CHR Extension: (Google Drive) - C:\Documents and Settings\Abbey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-11]
CHR Extension: (YouTube) - C:\Documents and Settings\Abbey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-11]
CHR Extension: (Google Search) - C:\Documents and Settings\Abbey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-11]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Abbey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-11]
CHR Extension: (Gmail) - C:\Documents and Settings\Abbey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-11]
CHR HKLM\...\Chrome\Extension: [debmkdhphjfcbaomiknnceliiclnpmfg] - C:\Program Files\Jump Flip\debmkdhphjfcbaomiknnceliiclnpmfg.crx [2014-02-11]

========================== Services (Whitelisted) =================

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S3 iPodService; C:\Program Files\iPod\bin\iPodService.exe [327680 2004-12-18] (Apple Computer, Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-03-01] (Oracle Corporation)

==================== Drivers (Whitelisted) ====================

R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 AX88772; C:\WINDOWS\System32\DRIVERS\ax88772.sys [32384 2008-06-24] (ASIX Electronics Corp.)
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [534568 2009-01-14] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2009-01-14] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991656 2009-01-14] (Broadcom Corporation.)
R3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [156816 2009-01-14] (Broadcom Corporation.)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2009-01-14] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-01-17] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-01-17] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-01-17] (HP)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [6601216 2010-04-05] (Intel Corporation)
R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc)
R3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [1763968 2010-06-03] ()
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [299008 2010-01-08] (Marvell)
S4 IntelIde; No ImagePath
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-03 09:13 - 2014-03-03 09:13 - 00013815 _____ () C:\Documents and Settings\Abbey\Desktop\FRST.txt
2014-03-03 09:13 - 2014-03-03 09:13 - 00000000 ____D () C:\FRST
2014-03-03 09:11 - 2014-03-03 09:12 - 01145344 _____ (Farbar) C:\Documents and Settings\Abbey\Desktop\FRST.exe
2014-03-02 10:46 - 2014-03-02 10:46 - 00688992 ____R (Swearware) C:\Documents and Settings\Abbey\Desktop\dds.com
2014-03-02 09:24 - 2014-03-02 09:24 - 00000772 _____ () C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
2014-03-02 09:24 - 2014-03-02 09:24 - 00000000 ____D () C:\Program Files\Runtime Software
2014-03-02 09:24 - 2014-03-02 09:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Computer Backup
2014-03-02 09:15 - 2014-03-02 09:28 - 00010619 _____ () C:\WINDOWS\setupapi.log
2014-03-01 20:00 - 2014-03-01 20:13 - 00000000 ____D () C:\AdwCleaner
2014-03-01 19:45 - 2014-03-01 19:45 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-01 15:48 - 2014-03-01 15:48 - 00000000 ____D () C:\Program Files\QuickTime
2014-03-01 15:48 - 2014-03-01 15:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2014-03-01 15:47 - 2014-03-01 15:47 - 00001830 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
2014-03-01 15:47 - 2014-03-01 15:47 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-03-01 15:47 - 2014-03-01 15:47 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-01 15:47 - 2014-03-01 15:47 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-03-01 15:47 - 2014-03-01 15:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple
2014-03-01 15:47 - 2014-03-01 15:47 - 00000000 ____D () C:\Documents and Settings\Abbey\Local Settings\Application Data\Apple
2014-03-01 15:44 - 2014-03-01 15:50 - 00019456 _____ () C:\Documents and Settings\Abbey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-01 15:44 - 2014-03-01 15:44 - 00000000 ____D () C:\Documents and Settings\Abbey\Application Data\Windows Search
2014-03-01 12:59 - 2014-03-01 12:59 - 00000000 ____D () C:\WINDOWS\Sun
2014-03-01 12:59 - 2014-03-01 12:59 - 00000000 ____D () C:\Documents and Settings\Abbey\Local Settings\Application Data\Sun
2014-03-01 12:58 - 2014-03-01 12:58 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-03-01 12:58 - 2014-03-01 12:58 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-03-01 12:58 - 2014-03-01 12:58 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-03-01 12:58 - 2014-03-01 12:58 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-03-01 12:58 - 2014-03-01 12:58 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-03-01 12:58 - 2014-03-01 12:58 - 00000000 ____D () C:\Program Files\Java
2014-03-01 12:58 - 2014-03-01 12:58 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-03-01 12:58 - 2014-03-01 12:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-03-01 12:58 - 2014-03-01 12:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Sun
2014-03-01 12:57 - 2014-03-01 12:57 - 00000000 ____D () C:\Documents and Settings\Abbey\Application Data\Sun
2014-03-01 12:55 - 2014-03-01 13:00 - 00000000 ____D () C:\Documents and Settings\Abbey\Application Data\HpUpdate
2014-03-01 12:55 - 2014-03-01 12:55 - 00000000 ____D () C:\WINDOWS\Hewlett-Packard
2014-02-24 13:10 - 2014-02-24 13:11 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-24 13:03 - 2014-02-24 13:03 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-24 13:03 - 2014-02-24 13:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-02-24 12:43 - 2008-04-14 07:00 - 00000734 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140224-124306.backup
2014-02-24 09:49 - 2014-03-01 20:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-02-24 09:49 - 2014-02-24 09:55 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-02-24 09:49 - 2014-02-24 09:49 - 00000933 _____ () C:\Documents and Settings\Abbey\Desktop\Spybot - Search & Destroy.lnk
2014-02-24 09:49 - 2014-02-24 09:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
2014-02-24 09:33 - 2008-04-14 05:41 - 00021504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidserv.dll
2014-02-24 09:33 - 2008-04-14 05:41 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2014-02-24 09:33 - 2008-04-14 00:15 - 00010368 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidusb.sys
2014-02-24 09:33 - 2008-04-14 00:15 - 00010368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2014-02-24 09:33 - 2001-08-17 13:48 - 00012160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mouhid.sys
2014-02-24 09:33 - 2001-08-17 13:48 - 00012160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2014-02-18 17:05 - 2014-02-18 17:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-13 11:28 - 2014-02-13 11:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-11 11:58 - 2014-02-22 08:12 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-02-11 11:58 - 2014-02-11 11:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-02-11 11:54 - 2014-03-03 09:06 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-11 11:54 - 2014-03-02 10:59 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-11 11:54 - 2014-02-11 11:58 - 00000000 ____D () C:\Program Files\Google
2014-02-11 11:54 - 2014-02-11 11:58 - 00000000 ____D () C:\Documents and Settings\Abbey\Local Settings\Application Data\Google
2014-02-09 12:49 - 2014-02-09 12:49 - 00490702 _____ () C:\Documents and Settings\Abbey\My Documents\paycheck.htm
2014-02-09 12:49 - 2014-02-09 12:49 - 00000000 ____D () C:\Documents and Settings\Abbey\My Documents\paycheck_files
2014-02-05 11:45 - 2014-02-05 11:45 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat

==================== One Month Modified Files and Folders =======

2014-03-03 09:13 - 2014-03-03 09:13 - 00013815 _____ () C:\Documents and Settings\Abbey\Desktop\FRST.txt
2014-03-03 09:13 - 2014-03-03 09:13 - 00000000 ____D () C:\FRST
2014-03-03 09:12 - 2014-03-03 09:11 - 01145344 _____ (Farbar) C:\Documents and Settings\Abbey\Desktop\FRST.exe
2014-03-03 09:11 - 2013-11-18 13:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-03-03 09:09 - 2013-10-23 10:58 - 01417457 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-03 09:08 - 2013-10-24 08:49 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{5BE72BA5-ED0D-4D34-8936-CB3EA350C56B}.job
2014-03-03 09:07 - 2008-04-14 07:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-03 09:06 - 2014-02-11 11:54 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-03 09:06 - 2013-10-23 06:27 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-03-03 09:06 - 2013-10-23 06:26 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-03 09:05 - 2013-10-23 11:06 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-03 09:05 - 2009-02-03 23:13 - 00121808 _____ () C:\WINDOWS\system32\ativvaxx.cap
2014-03-02 10:59 - 2014-02-11 11:54 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-02 10:46 - 2014-03-02 10:46 - 00688992 ____R (Swearware) C:\Documents and Settings\Abbey\Desktop\dds.com
2014-03-02 09:55 - 2013-12-17 14:14 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-02 09:28 - 2014-03-02 09:15 - 00010619 _____ () C:\WINDOWS\setupapi.log
2014-03-02 09:28 - 2013-10-23 10:56 - 00000000 ____D () C:\WINDOWS\Registration
2014-03-02 09:28 - 2013-10-23 06:16 - 00000000 ____D () C:\WINDOWS\repair
2014-03-02 09:24 - 2014-03-02 09:24 - 00000772 _____ () C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
2014-03-02 09:24 - 2014-03-02 09:24 - 00000000 ____D () C:\Program Files\Runtime Software
2014-03-02 09:24 - 2014-03-02 09:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Computer Backup
2014-03-01 20:16 - 2014-02-24 09:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-03-01 20:14 - 2013-10-23 18:00 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-03-01 20:14 - 2013-10-23 11:09 - 00000178 ___SH () C:\Documents and Settings\Abbey\ntuser.ini
2014-03-01 20:14 - 2013-10-23 11:06 - 00032564 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-01 20:13 - 2014-03-01 20:00 - 00000000 ____D () C:\AdwCleaner
2014-03-01 19:45 - 2014-03-01 19:45 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-01 19:45 - 2013-10-23 11:29 - 00000000 __SHD () C:\Documents and Settings\Abbey\UserData
2014-03-01 19:45 - 2013-10-23 11:09 - 00000000 ____D () C:\Documents and Settings\Abbey
2014-03-01 19:30 - 2013-11-18 12:30 - 00000000 ____D () C:\Documents and Settings\Abbey\Application Data\Apple Computer
2014-03-01 15:50 - 2014-03-01 15:44 - 00019456 _____ () C:\Documents and Settings\Abbey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-01 15:48 - 2014-03-01 15:48 - 00000000 ____D () C:\Program Files\QuickTime
2014-03-01 15:48 - 2014-03-01 15:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2014-03-01 15:48 - 2013-11-18 12:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple Computer
2014-03-01 15:47 - 2014-03-01 15:47 - 00001830 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
2014-03-01 15:47 - 2014-03-01 15:47 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-03-01 15:47 - 2014-03-01 15:47 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-01 15:47 - 2014-03-01 15:47 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-03-01 15:47 - 2014-03-01 15:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple
2014-03-01 15:47 - 2014-03-01 15:47 - 00000000 ____D () C:\Documents and Settings\Abbey\Local Settings\Application Data\Apple
2014-03-01 15:47 - 2013-11-18 12:30 - 00000000 ____D () C:\Documents and Settings\Abbey\Local Settings\Application Data\Apple Computer
2014-03-01 15:44 - 2014-03-01 15:44 - 00000000 ____D () C:\Documents and Settings\Abbey\Application Data\Windows Search
2014-03-01 13:00 - 2014-03-01 12:55 - 00000000 ____D () C:\Documents and Settings\Abbey\Application Data\HpUpdate
2014-03-01 13:00 - 2014-01-30 10:05 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-03-01 12:59 - 2014-03-01 12:59 - 00000000 ____D () C:\WINDOWS\Sun
2014-03-01 12:59 - 2014-03-01 12:59 - 00000000 ____D () C:\Documents and Settings\Abbey\Local Settings\Application Data\Sun
2014-03-01 12:58 - 2014-03-01 12:58 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-03-01 12:58 - 2014-03-01 12:58 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-03-01 12:58 - 2014-03-01 12:58 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-03-01 12:58 - 2014-03-01 12:58 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-03-01 12:58 - 2014-03-01 12:58 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-03-01 12:58 - 2014-03-01 12:58 - 00000000 ____D () C:\Program Files\Java
2014-03-01 12:58 - 2014-03-01 12:58 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-03-01 12:58 - 2014-03-01 12:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-03-01 12:58 - 2014-03-01 12:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Sun
2014-03-01 12:57 - 2014-03-01 12:57 - 00000000 ____D () C:\Documents and Settings\Abbey\Application Data\Sun
2014-03-01 12:56 - 2013-11-17 15:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2014-03-01 12:55 - 2014-03-01 12:55 - 00000000 ____D () C:\WINDOWS\Hewlett-Packard
2014-03-01 12:53 - 2013-10-24 08:57 - 00000000 ____D () C:\Documents and Settings\Abbey\Local Settings\Application Data\Adobe
2014-02-24 13:11 - 2014-02-24 13:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-24 13:09 - 2013-11-18 13:27 - 00000000 ____D () C:\Program Files\AVG
2014-02-24 13:03 - 2014-02-24 13:03 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-24 13:03 - 2014-02-24 13:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-02-24 13:01 - 2013-10-25 08:38 - 00001945 _____ () C:\WINDOWS\epplauncher.mif
2014-02-24 09:55 - 2014-02-24 09:49 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-02-24 09:55 - 2013-12-17 14:14 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-24 09:55 - 2013-12-17 14:14 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-24 09:49 - 2014-02-24 09:49 - 00000933 _____ () C:\Documents and Settings\Abbey\Desktop\Spybot - Search & Destroy.lnk
2014-02-24 09:49 - 2014-02-24 09:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
2014-02-22 08:12 - 2014-02-11 11:58 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-02-22 07:31 - 2013-11-18 13:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-18 17:05 - 2014-02-18 17:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-13 16:06 - 2013-10-23 17:53 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-13 11:28 - 2014-02-13 11:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-13 11:25 - 2013-10-23 06:24 - 00600456 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-13 11:18 - 2013-10-24 08:10 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-02-11 11:58 - 2014-02-11 11:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-02-11 11:58 - 2014-02-11 11:54 - 00000000 ____D () C:\Program Files\Google
2014-02-11 11:58 - 2014-02-11 11:54 - 00000000 ____D () C:\Documents and Settings\Abbey\Local Settings\Application Data\Google
2014-02-10 20:00 - 2013-10-24 16:10 - 00000000 ____D () C:\Documents and Settings\Abbey\Desktop\wedding
2014-02-09 12:49 - 2014-02-09 12:49 - 00490702 _____ () C:\Documents and Settings\Abbey\My Documents\paycheck.htm
2014-02-09 12:49 - 2014-02-09 12:49 - 00000000 ____D () C:\Documents and Settings\Abbey\My Documents\paycheck_files
2014-02-06 03:54 - 2008-04-14 07:00 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-06 03:54 - 2008-04-14 07:00 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-05 21:50 - 2014-01-16 19:46 - 00014603 _____ () C:\Documents and Settings\Abbey\My Documents\flower  seed saver ex.xlsx
2014-02-05 18:26 - 2013-10-24 08:10 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-05 18:26 - 2013-10-24 08:10 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-05 18:26 - 2013-10-24 08:10 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-05 18:26 - 2013-10-24 08:10 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-05 18:26 - 2013-10-23 16:14 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-05 18:26 - 2013-10-23 16:14 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-05 18:26 - 2013-10-23 16:14 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-05 18:26 - 2013-10-23 16:14 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-05 18:26 - 2013-10-23 10:57 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 06021120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-05 18:26 - 2008-04-14 07:00 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-05 18:26 - 2008-04-14 07:00 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00184320 ____N (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00067072 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00018944 ____N (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-05 18:26 - 2007-08-13 17:54 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-05 18:26 - 2007-08-13 17:54 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-05 18:26 - 2007-08-13 17:54 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-05 18:26 - 2007-08-13 17:34 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-05 17:24 - 2008-04-14 07:00 - 00385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-02-05 11:45 - 2014-02-05 11:45 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-02-04 19:09 - 2013-10-23 16:21 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Some content of TEMP:
====================
C:\Documents and Settings\Abbey\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-60dfa268.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 AM

Posted 03 March 2014 - 12:44 PM



Hello trainreth

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 trainreth

trainreth
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:20 AM

Posted 03 March 2014 - 07:48 PM

Hi Gringo, I was able to run both programs and have pasted the logs below. The PC seems to be running ok (I haven't really used it for anything besides running those programs), although for some reason I can't log into these forums using Google Chrome, only Firefox. Must be some incompatible setting, as I can log into the forums on my own laptop fine.

# AdwCleaner v3.020 - Report created 03/03/2014 at 19:03:10
# Updated 27/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Abbey - ABBEY-AF25A432A
# Running from : C:\Documents and Settings\Abbey\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Documents and Settings\Abbey\Application Data\Mozilla\Firefox\Profiles\ibfqm66s.default\prefs.js ]


-\\ Google Chrome v33.0.1750.117

[ File : C:\Documents and Settings\Abbey\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4330 octets] - [01/03/2014 20:00:33]
AdwCleaner[R1].txt - [1108 octets] - [01/03/2014 20:07:01]
AdwCleaner[R2].txt - [1213 octets] - [03/03/2014 19:01:53]
AdwCleaner[S0].txt - [4101 octets] - [01/03/2014 20:02:31]
AdwCleaner[S1].txt - [1170 octets] - [01/03/2014 20:13:36]
AdwCleaner[S2].txt - [1135 octets] - [03/03/2014 19:03:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1195 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by Abbey on Mon 03/03/2014 at 19:10:29.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/03/2014 at 19:14:25.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 AM

Posted 03 March 2014 - 10:07 PM


Hello trainreth

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 trainreth

trainreth
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:20 AM

Posted 03 March 2014 - 11:47 PM

Hi Gringo.. I might be having a problem trying to run Combofix on the PC. I installed it to the desktop, disabled all aspects of the antivirus (AVG) and firewall (Windows firewall), ran Combofix, allowed it to install the Recovery Console, and then took my hands far away from the mouse so that I couldn't inadvertently click on the window and stall it. However, once Combofix opens the AutoScan window and has created a system restore point, it appears to freeze up the computer - the clock was stuck at the same time as the scan started, even 25 minutes later. I turned the computer off and on again, and have attempted to scan it once more, but the same thing happened. Is this normal?



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 AM

Posted 04 March 2014 - 08:14 AM


Hello trainreth

I would like you to try this to see if combofix will run

combofix
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 trainreth

trainreth
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:20 AM

Posted 04 March 2014 - 10:12 AM

Thanks, Gringo! It completed this time. I have pasted the log below as instructed.

ComboFix 14-03-04.01 - Abbey 03/04/2014  10:04:08.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3066.2354 [GMT -5:00]
Running from: c:\documents and settings\Abbey\Desktop\ComboFix.exe
Command switches used :: /nombr
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-04 to 2014-03-04  )))))))))))))))))))))))))))))))
.
.
2014-03-04 00:10 . 2014-03-04 00:10    --------    d-----w-    c:\windows\ERUNT
2014-03-03 14:13 . 2014-03-03 14:14    --------    d-----w-    C:\FRST
2014-03-02 14:24 . 2014-03-02 14:24    --------    d-----w-    c:\program files\Runtime Software
2014-03-02 01:00 . 2014-03-04 00:03    --------    d-----w-    C:\AdwCleaner
2014-03-01 20:48 . 2014-03-01 20:48    --------    d-----w-    c:\program files\QuickTime
2014-03-01 20:47 . 2014-03-01 20:47    --------    d-----w-    c:\program files\Common Files\Apple
2014-03-01 20:47 . 2014-03-01 20:47    --------    d-----w-    c:\documents and settings\Abbey\Local Settings\Application Data\Apple
2014-03-01 20:47 . 2014-03-01 20:47    --------    d-----w-    c:\program files\Apple Software Update
2014-03-01 20:47 . 2014-03-01 20:47    --------    d-----w-    c:\documents and settings\All Users\Application Data\Apple
2014-03-01 20:44 . 2014-03-01 20:44    --------    d-----w-    c:\documents and settings\Abbey\Application Data\Windows Search
2014-03-01 17:59 . 2014-03-01 17:59    --------    d-----w-    c:\windows\Sun
2014-03-01 17:59 . 2014-03-01 17:59    --------    d-----w-    c:\documents and settings\Abbey\Local Settings\Application Data\Sun
2014-03-01 17:58 . 2014-03-01 17:58    --------    d-----w-    c:\program files\Common Files\Java
2014-03-01 17:58 . 2014-03-01 17:58    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2014-03-01 17:58 . 2014-03-01 17:58    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-03-01 17:58 . 2014-03-01 17:58    --------    d-----w-    c:\program files\Java
2014-03-01 17:55 . 2014-03-01 18:00    --------    d-----w-    c:\documents and settings\Abbey\Application Data\HpUpdate
2014-03-01 17:55 . 2014-03-01 17:55    --------    d-----w-    c:\windows\Hewlett-Packard
2014-02-24 18:10 . 2014-02-24 18:11    --------    d-----w-    c:\windows\system32\MRT
2014-02-24 18:03 . 2014-02-24 18:03    --------    d-----w-    c:\program files\CCleaner
2014-02-24 14:49 . 2014-03-02 01:16    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2014-02-24 14:49 . 2014-02-24 14:55    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2014-02-24 14:33 . 2008-04-14 10:41    21504    -c--a-w-    c:\windows\system32\dllcache\hidserv.dll
2014-02-24 14:33 . 2008-04-14 10:41    21504    ----a-w-    c:\windows\system32\hidserv.dll
2014-02-24 14:33 . 2001-08-17 18:48    12160    -c--a-w-    c:\windows\system32\dllcache\mouhid.sys
2014-02-24 14:33 . 2001-08-17 18:48    12160    ----a-w-    c:\windows\system32\drivers\mouhid.sys
2014-02-24 14:33 . 2008-04-14 05:15    10368    -c--a-w-    c:\windows\system32\dllcache\hidusb.sys
2014-02-24 14:33 . 2008-04-14 05:15    10368    ----a-w-    c:\windows\system32\drivers\hidusb.sys
2014-02-11 16:54 . 2014-02-11 16:58    --------    d-----w-    c:\documents and settings\Abbey\Local Settings\Application Data\Google
2014-02-11 16:54 . 2014-02-11 16:58    --------    d-----w-    c:\program files\Google
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-24 14:55 . 2013-12-17 19:14    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-24 14:55 . 2013-12-17 19:14    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-02-05 23:26 . 2008-04-14 12:00    920064    ----a-w-    c:\windows\system32\wininet.dll
2014-02-05 23:26 . 2008-04-14 12:00    43520    ------w-    c:\windows\system32\licmgr10.dll
2014-02-05 23:26 . 2008-04-14 12:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2014-02-05 23:26 . 2008-04-14 12:00    18944    ------w-    c:\windows\system32\corpol.dll
2014-02-05 22:24 . 2008-04-14 12:00    385024    ------w-    c:\windows\system32\html.iec
2014-01-19 07:32 . 2013-10-25 14:27    231584    ------w-    c:\windows\system32\MpSigStub.exe
2014-01-17 21:24 . 2014-01-17 21:24    94208    ----a-w-    c:\windows\system32\QuickTimeVR.qtx
2014-01-17 21:24 . 2014-01-17 21:24    69632    ----a-w-    c:\windows\system32\QuickTime.qts
2014-01-04 03:13 . 2008-04-14 12:00    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-12-05 11:26 . 2008-04-14 12:00    1172992    ----a-w-    c:\windows\system32\msxml3.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-07-20 1044480]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-04 61440]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2010-06-03 211840]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-03-10 506936]
"AccelerometerSysTrayApplet"="c:\windows\System32\accelerometerST.exe" [2009-01-22 82488]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HPCam_Menu"="c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-11-08 4956176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-12-11 604776]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe  /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"=c:\program files\iTunes\iTunesHelper.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [9/2/2013 10:28 AM 147768]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/2/2013 10:28 AM 222520]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/8/2013 10:12 PM 27448]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 10:14 AM 24064]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [9/25/2013 8:57 PM 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [9/2/2013 10:28 AM 209176]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/10/2013 10:11 PM 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/2/2013 10:39 AM 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [8/1/2013 4:08 PM 193848]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [11/11/2013 10:02 PM 3478544]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [9/24/2013 1:33 AM 348008]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [10/23/2013 6:16 PM 227896]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 14:59    1150280    ----a-w-    c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-17 14:55]
.
2014-03-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2014-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-11 16:54]
.
2014-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-11 16:54]
.
2014-03-04 c:\windows\Tasks\User_Feed_Synchronization-{5BE72BA5-ED0D-4D34-8936-CB3EA350C56B}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 72.240.13.7 72.240.13.6 156.154.70.43
FF - ProfilePath - c:\documents and settings\Abbey\Application Data\Mozilla\Firefox\Profiles\ibfqm66s.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-hpqSRMon - (no file)
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-04 10:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3848)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2014-03-04  10:09:25
ComboFix-quarantined-files.txt  2014-03-04 15:09
.
Pre-Run: 460,151,754,752 bytes free
Post-Run: 460,343,271,424 bytes free
.
- - End Of File - - D243C2DDD6468C0A6892888177A92070
8F558EB6672622401DA993E1E865C861
 



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 AM

Posted 04 March 2014 - 12:12 PM


Hello trainreth

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

NoMBR::
 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 trainreth

trainreth
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:20 AM

Posted 04 March 2014 - 01:18 PM

Hello again! I followed the instructions and have pasted the most recent log below. I did notice that the computer has gone from running 7 programs to running 2 programs (something it tells me at the login screen after the PC times out) with everything closed, which seems like a good thing. I haven't attempted uninstalling the SmartPCFix program since starting the malware removal process, so I'm unsure if I am still blocked from uninstalling it.

 

ComboFix 14-03-04.03 - Abbey 03/04/2014  12:49:41.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3066.2321 [GMT -5:00]
Running from: c:\documents and settings\Abbey\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Abbey\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-04 to 2014-03-04  )))))))))))))))))))))))))))))))
.
.
2014-03-04 00:10 . 2014-03-04 00:10    --------    d-----w-    c:\windows\ERUNT
2014-03-03 14:13 . 2014-03-03 14:14    --------    d-----w-    C:\FRST
2014-03-02 14:24 . 2014-03-02 14:24    --------    d-----w-    c:\program files\Runtime Software
2014-03-02 01:00 . 2014-03-04 00:03    --------    d-----w-    C:\AdwCleaner
2014-03-01 20:48 . 2014-03-01 20:48    --------    d-----w-    c:\program files\QuickTime
2014-03-01 20:47 . 2014-03-01 20:47    --------    d-----w-    c:\program files\Common Files\Apple
2014-03-01 20:47 . 2014-03-01 20:47    --------    d-----w-    c:\documents and settings\Abbey\Local Settings\Application Data\Apple
2014-03-01 20:47 . 2014-03-01 20:47    --------    d-----w-    c:\program files\Apple Software Update
2014-03-01 20:47 . 2014-03-01 20:47    --------    d-----w-    c:\documents and settings\All Users\Application Data\Apple
2014-03-01 20:44 . 2014-03-01 20:44    --------    d-----w-    c:\documents and settings\Abbey\Application Data\Windows Search
2014-03-01 17:59 . 2014-03-01 17:59    --------    d-----w-    c:\windows\Sun
2014-03-01 17:59 . 2014-03-01 17:59    --------    d-----w-    c:\documents and settings\Abbey\Local Settings\Application Data\Sun
2014-03-01 17:58 . 2014-03-01 17:58    --------    d-----w-    c:\program files\Common Files\Java
2014-03-01 17:58 . 2014-03-01 17:58    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2014-03-01 17:58 . 2014-03-01 17:58    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-03-01 17:58 . 2014-03-01 17:58    --------    d-----w-    c:\program files\Java
2014-03-01 17:55 . 2014-03-01 18:00    --------    d-----w-    c:\documents and settings\Abbey\Application Data\HpUpdate
2014-03-01 17:55 . 2014-03-01 17:55    --------    d-----w-    c:\windows\Hewlett-Packard
2014-02-24 18:10 . 2014-02-24 18:11    --------    d-----w-    c:\windows\system32\MRT
2014-02-24 18:03 . 2014-02-24 18:03    --------    d-----w-    c:\program files\CCleaner
2014-02-24 14:49 . 2014-03-02 01:16    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2014-02-24 14:49 . 2014-02-24 14:55    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2014-02-24 14:33 . 2008-04-14 10:41    21504    -c--a-w-    c:\windows\system32\dllcache\hidserv.dll
2014-02-24 14:33 . 2008-04-14 10:41    21504    ----a-w-    c:\windows\system32\hidserv.dll
2014-02-24 14:33 . 2001-08-17 18:48    12160    -c--a-w-    c:\windows\system32\dllcache\mouhid.sys
2014-02-24 14:33 . 2001-08-17 18:48    12160    ----a-w-    c:\windows\system32\drivers\mouhid.sys
2014-02-24 14:33 . 2008-04-14 05:15    10368    -c--a-w-    c:\windows\system32\dllcache\hidusb.sys
2014-02-24 14:33 . 2008-04-14 05:15    10368    ----a-w-    c:\windows\system32\drivers\hidusb.sys
2014-02-11 16:54 . 2014-02-11 16:58    --------    d-----w-    c:\documents and settings\Abbey\Local Settings\Application Data\Google
2014-02-11 16:54 . 2014-02-11 16:58    --------    d-----w-    c:\program files\Google
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-24 14:55 . 2013-12-17 19:14    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-24 14:55 . 2013-12-17 19:14    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-02-05 23:26 . 2008-04-14 12:00    920064    ----a-w-    c:\windows\system32\wininet.dll
2014-02-05 23:26 . 2008-04-14 12:00    43520    ------w-    c:\windows\system32\licmgr10.dll
2014-02-05 23:26 . 2008-04-14 12:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2014-02-05 23:26 . 2008-04-14 12:00    18944    ------w-    c:\windows\system32\corpol.dll
2014-02-05 22:24 . 2008-04-14 12:00    385024    ------w-    c:\windows\system32\html.iec
2014-01-19 07:32 . 2013-10-25 14:27    231584    ------w-    c:\windows\system32\MpSigStub.exe
2014-01-17 21:24 . 2014-01-17 21:24    94208    ----a-w-    c:\windows\system32\QuickTimeVR.qtx
2014-01-17 21:24 . 2014-01-17 21:24    69632    ----a-w-    c:\windows\system32\QuickTime.qts
2014-01-04 03:13 . 2008-04-14 12:00    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-12-05 11:26 . 2008-04-14 12:00    1172992    ----a-w-    c:\windows\system32\msxml3.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-07-20 1044480]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-04 61440]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2010-06-03 211840]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-03-10 506936]
"AccelerometerSysTrayApplet"="c:\windows\System32\accelerometerST.exe" [2009-01-22 82488]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HPCam_Menu"="c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-11-08 4956176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-12-11 604776]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe  /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"=c:\program files\iTunes\iTunesHelper.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [9/2/2013 10:28 AM 147768]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/2/2013 10:28 AM 222520]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/8/2013 10:12 PM 27448]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 10:14 AM 24064]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [9/25/2013 8:57 PM 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [9/2/2013 10:28 AM 209176]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/10/2013 10:11 PM 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/2/2013 10:39 AM 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [8/1/2013 4:08 PM 193848]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [11/11/2013 10:02 PM 3478544]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [9/24/2013 1:33 AM 348008]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [10/23/2013 6:16 PM 227896]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 14:59    1150280    ----a-w-    c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-17 14:55]
.
2014-03-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2014-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-11 16:54]
.
2014-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-11 16:54]
.
2014-03-04 c:\windows\Tasks\User_Feed_Synchronization-{5BE72BA5-ED0D-4D34-8936-CB3EA350C56B}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 72.240.13.7 72.240.13.6 156.154.70.43
FF - ProfilePath - c:\documents and settings\Abbey\Application Data\Mozilla\Firefox\Profiles\ibfqm66s.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-04 12:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1032)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2014-03-04  12:53:57
ComboFix-quarantined-files.txt  2014-03-04 17:53
ComboFix2.txt  2014-03-04 15:09
.
Pre-Run: 460,351,668,224 bytes free
Post-Run: 460,337,917,952 bytes free
.
- - End Of File - - 7123E4C8C6A33B52E898B2B5FB9D00B3
8F558EB6672622401DA993E1E865C861
 



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 AM

Posted 04 March 2014 - 05:00 PM


Hello trainreth

I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 trainreth

trainreth
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:20 AM

Posted 04 March 2014 - 05:37 PM

Okies. Here's the extra report:

32 Bit HP CIO Components Installer
4660_4680_Help
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Apple Application Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
AVG 2014
BPD_HPSU
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocMgr
DocProc
DocProcQFolder
DriveImage XML (Private Edition)
eSupportQFolder
Fax
Google Chrome
Google Update Helper
GPBaseService
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB969238)
HP 3D DriveGuard
HP Customer Participation Program 10.0
HP Document Manager 1.0
HP ESU for Microsoft Windows XP
HP Imaging Device Functions 10.0
HP Integrated Module with Bluetooth wireless technology
HP Officejet All-In-One Series
HP Photosmart Essential 2.5
HP Quick Launch Buttons
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HP Webcam
HP Webcam Driver
HP Wireless Assistant
HPProductAssistant
HPSSupply
iPod for Windows 2005-02-22
iTunes
J4680
Java 7 Update 51
Java Auto Updater
MarketResearch
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders  (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OCR Software by I.R.I.S. 10.0
ProductContext
PSSWCORE
QLBCASL
QuickTime 7
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB2862772)
Security Update for Windows Internet Explorer 7 (KB2879017)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Shop for HP Supplies
Skins
SmartPCFix 3.09
SmartWebPrintingOC
SolutionCenter
SoundMAX
Spybot - Search & Destroy
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2808679)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
VideoToolkit01
Visual Studio 2012 x86 Redistributables
WebFldrs XP
WebReg
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
 



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 AM

Posted 04 March 2014 - 07:57 PM



Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. default settings are fine
    • Click Run Cleaner.
    • Close CCleaner.
Run Malwarebytes

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 trainreth

trainreth
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:20 AM

Posted 04 March 2014 - 09:52 PM

Okies, I've run all three programs and the two logs are below. The computer seems to be running ok so far. I am amazed that you can figure out what is going on amongst all of these lines of information - it seems like a lot to sort through!! Thank you so much for taking the time to help me out :)

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.04.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Abbey :: ABBEY-AF25A432A [administrator]

3/4/2014 9:34:51 PM
mbam-log-2014-03-04 (21-34-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208196
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Abbey\My Documents\Downloads\ZipExtractorSetup.exe (PUP.Optional.Jumpyapps) -> Quarantined and deleted successfully.

(end)
 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:47:05 PM, on 3/4/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\System32\accelerometerST.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Abbey\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [snp2uvc] rundll32.exe C:\WINDOWS\system32\csnp2uvc.dll,ResetCIDS
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] c:\WINDOWS\System32\accelerometerST.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files\Hewlett-Packard\HP Webcam" UpdateWithCreateOnce "Software\CyberLink\HP Webcam\1.0"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1382658258578
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 8735 bytes
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users