Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A mess of issues continues, will it ever be over?


  • Please log in to reply
45 replies to this topic

#1 revclyburn

revclyburn

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 02 December 2012 - 08:51 AM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.9.2
Run by Rev. Evans at 8:41:39 on 2012-12-02
#Option MBR scan is disabled.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=presario&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - <orphaned>
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - <orphaned>
BHO: DealCabby: {0B4A07CF-45EB-4B10-B6BB-35568A2F89BE} - c:\documents and settings\rev. evans\local settings\application data\dealcabby\ie\dealcabby_20121029030001.dll
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} -
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: CNavExtBho Class: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} -
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Zoom Downloader: {E5C66DD8-308B-4a4f-AF0A-3D04F25B5343} -
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QlbCtrl] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2AC8DF53-482E-4BBE-8ED6-D8B50C06A018} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: SysTray - <orphaned>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rev. evans\application data\mozilla\firefox\profiles\6xfb52qk.default\
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\rev. evans\application data\mozilla\firefox\profiles\6xfb52qk.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: c:\documents and settings\rev. evans\application data\mozilla\firefox\profiles\6xfb52qk.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: c:\documents and settings\rev. evans\application data\mozilla\firefox\profiles\6xfb52qk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\free ride games\npExentCtl.dll
FF - plugin: c:\program files\free ride games\npGameTreatWidget.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-11-09 23:35; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - ExtSQL: 2012-11-13 14:24; wrc@avast.com; c:\program files\alwil software\avast5\webrep\FF
FF - ExtSQL: 2012-11-16 18:22; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\documents and settings\rev. evans\application data\mozilla\firefox\profiles\6xfb52qk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - ExtSQL: 2012-11-16 19:11; {ab91efd4-6975-4081-8552-1b3922ed79e2}; c:\documents and settings\rev. evans\application data\mozilla\firefox\profiles\6xfb52qk.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
.
============= SERVICES / DRIVERS ===============
.
R? avast! Antivirus;avast! Antivirus
R? MBAMSwissArmy;MBAMSwissArmy
S? aswFsBlk;aswFsBlk
S? aswSnx;aswSnx
S? aswSP;aswSP
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSHX;AVGIDSHX
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avglogx;AVG Logging Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgwd;AVG WatchDog
S? McrdSvc;Media Center Extender Service
S? X4HSEx_Pr143;X4HSEx_Pr143
.
=============== File Associations ===============
.
FileExt: .reg: regfile=c:\windows\system32\NOTEPAD.EXE %1 [default=edit]
.
=============== Created Last 30 ================
.
2012-11-30 23:54:46 89088 ----a-w- C:\mbr.exe
2012-11-28 22:20:49 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-11-28 22:20:49 -------- d-----w- c:\documents and settings\rev. evans\application data\Malwarebytes
2012-11-28 22:20:36 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-11-28 22:20:33 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-28 22:20:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-28 20:55:42 -------- d-----w- C:\Malwarebytes
2012-11-28 03:48:53 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\QuickPlay
2012-11-20 04:22:12 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\dealcabby
2012-11-20 03:48:28 -------- d-----w- c:\program files\Kaspersky Security Scan
2012-11-20 03:47:22 -------- d-----w- c:\program files\WinZip System Utilities Suite
2012-11-20 03:39:33 -------- d-----w- c:\documents and settings\rev. evans\application data\WinZip
2012-11-19 21:47:28 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\jZip
2012-11-19 21:46:42 -------- d-----w- c:\program files\jZip
2012-11-19 04:55:07 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\WinZip
2012-11-19 03:31:06 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\Identities
2012-11-18 23:45:10 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-18 23:45:10 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-18 01:13:47 13894 ----a-w- c:\windows\system32\dllcache\zonelibm.dll
2012-11-18 01:13:46 29760 ----a-w- c:\windows\system32\dllcache\znetm.dll
2012-11-18 01:13:46 113222 ----a-w- c:\windows\system32\dllcache\zoneclim.dll
2012-11-18 01:13:45 4677 ----a-w- c:\windows\system32\dllcache\zeeverm.dll
2012-11-18 01:13:45 41029 ----a-w- c:\windows\system32\dllcache\zcorem.dll
2012-11-18 01:13:45 36937 ----a-w- c:\windows\system32\dllcache\zclientm.exe
2012-11-18 01:13:44 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-11-18 01:13:40 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-11-18 01:13:36 17408 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-11-18 01:13:31 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-11-18 01:13:26 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-11-18 01:12:57 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2012-11-18 01:12:51 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-11-18 01:12:48 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-11-18 01:12:44 19328 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2012-11-18 01:12:42 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-11-18 01:12:40 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2012-11-18 01:12:33 221184 ----a-w- c:\windows\system32\dllcache\wmpns.dll
2012-11-18 01:12:18 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2012-11-18 01:12:13 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2012-11-18 01:12:01 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2012-11-18 01:10:59 48256 ----a-w- c:\windows\system32\dllcache\w32.dll
2012-11-18 01:09:57 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2012-11-18 01:08:54 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2012-11-18 01:07:58 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll
2012-11-18 01:06:56 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2012-11-18 01:05:57 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2012-11-18 01:04:55 7168 ----a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2012-11-18 01:03:59 29184 ----a-w- c:\windows\system32\dllcache\sm8cw.dll
2012-11-18 01:02:46 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-11-18 01:02:43 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2012-11-18 01:02:39 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2012-11-18 01:02:35 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2012-11-18 01:02:31 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2012-11-18 01:02:20 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2012-11-18 01:02:17 17664 ----a-w- c:\windows\system32\dllcache\sermouse.sys
2012-11-18 01:02:15 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2012-11-18 01:02:15 221696 ----a-w- c:\windows\system32\dllcache\seo.dll
2012-11-18 01:02:09 6912 ----a-w- c:\windows\system32\dllcache\seaddsmc.sys
2012-11-18 01:02:04 10880 ----a-w- c:\windows\system32\dllcache\scsiscan.sys
2012-11-18 01:02:00 11648 ----a-w- c:\windows\system32\dllcache\scsiprnt.sys
2012-11-18 01:00:57 41216 ----a-w- c:\windows\system32\dllcache\s3mt3d.sys
2012-11-18 00:59:59 4096 ----a-w- c:\windows\system32\dllcache\rpcref.dll
2012-11-18 00:58:56 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys
2012-11-18 00:58:56 16384 ----a-w- c:\windows\system32\dllcache\quser.exe
2012-11-18 00:58:54 9728 ----a-w- c:\windows\system32\dllcache\query.exe
2012-11-18 00:58:41 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys
2012-11-18 00:58:34 7680 ----a-w- c:\windows\system32\dllcache\pwsdata.dll
2012-11-18 00:58:29 130942 ----a-w- c:\windows\system32\dllcache\ptserlv.sys
2012-11-18 00:58:25 112574 ----a-w- c:\windows\system32\dllcache\ptserlp.sys
2012-11-18 00:58:18 128286 ----a-w- c:\windows\system32\dllcache\ptserli.sys
2012-11-18 00:58:17 159232 ----a-w- c:\windows\system32\dllcache\ptpusd.dll
2012-11-18 00:58:14 5632 ----a-w- c:\windows\system32\dllcache\ptpusb.dll
2012-11-18 00:58:06 35328 ----a-w- c:\windows\system32\dllcache\psisload.dll
2012-11-18 00:56:57 16384 ----a-w- c:\windows\system32\dllcache\philcam1.dll
2012-11-18 00:55:56 41984 ----a-w- c:\windows\system32\dllcache\ovui2rc.dll
2012-11-18 00:54:55 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys
2012-11-18 00:54:33 1897408 ----a-w- c:\windows\system32\dllcache\nv4_mini.sys
2012-11-18 00:54:32 4274816 ----a-w- c:\windows\system32\dllcache\nv4_disp.dll
2012-11-18 00:54:28 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2012-11-18 00:54:23 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2012-11-18 00:54:13 180360 ----a-w- c:\windows\system32\dllcache\ntmtlfax.sys
2012-11-18 00:53:49 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2012-11-18 00:53:48 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2012-11-18 00:53:39 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2012-11-18 00:53:34 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2012-11-18 00:53:31 44544 ----a-w- c:\windows\system32\dllcache\nsepm.dll
2012-11-18 00:53:29 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2012-11-18 00:53:27 226816 ----a-w- c:\windows\system32\dllcache\npdrmv2.dll
2012-11-18 00:53:15 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2012-11-18 00:53:11 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2012-11-18 00:53:04 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2012-11-18 00:53:03 53248 ----a-w- c:\windows\system32\dllcache\nextlink.dll
2012-11-18 00:53:00 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2012-11-18 00:52:42 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys
2012-11-18 00:52:35 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys
2012-11-18 00:52:31 60480 ----a-w- c:\windows\system32\dllcache\neo20xx.dll
2012-11-18 00:52:28 15872 ----a-w- c:\windows\system32\dllcache\ne2000.sys
2012-11-18 00:52:24 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2012-11-18 00:52:17 85376 ----a-w- c:\windows\system32\dllcache\nabtsfec.sys
2012-11-18 00:52:13 91488 ----a-w- c:\windows\system32\dllcache\n9i3disp.dll
2012-11-18 00:52:10 27936 ----a-w- c:\windows\system32\dllcache\n9i3d.sys
2012-11-18 00:52:06 33088 ----a-w- c:\windows\system32\dllcache\n9i128v2.sys
2012-11-18 00:52:02 59104 ----a-w- c:\windows\system32\dllcache\n9i128v2.dll
2012-11-18 00:50:51 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2012-11-18 00:50:49 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2012-11-18 00:50:38 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2012-11-18 00:50:19 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-11-18 00:50:16 40960 ----a-w- c:\windows\system32\dllcache\msiregmv.exe
2012-11-18 00:50:14 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2012-11-18 00:50:12 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2012-11-18 00:49:57 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2012-11-18 00:49:52 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2012-11-18 00:49:50 51328 ----a-w- c:\windows\system32\dllcache\msdv.sys
2012-11-18 00:49:19 15360 ----a-w- c:\windows\system32\dllcache\mpe.sys
2012-11-18 00:49:09 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-11-18 00:47:58 58368 ----a-w- c:\windows\system32\dllcache\m3091dc.dll
2012-11-18 00:46:57 33792 ----a-w- c:\windows\system32\dllcache\lmmib2.dll
2012-11-18 00:45:56 7168 ----a-w- c:\windows\system32\dllcache\kbdibm02.dll
2012-11-18 00:44:57 23552 ----a-w- c:\windows\system32\dllcache\irmk7.sys
2012-11-18 00:43:59 311359 ----a-w- c:\windows\system32\dllcache\imepadsv.exe
2012-11-18 00:42:57 141056 ----a-w- c:\windows\system32\dllcache\icam3.sys
2012-11-18 00:41:56 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys
2012-11-18 00:40:58 32768 ----a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2012-11-18 00:39:59 36864 ----a-w- c:\windows\system32\dllcache\hanjadic.dll
2012-11-18 00:38:54 442240 ----a-w- c:\windows\system32\dllcache\fpnpbase.sys
2012-11-18 00:37:59 45568 ----a-w- c:\windows\system32\dllcache\esunib.dll
2012-11-18 00:36:55 19996 ----a-w- c:\windows\system32\dllcache\em556n4.sys
2012-11-18 00:35:56 28062 ----a-w- c:\windows\system32\dllcache\dp83820.sys
2012-11-18 00:34:59 65622 ----a-w- c:\windows\system32\dllcache\digiasyn.dll
2012-11-18 00:33:59 3072 ----a-w- c:\windows\system32\dllcache\cwbmidi.sys
2012-11-18 00:32:59 14336 ----a-w- c:\windows\system32\dllcache\chgusr.exe
2012-11-17 21:13:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-11-17 21:13:33 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-11-17 04:47:22 119296 ----a-w- c:\windows\system32\dllcache\camext30.dll
2012-11-17 04:47:19 236032 ----a-w- c:\windows\system32\dllcache\camext20.dll
2012-11-17 04:47:17 74240 ----a-w- c:\windows\system32\dllcache\camexo20.dll
2012-11-17 04:47:15 171264 ----a-w- c:\windows\system32\dllcache\camdrv30.sys
2012-11-17 04:47:14 223232 ----a-w- c:\windows\system32\dllcache\camdrv21.sys
2012-11-17 04:47:13 314752 ----a-w- c:\windows\system32\dllcache\camdro21.sys
2012-11-17 04:47:07 6656 ----a-w- c:\windows\system32\dllcache\c_is2022.dll
2012-11-17 04:47:06 218112 ----a-w- c:\windows\system32\dllcache\c_g18030.dll
2012-11-17 04:45:59 2944 ----a-w- c:\windows\system32\dllcache\brfilt.sys
2012-11-17 04:44:52 23552 ----a-w- c:\windows\system32\dllcache\atixbar.sys
2012-11-17 04:43:59 56623 ----a-w- c:\windows\system32\dllcache\ati1btxx.sys
2012-11-17 04:42:59 6144 ----a-w- c:\windows\system32\dllcache\admxprox.dll
2012-11-17 04:41:58 4639 ----a-w- c:\windows\system32\dllcache\mplayer2.exe
2012-11-17 04:41:44 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2012-11-17 04:41:34 32827 ----a-w- c:\windows\system32\dllcache\tcptest.exe
2012-11-17 04:41:34 16384 ----a-w- c:\windows\system32\dllcache\tcptsat.dll
2012-11-17 04:41:32 8192 ----a-w- c:\windows\system32\dllcache\staxmem.dll
2012-11-17 04:41:31 2134528 ----a-w- c:\windows\system32\dllcache\smtpsnap.dll
2012-11-17 04:41:30 189440 ----a-w- c:\windows\system32\dllcache\smtpadm.dll
2012-11-17 04:41:29 20536 ----a-w- c:\windows\system32\dllcache\shtml.dll
2012-11-17 04:41:29 16437 ----a-w- c:\windows\system32\dllcache\shtml.exe
2012-11-17 04:41:19 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-11-16 23:26:53 -------- d-----w- c:\program files\ESET
2012-11-16 23:22:48 -------- d-----w- c:\documents and settings\rev. evans\application data\QuickScan
2012-11-16 22:06:29 -------- d-----w- c:\windows\pss
2012-11-16 22:06:19 158208 ----a-w- c:\windows\system32\msconfig.exe
2012-11-16 20:51:09 -------- d-----w- c:\documents and settings\all users\application data\Alwil Software
2012-11-13 19:20:30 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-13 19:19:44 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-11-13 18:33:53 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2012-11-13 17:20:04 -------- d-----w- c:\program files\msn gaming zone
2012-11-13 16:46:14 -------- d-----w- c:\windows\system32\CatRoot_bak
2012-11-13 16:03:47 -------- d-----w- c:\documents and settings\rev. evans\application data\Nico Mak Computing
2012-11-13 16:03:16 17224 ----a-w- c:\windows\system32\roboot.exe
2012-11-13 15:50:52 -------- d-----w- c:\documents and settings\rev. evans\application data\DriverCure
2012-11-13 15:50:51 -------- d-----w- c:\documents and settings\rev. evans\application data\PC Utility Kit
2012-11-13 15:49:58 -------- d-----w- c:\documents and settings\all users\application data\PC Utility Kit
2012-11-13 13:22:33 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-11-13 13:22:33 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2012-11-13 13:22:33 -------- dc----w- c:\windows\ie8
2012-11-12 17:55:53 -------- d-----w- C:\c409a21d9461da821dd6b38ec4
2012-11-12 17:47:31 -------- d-----w- c:\documents and settings\rev. evans\application data\AVG2013
2012-11-12 17:42:46 -------- d-----w- c:\documents and settings\rev. evans\application data\TuneUp Software
2012-11-12 17:42:19 -------- d-----w- c:\documents and settings\all users\application data\AVG2013
2012-11-12 17:42:19 -------- d-----w- C:\$AVG
2012-11-12 17:41:49 -------- d-----w- c:\program files\AVG
2012-11-12 16:24:11 -------- d-----w- c:\documents and settings\all users\application data\Common Files
2012-11-12 16:24:10 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\MFAData
2012-11-12 16:24:10 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\Avg2013
2012-11-12 16:24:10 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-11-12 16:15:00 41224 ----a-w- c:\windows\avastSS.scr
2012-11-12 14:48:17 940544 ----a-w- c:\documents and settings\rev. evans\local settings\application data\log4cxx.dll
2012-11-12 14:48:17 196608 ----a-w- c:\documents and settings\rev. evans\local settings\application data\common_functions.dll
2012-11-12 14:34:21 -------- d-----w- c:\windows\system32\LogFiles
2012-11-10 05:48:11 -------- d-----w- C:\Remote Programs
2012-11-10 05:48:07 1132448 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-11-10 05:48:07 -------- d-----w- c:\documents and settings\all users\application data\Free Ride Games
2012-11-10 05:48:03 57824 ------w- c:\windows\ExentInfo.exe
2012-11-10 05:48:01 -------- d-----w- c:\program files\Free Ride Games
2012-11-10 05:47:41 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\WeatherBug
2012-11-10 05:47:29 -------- d-----w- c:\documents and settings\rev. evans\application data\WeatherBug
2012-11-10 05:47:22 -------- d-----w- c:\program files\AWS
2012-11-10 05:08:12 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-10 05:08:12 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-10 05:08:12 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-10 05:07:58 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-10 04:57:02 -------- d-----w- c:\windows\system32\appmgmt
2012-11-10 04:36:14 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\Real
2012-11-10 04:35:41 -------- d-----w- c:\program files\common files\xing shared
2012-11-10 04:32:24 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\Google
2012-11-10 04:32:23 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\Shopping Sidekick
2012-11-10 04:31:39 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\Zoom_Downloader
2012-11-10 04:31:30 -------- d-----w- c:\program files\Zoom Downloader
2012-11-10 04:31:30 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\DownloadManager
2012-11-10 03:43:23 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-11-10 03:43:23 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2012-11-10 03:11:00 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\Sun
2012-11-09 00:12:35 -------- d-sh--w- c:\documents and settings\rev. evans\PrivacIE
2012-11-09 00:08:38 -------- d-sh--w- c:\documents and settings\rev. evans\IETldCache
2012-11-07 03:41:28 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\Help
2012-11-04 01:00:12 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\Adobe
2012-11-04 00:48:54 -------- d-s---w- c:\documents and settings\rev. evans\Temporary Internet Files
2012-11-04 00:48:54 -------- d-s---w- c:\documents and settings\rev. evans\History
.
==================== Find3M ====================
.
2012-10-22 18:02:46 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-10-15 08:48:52 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-10-02 08:30:38 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-21 08:46:06 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-21 08:46:00 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-09-21 08:45:54 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-09-14 08:05:20 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 8:43:30.35 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:28 PM

Posted 02 December 2012 - 11:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 revclyburn

revclyburn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 05 December 2012 - 08:40 AM

Hello Nasdaq,

pleasure meeting you. I've ran those programs before, here's the link back to the results. Forgot to put it in this post.


link to previous pages

If you want me to run then again, please let me know. I don't want to double post things, can make it a little confusing.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:28 PM

Posted 05 December 2012 - 10:23 AM

I have perused the other topic.

It does not look at malware is the cause.

Please let me know what problem persists and I will see what I can do.

#5 revclyburn

revclyburn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 05 December 2012 - 11:08 AM

Okay some examples of what's wrong are, I still can't run everything. Control panel comes us, but when I go into add/remove, it will not migrate. Can't do anything with users, Malwarebytes still won't run, get run-time error 0 & 440 with that. These are some of the issues I can remember off hand. I'm at work so I can't tell you first hand. I had to reinstall several things/drivers. ran several fix-it-for-me's from Microsoft, get errors when I try to install things like Avast and Avira. I can go into details when I get home.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:28 PM

Posted 05 December 2012 - 02:10 PM

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Posted Image

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Problem with MBAM try this.

Execute these commands from A DOS prompt.

regsvr32 mbamext.dll
regsvr32 ssubtmr6.dll
regsvr32 vbalsgrid6.ocx
regsvr32 zlib.dll


Restart the computer normally.
Try to run MBAM and post the log if you can.
===

Add/Remove Programs - Problem.

This Microsoft article may help restoring it.
Add/Remove Programs tool displays installed programs incorrectly
http://support.microsoft.com/kb/266668/en-us#kb1
===

Please post the logs and let me know what problem persists.

#7 revclyburn

revclyburn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 06 December 2012 - 03:38 PM

Hello Nasdaq,

here's the DDS text result:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.9.2
Run by Rev. Evans at 15:31:02 on 2012-12-06
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=presario&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - <orphaned>
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - <orphaned>
BHO: DealCabby: {0B4A07CF-45EB-4B10-B6BB-35568A2F89BE} - c:\documents and settings\rev. evans\local settings\application data\dealcabby\ie\dealcabby_20121029030001.dll
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} -
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: CNavExtBho Class: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} -
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Zoom Downloader: {E5C66DD8-308B-4a4f-AF0A-3D04F25B5343} -
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QlbCtrl] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2AC8DF53-482E-4BBE-8ED6-D8B50C06A018} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: SysTray - <orphaned>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rev. evans\application data\mozilla\firefox\profiles\6xfb52qk.default\
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\rev. evans\application data\mozilla\firefox\profiles\6xfb52qk.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: c:\documents and settings\rev. evans\application data\mozilla\firefox\profiles\6xfb52qk.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: c:\documents and settings\rev. evans\application data\mozilla\firefox\profiles\6xfb52qk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\free ride games\npExentCtl.dll
FF - plugin: c:\program files\free ride games\npGameTreatWidget.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-11-09 23:35; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - ExtSQL: 2012-11-13 14:24; wrc@avast.com; c:\program files\alwil software\avast5\webrep\FF
FF - ExtSQL: 2012-11-16 18:22; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\documents and settings\rev. evans\application data\mozilla\firefox\profiles\6xfb52qk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - ExtSQL: 2012-11-16 19:11; {ab91efd4-6975-4081-8552-1b3922ed79e2}; c:\documents and settings\rev. evans\application data\mozilla\firefox\profiles\6xfb52qk.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
.
============= SERVICES / DRIVERS ===============
.
R? avast! Antivirus;avast! Antivirus
R? MBAMSwissArmy;MBAMSwissArmy
S? aswFsBlk;aswFsBlk
S? aswSnx;aswSnx
S? aswSP;aswSP
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSHX;AVGIDSHX
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avglogx;AVG Logging Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgwd;AVG WatchDog
S? McrdSvc;Media Center Extender Service
S? X4HSEx_Pr143;X4HSEx_Pr143
.
=============== File Associations ===============
.
FileExt: .reg: regfile=c:\windows\system32\NOTEPAD.EXE %1 [default=edit]
.
=============== Created Last 30 ================
.
2012-11-30 23:54:46 89088 ----a-w- C:\mbr.exe
2012-11-28 22:20:49 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-11-28 22:20:49 -------- d-----w- c:\documents and settings\rev. evans\application data\Malwarebytes
2012-11-28 22:20:36 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-11-28 22:20:33 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-28 22:20:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-28 20:55:42 -------- d-----w- C:\Malwarebytes
2012-11-28 03:48:53 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\QuickPlay
2012-11-20 04:22:12 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\dealcabby
2012-11-20 03:48:28 -------- d-----w- c:\program files\Kaspersky Security Scan
2012-11-20 03:47:22 -------- d-----w- c:\program files\WinZip System Utilities Suite
2012-11-20 03:39:33 -------- d-----w- c:\documents and settings\rev. evans\application data\WinZip
2012-11-19 21:47:28 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\jZip
2012-11-19 21:46:42 -------- d-----w- c:\program files\jZip
2012-11-19 04:55:07 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\WinZip
2012-11-19 03:31:06 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\Identities
2012-11-18 23:45:10 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-18 23:45:10 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-18 01:13:47 13894 ----a-w- c:\windows\system32\dllcache\zonelibm.dll
2012-11-18 01:13:46 29760 ----a-w- c:\windows\system32\dllcache\znetm.dll
2012-11-18 01:13:46 113222 ----a-w- c:\windows\system32\dllcache\zoneclim.dll
2012-11-18 01:13:45 4677 ----a-w- c:\windows\system32\dllcache\zeeverm.dll
2012-11-18 01:13:45 41029 ----a-w- c:\windows\system32\dllcache\zcorem.dll
2012-11-18 01:13:45 36937 ----a-w- c:\windows\system32\dllcache\zclientm.exe
2012-11-18 01:13:44 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-11-18 01:13:40 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-11-18 01:13:36 17408 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-11-18 01:13:31 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-11-18 01:13:26 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-11-18 01:12:57 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2012-11-18 01:12:51 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-11-18 01:12:48 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-11-18 01:12:44 19328 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2012-11-18 01:12:42 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-11-18 01:12:40 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2012-11-18 01:12:33 221184 ----a-w- c:\windows\system32\dllcache\wmpns.dll
2012-11-18 01:12:18 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2012-11-18 01:12:13 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2012-11-18 01:12:01 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2012-11-18 01:10:59 48256 ----a-w- c:\windows\system32\dllcache\w32.dll
2012-11-18 01:09:57 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2012-11-18 01:08:54 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2012-11-18 01:07:58 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll
2012-11-18 01:06:56 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2012-11-18 01:05:57 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2012-11-18 01:04:55 7168 ----a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2012-11-18 01:03:59 29184 ----a-w- c:\windows\system32\dllcache\sm8cw.dll
2012-11-18 01:02:46 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-11-18 01:02:43 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2012-11-18 01:02:39 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2012-11-18 01:02:35 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2012-11-18 01:02:31 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2012-11-18 01:02:20 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2012-11-18 01:02:17 17664 ----a-w- c:\windows\system32\dllcache\sermouse.sys
2012-11-18 01:02:15 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2012-11-18 01:02:15 221696 ----a-w- c:\windows\system32\dllcache\seo.dll
2012-11-18 01:02:09 6912 ----a-w- c:\windows\system32\dllcache\seaddsmc.sys
2012-11-18 01:02:04 10880 ----a-w- c:\windows\system32\dllcache\scsiscan.sys
2012-11-18 01:02:00 11648 ----a-w- c:\windows\system32\dllcache\scsiprnt.sys
2012-11-18 01:00:57 41216 ----a-w- c:\windows\system32\dllcache\s3mt3d.sys
2012-11-18 00:59:59 4096 ----a-w- c:\windows\system32\dllcache\rpcref.dll
2012-11-18 00:58:56 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys
2012-11-18 00:58:56 16384 ----a-w- c:\windows\system32\dllcache\quser.exe
2012-11-18 00:58:54 9728 ----a-w- c:\windows\system32\dllcache\query.exe
2012-11-18 00:58:41 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys
2012-11-18 00:58:34 7680 ----a-w- c:\windows\system32\dllcache\pwsdata.dll
2012-11-18 00:58:29 130942 ----a-w- c:\windows\system32\dllcache\ptserlv.sys
2012-11-18 00:58:25 112574 ----a-w- c:\windows\system32\dllcache\ptserlp.sys
2012-11-18 00:58:18 128286 ----a-w- c:\windows\system32\dllcache\ptserli.sys
2012-11-18 00:58:17 159232 ----a-w- c:\windows\system32\dllcache\ptpusd.dll
2012-11-18 00:58:14 5632 ----a-w- c:\windows\system32\dllcache\ptpusb.dll
2012-11-18 00:58:06 35328 ----a-w- c:\windows\system32\dllcache\psisload.dll
2012-11-18 00:56:57 16384 ----a-w- c:\windows\system32\dllcache\philcam1.dll
2012-11-18 00:55:56 41984 ----a-w- c:\windows\system32\dllcache\ovui2rc.dll
2012-11-18 00:54:55 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys
2012-11-18 00:54:33 1897408 ----a-w- c:\windows\system32\dllcache\nv4_mini.sys
2012-11-18 00:54:32 4274816 ----a-w- c:\windows\system32\dllcache\nv4_disp.dll
2012-11-18 00:54:28 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2012-11-18 00:54:23 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2012-11-18 00:54:13 180360 ----a-w- c:\windows\system32\dllcache\ntmtlfax.sys
2012-11-18 00:53:49 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2012-11-18 00:53:48 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2012-11-18 00:53:39 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2012-11-18 00:53:34 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2012-11-18 00:53:31 44544 ----a-w- c:\windows\system32\dllcache\nsepm.dll
2012-11-18 00:53:29 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2012-11-18 00:53:27 226816 ----a-w- c:\windows\system32\dllcache\npdrmv2.dll
2012-11-18 00:53:15 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2012-11-18 00:53:11 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2012-11-18 00:53:04 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2012-11-18 00:53:03 53248 ----a-w- c:\windows\system32\dllcache\nextlink.dll
2012-11-18 00:53:00 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2012-11-18 00:52:42 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys
2012-11-18 00:52:35 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys
2012-11-18 00:52:31 60480 ----a-w- c:\windows\system32\dllcache\neo20xx.dll
2012-11-18 00:52:28 15872 ----a-w- c:\windows\system32\dllcache\ne2000.sys
2012-11-18 00:52:24 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2012-11-18 00:52:17 85376 ----a-w- c:\windows\system32\dllcache\nabtsfec.sys
2012-11-18 00:52:13 91488 ----a-w- c:\windows\system32\dllcache\n9i3disp.dll
2012-11-18 00:52:10 27936 ----a-w- c:\windows\system32\dllcache\n9i3d.sys
2012-11-18 00:52:06 33088 ----a-w- c:\windows\system32\dllcache\n9i128v2.sys
2012-11-18 00:52:02 59104 ----a-w- c:\windows\system32\dllcache\n9i128v2.dll
2012-11-18 00:50:51 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2012-11-18 00:50:49 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2012-11-18 00:50:38 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2012-11-18 00:50:19 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-11-18 00:50:16 40960 ----a-w- c:\windows\system32\dllcache\msiregmv.exe
2012-11-18 00:50:14 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2012-11-18 00:50:12 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2012-11-18 00:49:57 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2012-11-18 00:49:52 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2012-11-18 00:49:50 51328 ----a-w- c:\windows\system32\dllcache\msdv.sys
2012-11-18 00:49:19 15360 ----a-w- c:\windows\system32\dllcache\mpe.sys
2012-11-18 00:49:09 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-11-18 00:47:58 58368 ----a-w- c:\windows\system32\dllcache\m3091dc.dll
2012-11-18 00:46:57 33792 ----a-w- c:\windows\system32\dllcache\lmmib2.dll
2012-11-18 00:45:56 7168 ----a-w- c:\windows\system32\dllcache\kbdibm02.dll
2012-11-18 00:44:57 23552 ----a-w- c:\windows\system32\dllcache\irmk7.sys
2012-11-18 00:43:59 311359 ----a-w- c:\windows\system32\dllcache\imepadsv.exe
2012-11-18 00:42:57 141056 ----a-w- c:\windows\system32\dllcache\icam3.sys
2012-11-18 00:41:56 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys
2012-11-18 00:40:58 32768 ----a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2012-11-18 00:39:59 36864 ----a-w- c:\windows\system32\dllcache\hanjadic.dll
2012-11-18 00:38:54 442240 ----a-w- c:\windows\system32\dllcache\fpnpbase.sys
2012-11-18 00:37:59 45568 ----a-w- c:\windows\system32\dllcache\esunib.dll
2012-11-18 00:36:55 19996 ----a-w- c:\windows\system32\dllcache\em556n4.sys
2012-11-18 00:35:56 28062 ----a-w- c:\windows\system32\dllcache\dp83820.sys
2012-11-18 00:34:59 65622 ----a-w- c:\windows\system32\dllcache\digiasyn.dll
2012-11-18 00:33:59 3072 ----a-w- c:\windows\system32\dllcache\cwbmidi.sys
2012-11-18 00:32:59 14336 ----a-w- c:\windows\system32\dllcache\chgusr.exe
2012-11-17 21:13:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-11-17 21:13:33 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-11-17 04:47:22 119296 ----a-w- c:\windows\system32\dllcache\camext30.dll
2012-11-17 04:47:19 236032 ----a-w- c:\windows\system32\dllcache\camext20.dll
2012-11-17 04:47:17 74240 ----a-w- c:\windows\system32\dllcache\camexo20.dll
2012-11-17 04:47:15 171264 ----a-w- c:\windows\system32\dllcache\camdrv30.sys
2012-11-17 04:47:14 223232 ----a-w- c:\windows\system32\dllcache\camdrv21.sys
2012-11-17 04:47:13 314752 ----a-w- c:\windows\system32\dllcache\camdro21.sys
2012-11-17 04:47:07 6656 ----a-w- c:\windows\system32\dllcache\c_is2022.dll
2012-11-17 04:47:06 218112 ----a-w- c:\windows\system32\dllcache\c_g18030.dll
2012-11-17 04:45:59 2944 ----a-w- c:\windows\system32\dllcache\brfilt.sys
2012-11-17 04:44:52 23552 ----a-w- c:\windows\system32\dllcache\atixbar.sys
2012-11-17 04:43:59 56623 ----a-w- c:\windows\system32\dllcache\ati1btxx.sys
2012-11-17 04:42:59 6144 ----a-w- c:\windows\system32\dllcache\admxprox.dll
2012-11-17 04:41:58 4639 ----a-w- c:\windows\system32\dllcache\mplayer2.exe
2012-11-17 04:41:44 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2012-11-17 04:41:34 32827 ----a-w- c:\windows\system32\dllcache\tcptest.exe
2012-11-17 04:41:34 16384 ----a-w- c:\windows\system32\dllcache\tcptsat.dll
2012-11-17 04:41:32 8192 ----a-w- c:\windows\system32\dllcache\staxmem.dll
2012-11-17 04:41:31 2134528 ----a-w- c:\windows\system32\dllcache\smtpsnap.dll
2012-11-17 04:41:30 189440 ----a-w- c:\windows\system32\dllcache\smtpadm.dll
2012-11-17 04:41:29 20536 ----a-w- c:\windows\system32\dllcache\shtml.dll
2012-11-17 04:41:29 16437 ----a-w- c:\windows\system32\dllcache\shtml.exe
2012-11-17 04:41:19 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-11-16 23:26:53 -------- d-----w- c:\program files\ESET
2012-11-16 23:22:48 -------- d-----w- c:\documents and settings\rev. evans\application data\QuickScan
2012-11-16 22:06:29 -------- d-----w- c:\windows\pss
2012-11-16 22:06:19 158208 ----a-w- c:\windows\system32\msconfig.exe
2012-11-16 20:51:09 -------- d-----w- c:\documents and settings\all users\application data\Alwil Software
2012-11-13 19:20:30 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-13 19:19:44 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-11-13 18:33:53 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2012-11-13 17:20:04 -------- d-----w- c:\program files\msn gaming zone
2012-11-13 16:46:14 -------- d-----w- c:\windows\system32\CatRoot_bak
2012-11-13 16:03:47 -------- d-----w- c:\documents and settings\rev. evans\application data\Nico Mak Computing
2012-11-13 16:03:16 17224 ----a-w- c:\windows\system32\roboot.exe
2012-11-13 15:50:52 -------- d-----w- c:\documents and settings\rev. evans\application data\DriverCure
2012-11-13 15:50:51 -------- d-----w- c:\documents and settings\rev. evans\application data\PC Utility Kit
2012-11-13 15:49:58 -------- d-----w- c:\documents and settings\all users\application data\PC Utility Kit
2012-11-13 13:22:33 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-11-13 13:22:33 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2012-11-13 13:22:33 -------- dc----w- c:\windows\ie8
2012-11-12 17:55:53 -------- d-----w- C:\c409a21d9461da821dd6b38ec4
2012-11-12 17:47:31 -------- d-----w- c:\documents and settings\rev. evans\application data\AVG2013
2012-11-12 17:42:46 -------- d-----w- c:\documents and settings\rev. evans\application data\TuneUp Software
2012-11-12 17:42:19 -------- d-----w- c:\documents and settings\all users\application data\AVG2013
2012-11-12 17:42:19 -------- d-----w- C:\$AVG
2012-11-12 17:41:49 -------- d-----w- c:\program files\AVG
2012-11-12 16:24:11 -------- d-----w- c:\documents and settings\all users\application data\Common Files
2012-11-12 16:24:10 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\MFAData
2012-11-12 16:24:10 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\Avg2013
2012-11-12 16:24:10 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-11-12 16:15:00 41224 ----a-w- c:\windows\avastSS.scr
2012-11-12 14:48:17 940544 ----a-w- c:\documents and settings\rev. evans\local settings\application data\log4cxx.dll
2012-11-12 14:48:17 196608 ----a-w- c:\documents and settings\rev. evans\local settings\application data\common_functions.dll
2012-11-12 14:34:21 -------- d-----w- c:\windows\system32\LogFiles
2012-11-10 05:48:11 -------- d-----w- C:\Remote Programs
2012-11-10 05:48:07 1132448 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-11-10 05:48:07 -------- d-----w- c:\documents and settings\all users\application data\Free Ride Games
2012-11-10 05:48:03 57824 ------w- c:\windows\ExentInfo.exe
2012-11-10 05:48:01 -------- d-----w- c:\program files\Free Ride Games
2012-11-10 05:47:41 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\WeatherBug
2012-11-10 05:47:29 -------- d-----w- c:\documents and settings\rev. evans\application data\WeatherBug
2012-11-10 05:47:22 -------- d-----w- c:\program files\AWS
2012-11-10 05:08:12 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-10 05:08:12 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-10 05:08:12 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-10 05:07:58 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-10 04:57:02 -------- d-----w- c:\windows\system32\appmgmt
2012-11-10 04:36:14 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\Real
2012-11-10 04:35:41 -------- d-----w- c:\program files\common files\xing shared
2012-11-10 04:32:24 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\Google
2012-11-10 04:32:23 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\Shopping Sidekick
2012-11-10 04:31:39 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\Zoom_Downloader
2012-11-10 04:31:30 -------- d-----w- c:\program files\Zoom Downloader
2012-11-10 04:31:30 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\DownloadManager
2012-11-10 03:43:23 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-11-10 03:43:23 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2012-11-10 03:11:00 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\Sun
2012-11-09 00:12:35 -------- d-sh--w- c:\documents and settings\rev. evans\PrivacIE
2012-11-09 00:08:38 -------- d-sh--w- c:\documents and settings\rev. evans\IETldCache
2012-11-07 03:41:28 -------- d-----w- c:\documents and settings\rev. evans\local settings\application data\Help
.
==================== Find3M ====================
.
2012-10-22 18:02:46 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-10-15 08:48:52 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-10-02 08:30:38 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-21 08:46:06 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-21 08:46:00 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-09-21 08:45:54 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-09-14 08:05:20 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
c:\windows\system32\drivers\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x804EDF3C] -> \Device\Harddisk0\DR0[0x82BAD618]
3 CLASSPNP[0xF855605B] -> ntkrnlpa!IofCallDriver[0x804EDF3C] -> \Device\00000083[0x82B98970]
5 ACPI[0xF83CC620] -> ntkrnlpa!IofCallDriver[0x804EDF3C] -> \Device\Ide\IAAStorageDevice-0[0x82BD0030]
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x7a; }
user != kernel MBR !!!
.
============= FINISH: 15:36:11.33 ===============

#8 revclyburn

revclyburn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 06 December 2012 - 04:08 PM

Here's the Combofix text file:

ComboFix 12-12-04.01 - Rev. Evans 12/06/2012 15:50:41.1.1 - x86
Running from: c:\documents and settings\Rev. Evans\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\bootstrap.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\defaults\preferences\prefs.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\harness-options.json
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\icon.png
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\icon64.png
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\install.rdf
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\locale\en-GB.json
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\locale\eo.json
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\locale\fr-FR.json
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\locales.json
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\addon-kit\lib\page-mod.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\addon-kit\lib\request.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\addon-kit\lib\windows.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\data\content-proxy.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\data\test-content-symbiont.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\data\test-message-manager.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\data\test-trusted-document.html
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\data\worker.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\api-utils.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\base.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\byte-streams.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\channel.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\collection.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content\loader.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content\symbiont.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content\worker.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\cortex.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\cuddlefish.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\dom\events.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\environment.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\errors.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\event\core.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\event\target.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\events.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\events\assembler.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\file.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\functional.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\globals!.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\hidden-frame.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\light-traits.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\list.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\match-pattern.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\memory.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\message-manager.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\namespace.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\observer-service.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\plain-text-console.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\preferences-service.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\process.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\querystring.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\runtime.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\sandbox.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\self!.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\system.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\events.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\observer.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\tab.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\utils.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\text-streams.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\timer.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\traceback.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\traits.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\traits\core.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\unload.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\url.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\data.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\object.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\registry.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\thumbnail.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\uuid.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\window-utils.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\window\utils.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\dom.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\loader.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\observer.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\tabs.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\xhr.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\xpcom.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\api-utils\lib\xul-app.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\dealcabby\lib\main.js
c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\dealcabby@jetpack\resources\dealcabby\lib\main.js.old
c:\documents and settings\Rev. Evans\Local Settings\Application Data\common_functions.dll
c:\documents and settings\Rev. Evans\Local Settings\Application Data\dealcabby
c:\documents and settings\Rev. Evans\Local Settings\Application Data\dealcabby\ie\dealcabby_20121029030001.dll
c:\documents and settings\Rev. Evans\Local Settings\Application Data\dealcabby\license.txt
c:\documents and settings\Rev. Evans\Local Settings\Application Data\dealcabby\sqlite3.exe
c:\documents and settings\Rev. Evans\Local Settings\Application Data\dealcabby\uninst.exe
c:\documents and settings\Rev. Evans\Local Settings\Application Data\ie_runner_app.exe
c:\program files\Java\jre7\bin\ssv.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-11-06 to 2012-12-06 )))))))))))))))))))))))))))))))
.
.
2012-11-30 23:54 . 2012-11-30 23:54 89088 ----a-w- C:\mbr.exe
2012-11-29 23:08 . 2012-11-29 23:08 -------- d-----w- c:\windows\Sun
2012-11-28 22:20 . 2012-11-29 23:01 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-11-28 22:20 . 2012-11-28 22:20 -------- d-----w- c:\documents and settings\Rev. Evans\Application Data\Malwarebytes
2012-11-28 22:20 . 2012-11-28 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-11-28 22:20 . 2012-11-28 22:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-28 22:20 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-28 20:55 . 2012-11-28 20:55 -------- d-----w- C:\Malwarebytes
2012-11-28 03:48 . 2012-11-28 03:48 -------- d-----w- c:\documents and settings\Rev. Evans\Local Settings\Application Data\QuickPlay
2012-11-20 04:46 . 2012-11-28 03:48 -------- d-----w- c:\documents and settings\Rev. Evans\Application Data\HP
2012-11-20 04:33 . 2012-11-20 04:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Netscape
2012-11-20 04:28 . 2012-11-20 04:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2012-11-20 03:48 . 2012-11-20 03:48 -------- d-----w- c:\program files\Kaspersky Security Scan
2012-11-20 03:47 . 2012-11-20 03:47 -------- d-----w- c:\program files\WinZip System Utilities Suite
2012-11-20 03:39 . 2012-11-20 03:39 -------- d-----w- c:\documents and settings\Rev. Evans\Application Data\WinZip
2012-11-19 21:47 . 2012-11-19 21:48 -------- d-----w- c:\documents and settings\Rev. Evans\Local Settings\Application Data\jZip
2012-11-19 21:46 . 2012-11-19 21:47 -------- d-----w- c:\program files\jZip
2012-11-19 19:32 . 2006-03-16 04:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2012-11-19 19:29 . 2012-11-19 19:31 -------- d-----w- c:\windows\system32\drivers\UMDF
2012-11-19 04:55 . 2012-11-19 04:55 -------- d-----w- c:\documents and settings\Rev. Evans\Local Settings\Application Data\WinZip
2012-11-19 04:51 . 2012-11-19 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2012-11-19 03:31 . 2012-11-19 03:31 -------- d-----w- c:\documents and settings\Rev. Evans\Local Settings\Application Data\Identities
2012-11-18 23:45 . 2012-11-18 23:45 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-18 23:45 . 2012-11-18 23:45 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-18 01:13 . 2006-03-15 20:00 13894 ----a-w- c:\windows\system32\dllcache\zonelibm.dll
2012-11-18 01:13 . 2006-03-15 20:00 29760 ----a-w- c:\windows\system32\dllcache\znetm.dll
2012-11-18 01:13 . 2006-03-15 20:00 113222 ----a-w- c:\windows\system32\dllcache\zoneclim.dll
2012-11-18 01:13 . 2006-03-15 20:00 4677 ----a-w- c:\windows\system32\dllcache\zeeverm.dll
2012-11-18 01:13 . 2006-03-15 20:00 41029 ----a-w- c:\windows\system32\dllcache\zcorem.dll
2012-11-18 01:13 . 2006-03-15 20:00 36937 ----a-w- c:\windows\system32\dllcache\zclientm.exe
2012-11-18 01:13 . 2004-08-04 05:56 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-11-18 01:13 . 2001-08-18 03:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-11-18 01:13 . 2001-08-18 03:36 17408 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-11-18 01:13 . 2001-08-18 03:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-11-18 01:13 . 2001-08-18 03:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-11-18 01:12 . 2001-08-18 03:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2012-11-18 01:12 . 2001-08-17 17:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-11-18 01:12 . 2004-08-04 03:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-11-18 01:12 . 2004-08-04 04:10 19328 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2012-11-18 01:12 . 2004-08-04 03:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-11-18 01:12 . 2004-08-04 05:56 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2012-11-18 01:12 . 2006-03-15 20:00 221184 ----a-w- c:\windows\system32\dllcache\wmpns.dll
2012-11-18 01:12 . 2004-08-04 03:31 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2012-11-18 01:12 . 2001-08-17 17:12 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2012-11-18 01:12 . 2001-08-17 18:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2012-11-18 01:10 . 2006-03-15 20:00 48256 ----a-w- c:\windows\system32\dllcache\w32.dll
2012-11-18 01:09 . 2001-08-17 18:28 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2012-11-18 01:08 . 2001-08-18 03:36 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2012-11-18 01:07 . 2001-08-18 03:36 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll
2012-11-18 01:06 . 2001-08-17 17:50 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2012-11-18 01:05 . 2006-03-15 20:00 16896 ----a-w- c:\windows\system32\dllcache\status.dll
2012-11-18 01:04 . 2001-08-18 03:36 7168 ----a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2012-11-18 01:03 . 2006-03-15 20:00 29184 ----a-w- c:\windows\system32\dllcache\sm8cw.dll
2012-11-18 01:02 . 2001-07-21 19:29 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-11-18 01:02 . 2001-07-21 19:29 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2012-11-18 01:02 . 2001-08-17 17:51 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2012-11-18 01:02 . 2001-08-18 03:36 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2012-11-18 01:02 . 2001-08-17 17:19 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2012-11-18 01:02 . 2001-08-17 18:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2012-11-18 01:02 . 2001-08-17 18:48 17664 ----a-w- c:\windows\system32\dllcache\sermouse.sys
2012-11-18 01:02 . 2006-03-15 20:00 221696 ----a-w- c:\windows\system32\dllcache\seo.dll
2012-11-18 01:02 . 2001-08-18 03:36 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2012-11-18 01:02 . 2001-08-17 18:53 6912 ----a-w- c:\windows\system32\dllcache\seaddsmc.sys
2012-11-18 01:02 . 2001-08-17 18:53 10880 ----a-w- c:\windows\system32\dllcache\scsiscan.sys
2012-11-18 01:02 . 2001-08-17 18:52 11648 ----a-w- c:\windows\system32\dllcache\scsiprnt.sys
2012-11-18 01:00 . 2001-08-17 17:50 41216 ----a-w- c:\windows\system32\dllcache\s3mt3d.sys
2012-11-18 00:59 . 2006-03-15 20:00 4096 ----a-w- c:\windows\system32\dllcache\rpcref.dll
2012-11-18 00:58 . 2006-03-15 20:00 16384 ----a-w- c:\windows\system32\dllcache\quser.exe
2012-11-18 00:58 . 2001-08-17 18:53 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys
2012-11-18 00:58 . 2006-03-15 20:00 9728 ----a-w- c:\windows\system32\dllcache\query.exe
2012-11-18 00:58 . 2004-08-04 04:00 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys
2012-11-18 00:58 . 2006-03-15 20:00 7680 ----a-w- c:\windows\system32\dllcache\pwsdata.dll
2012-11-18 00:58 . 2001-08-17 18:28 130942 ----a-w- c:\windows\system32\dllcache\ptserlv.sys
2012-11-18 00:58 . 2001-08-17 18:28 112574 ----a-w- c:\windows\system32\dllcache\ptserlp.sys
2012-11-18 00:58 . 2001-08-17 18:28 128286 ----a-w- c:\windows\system32\dllcache\ptserli.sys
2012-11-18 00:58 . 2004-08-04 05:56 159232 ----a-w- c:\windows\system32\dllcache\ptpusd.dll
2012-11-18 00:58 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\dllcache\ptpusb.dll
2012-11-18 00:58 . 2001-08-18 03:36 35328 ----a-w- c:\windows\system32\dllcache\psisload.dll
2012-11-18 00:56 . 2001-08-18 03:36 16384 ----a-w- c:\windows\system32\dllcache\philcam1.dll
2012-11-18 00:55 . 2001-08-18 03:36 41984 ----a-w- c:\windows\system32\dllcache\ovui2rc.dll
2012-11-18 00:54 . 2001-08-17 17:20 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys
2012-11-18 00:54 . 2004-08-04 03:29 1897408 ----a-w- c:\windows\system32\dllcache\nv4_mini.sys
2012-11-18 00:54 . 2004-08-04 05:56 4274816 ----a-w- c:\windows\system32\dllcache\nv4_disp.dll
2012-11-18 00:54 . 2001-08-17 17:50 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2012-11-18 00:54 . 2001-08-18 03:36 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2012-11-18 00:54 . 2004-08-04 03:41 180360 ----a-w- c:\windows\system32\dllcache\ntmtlfax.sys
2012-11-18 00:53 . 2001-08-17 17:49 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2012-11-18 00:53 . 2001-08-18 03:36 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2012-11-18 00:53 . 2001-08-17 18:47 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2012-11-18 00:53 . 2001-08-17 18:53 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2012-11-18 00:53 . 2006-03-15 20:00 44544 ----a-w- c:\windows\system32\dllcache\nsepm.dll
2012-11-18 00:53 . 2004-08-04 04:00 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2012-11-18 00:53 . 2006-03-15 20:00 226816 ----a-w- c:\windows\system32\dllcache\npdrmv2.dll
2012-11-18 00:53 . 2001-08-17 17:20 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2012-11-18 00:53 . 2001-08-17 17:20 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2012-11-18 00:53 . 2001-08-17 17:12 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2012-11-18 00:53 . 2006-03-15 20:00 53248 ----a-w- c:\windows\system32\dllcache\nextlink.dll
2012-11-18 00:53 . 2004-08-04 03:31 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2012-11-18 00:52 . 2001-08-17 17:11 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys
2012-11-18 00:52 . 2001-08-17 17:50 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys
2012-11-18 00:52 . 2001-08-18 03:36 60480 ----a-w- c:\windows\system32\dllcache\neo20xx.dll
2012-11-18 00:52 . 2001-08-17 18:49 15872 ----a-w- c:\windows\system32\dllcache\ne2000.sys
2012-11-18 00:52 . 2004-08-04 04:10 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2012-11-18 00:52 . 2004-08-04 04:10 85376 ----a-w- c:\windows\system32\dllcache\nabtsfec.sys
2012-11-18 00:52 . 2001-08-17 19:56 91488 ----a-w- c:\windows\system32\dllcache\n9i3disp.dll
2012-11-18 00:52 . 2001-08-17 17:50 27936 ----a-w- c:\windows\system32\dllcache\n9i3d.sys
2012-11-18 00:52 . 2001-08-17 17:50 33088 ----a-w- c:\windows\system32\dllcache\n9i128v2.sys
2012-11-18 00:52 . 2001-08-18 03:36 59104 ----a-w- c:\windows\system32\dllcache\n9i128v2.dll
2012-11-18 00:50 . 2004-08-04 03:58 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2012-11-18 00:50 . 2004-08-04 04:10 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2012-11-18 00:50 . 2001-08-17 18:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2012-11-18 00:50 . 2001-08-17 19:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-11-18 00:50 . 2006-03-15 20:00 40960 ----a-w- c:\windows\system32\dllcache\msiregmv.exe
2012-11-18 00:50 . 2004-08-04 04:00 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2012-11-18 00:50 . 2006-03-15 20:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2012-11-18 00:49 . 2001-08-17 19:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2012-11-18 00:49 . 2001-08-17 18:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2012-11-18 00:49 . 2004-08-04 04:10 51328 ----a-w- c:\windows\system32\dllcache\msdv.sys
2012-11-18 00:49 . 2004-08-04 04:10 15360 ----a-w- c:\windows\system32\dllcache\mpe.sys
2012-11-18 00:49 . 2001-08-17 18:57 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-11-18 00:47 . 2001-08-18 03:36 58368 ----a-w- c:\windows\system32\dllcache\m3091dc.dll
2012-11-18 00:46 . 2006-03-15 20:00 33792 ----a-w- c:\windows\system32\dllcache\lmmib2.dll
2012-11-18 00:45 . 2006-03-15 20:00 7168 ----a-w- c:\windows\system32\dllcache\kbdibm02.dll
2012-11-18 00:44 . 2001-08-17 18:49 23552 ----a-w- c:\windows\system32\dllcache\irmk7.sys
2012-11-18 00:43 . 2006-03-15 20:00 311359 ----a-w- c:\windows\system32\dllcache\imepadsv.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 18:02 . 2012-10-22 18:02 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-10-15 08:48 . 2012-10-15 08:48 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-10-05 08:32 . 2012-10-05 08:32 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-10-02 08:30 . 2012-10-02 08:30 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-21 08:46 . 2012-09-21 08:46 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-21 08:46 . 2012-09-21 08:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-09-21 08:45 . 2012-09-21 08:45 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-09-14 08:05 . 2012-09-14 08:05 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-10-24 17:50 . 2012-11-12 16:13 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-11-10 296096]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2012-08-23 4866520]
.
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-5-9 73728]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
2012-10-30 22:50 4297136 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 04:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Exetender]
2012-08-23 19:00 4866520 ----a-w- c:\program files\Free Ride Games\GPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
2012-11-20 03:07 1187840 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
"Vongo Service"=2 (0x2)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"AddFiltr"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 X4HSEx_Pr143;X4HSEx_Pr143;c:\program files\Free Ride Games\X4HSEx_Pr143.Sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-16 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-11-16 17:55]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-10 04:34]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-10 04:34]
.
2012-11-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3965165618-3468387693-2989560106-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2012-11-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3965165618-3468387693-2989560106-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\
FF - ExtSQL: 2012-11-09 23:35; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - ExtSQL: 2012-11-13 14:24; wrc@avast.com; c:\program files\Alwil Software\Avast5\WebRep\FF
FF - ExtSQL: 2012-11-16 18:22; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - ExtSQL: 2012-11-16 19:11; {ab91efd4-6975-4081-8552-1b3922ed79e2}; c:\documents and settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
.
.
------- File Associations -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0B4A07CF-45EB-4B10-B6BB-35568A2F89BE} - c:\documents and settings\Rev. Evans\Local Settings\Application Data\dealcabby\ie\dealcabby_20121029030001.dll
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\Rev. Evans\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
MSConfigStartUp-SpeetItUpFree - c:\program files\SpeedItup Free\speeditupfree.exe
AddRemove-DealCabby - c:\documents and settings\Rev. Evans\Local Settings\Application Data\dealcabby\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-06 15:59
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????Y??????`?@?????L?@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
Completion time: 2012-12-06 16:02:37
ComboFix-quarantined-files.txt 2012-12-06 21:02
.
Pre-Run: 67,653,165,056 bytes free
Post-Run: 67,857,408,000 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C1246BBA91AE36D8D99F1C76106D3915

#9 revclyburn

revclyburn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 06 December 2012 - 04:42 PM

No good on the add/remove fix or the malwarebytes fix. On the latter, could not find those files e.i. resver32 mbamext.dll, seems to not exist.
And I can't do a search on this computer either. I can click on it but nothing happens

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:28 PM

Posted 07 December 2012 - 09:08 AM

Lets have a look at your Master Boot Record with this tool.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===

Edited:

You also have an open topic here:
http://forums.malwarebytes.org/index.php?showtopic=119161

Malware fighter helpers are very few and when you use these resources others have to wait to be served.
Please inform malwarebytes that you are being served here and that the topic be closed. If you want them to continue let me know and I will close this topic.
nasdaq

Edited by nasdaq, 07 December 2012 - 02:16 PM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:28 PM

Posted 13 December 2012 - 09:37 AM

Are you still with me?

#12 revclyburn

revclyburn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 13 December 2012 - 11:20 AM

Hello Nasdaq,

yes I'm still here, waiting on someone to help or somehow come up with a solution myself. I'm about to give him his laptop back, as is, he needs it. And whenever his need isn't so great, I will get the laptop back. But I know me, I'll get busy with another computer, Ipod, Ipad, Iphone, kids toy, pew, organ, lol. You get my drift, lol. And I'll never get back to this situation. So, let me fix it now, if it can be fixed.

SOOOOOOO what's up Nasdaq?

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:28 PM

Posted 13 December 2012 - 02:07 PM

When you can run this tool.

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#14 revclyburn

revclyburn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 13 December 2012 - 10:23 PM

Okay

I tried to run OTL but it failed. Said unable to locate component - the application failed to start because framedyn.dll was not found. I would try and search for it, but search doesn't work, lol.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:28 PM

Posted 14 December 2012 - 09:53 AM

Navigate to this Microsoft page.

"Application has failed to start because framedyn.dll was not found"
http://support.microsoft.com/kb/319114

Execute the Fix it for me button.

Restart the computer normally and try to run the OTL tool.

===

If that fails, let see if the tool can work to find the file.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    framedyn.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users