Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pragmaevmkphpdrp virus found cannot get rid of it


  • This topic is locked This topic is locked
9 replies to this topic

#1 abachran

abachran

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 16 July 2013 - 08:26 PM

I am cleaning up my buddies pc that was majorly infected and I have gotten rid of all of the other viruses but cannot seem to get this one to remove.
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Larry at 11:37:56 on 2013-07-07
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1246 [GMT -4:00]
.
AV: Defense Center *Enabled/Outdated* {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HPZ12
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uProxyServer = localhost:21320
uProxyOverride = <local>
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: {811FB681-61C2-4442-9C96-9F164F619ED7} - <orphaned>
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ALOT Toolbar: {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} -
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: Fast Browser Search: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} -
TB: AIM Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} - c:\program files\aim toolbar\aimtb.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: ALOT Toolbar: {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} -
TB: MSN Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [DellAutomatedPCTuneUp] "c:\program files\dellautomatedpctuneup\PTAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [EPSON Stylus CX5400] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB002" /M "Stylus CX5400"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
StartupFolder: c:\docume~1\larry\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9BA9AE56-8DFC-4994-AEA9-68BEAD35A6FA} - hxxp://www.myfacelol.com/_downloads/cab/v2/MyFaceLOL.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://games.pogo.com/online2/pogo/bejeweled2/popcaploader_v6.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{3C41DD48-1A3E-4D8B-8E1A-82D64459D3CC} : DHCPNameServer = 192.168.1.254
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-22 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-22 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-6-22 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-6-22 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-6-22 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-22 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-6-22 46808]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-22 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-6-22 701512]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-6-22 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-6-22 1033688]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-12 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-22 22856]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-6-22 171928]
.
=============== File Associations ===============
.
ShellExec: EasyShare.exe: Preview="c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe"
.
=============== Created Last 30 ================
.
2013-06-29 09:20:58 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2013-06-29 09:20:58 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2013-06-29 09:20:01 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2013-06-29 09:19:17 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2013-06-29 09:18:59 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2013-06-29 09:17:46 105472 ------w- c:\windows\system32\dllcache\mup.sys
2013-06-29 09:17:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2013-06-29 09:17:32 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
2013-06-29 09:16:00 536576 ------w- c:\windows\system32\dllcache\msado15.dll
2013-06-29 09:15:35 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys
2013-06-29 09:14:44 522240 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2013-06-29 09:14:01 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2013-06-29 09:13:58 3072 ------w- c:\windows\system32\iacenc.dll
2013-06-29 09:13:58 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2013-06-29 09:11:27 45568 ------w- c:\windows\system32\dllcache\wab.exe
2013-06-29 03:52:39 -------- d-----w- C:\TDSSKiller_Quarantine
2013-06-24 01:16:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-24 01:16:35 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-23 16:26:20 134144 ----a-w- c:\windows\system32\REGEDIT.com
2013-06-23 02:49:31 262144 ----a-w- c:\program files\Uninstall Ask Toolbar.dll
2013-06-23 01:58:35 -------- d-----w- c:\documents and settings\larry\application data\Malwarebytes
2013-06-23 01:58:18 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-06-23 01:58:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-23 01:58:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-23 01:03:56 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-06-23 01:03:45 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-06-23 01:03:39 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-06-22 23:02:56 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-22 23:02:56 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-22 23:02:56 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-22 23:02:55 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-06-22 23:02:32 41664 ----a-w- c:\windows\avastSS.scr
2013-06-22 23:02:10 -------- d-----w- c:\program files\AVAST Software
2013-06-22 23:00:55 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-06-22 22:32:33 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-06-22 22:32:33 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
.
==================== Find3M  ====================
.
2013-06-29 04:21:28 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2013-05-07 22:30:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29 385024 ----a-w- c:\windows\system32\html.iec
2013-05-03 01:30:20 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 11:38:53.09 ===============

Attached Files


Edited by Queen-Evie, 16 July 2013 - 09:01 PM.
Moved topic from XP to the appropriate forum. DDS logs are allowed only in Malware Removal Logs


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:36 PM

Posted 17 July 2013 - 08:02 AM

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 abachran

abachran
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 17 July 2013 - 09:43 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-07-2013 02
Ran by Larry (administrator) on 17-07-2013 10:37:02
Running from E:\
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Viewpoint Corporation) C:\Program Files\Viewpoint\Common\ViewpointService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
(Roxio) C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastUI.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
(Gteko Ltd.) C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
() C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Macrovision Corporation) c:\program files\common files\installshield\updateservice\isuspm.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
MountPoints2: {72d98053-ba39-11dc-876c-806d6172696f} - D:\setup.exe
HKU\Administrator\...\Run: [DellAutomatedPCTuneUp] - "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup [ 2007-10-11] (Gteko Ltd.)
HKU\Allison\...\Run: [Aim6] - "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp [ 2009-05-19] (AOL LLC)
HKU\Allison\...\Run: [MSMSGS] - "C:\Program Files\Messenger\msmsgs.exe" /background [ 2008-04-13] (Microsoft Corporation)
HKU\Allison\...\Run: [DellAutomatedPCTuneUp] - "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup [ 2007-10-11] (Gteko Ltd.)
HKU\Default User\...\Run: [DellAutomatedPCTuneUp] - "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup [ 2007-10-11] (Gteko Ltd.)
HKU\Mary\...\Run: [DellAutomatedPCTuneUp] - "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup [ 2007-10-11] (Gteko Ltd.)
HKU\Mary\...\Run: [Aim6] - "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp [ 2009-05-19] (AOL LLC)
HKU\Mary\...\Run: [DellSupportCenter] - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [ 2007-11-15] (SupportSoft, Inc.)
HKU\Mary\...\Run: [83342711632460062153888415657714] - C:\Program Files\Antivirus 2009\av2009.exe [x]
HKU\Mary\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex [x]
HKU\Tina\...\Run: [DellAutomatedPCTuneUp] - "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup [ 2007-10-11] (Gteko Ltd.)
HKU\Tina\...\Run: [Aim6] - "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp [ 2009-05-19] (AOL LLC)
HKU\Tina\...\Run: [SmileboxTray] - "C:\Documents and Settings\Tina\Application Data\Smilebox\SmileboxTray.exe" [x]
HKU\Tina\...\Run: [dbppolym] - C:\Documents and Settings\Tina\Local Settings\Application Data\imxmfltdb\vynsnhmtssd.exe [x]
HKU\Tina\...\Run: [jhvmyjuj] - C:\Documents and Settings\Tina\Local Settings\Application Data\ynelfeuve\vhrqutvtssd.exe [x]
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
ShortcutTarget: KODAK Software Updater.lnk -> C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
Startup: C:\Documents and Settings\Allison\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Larry\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Mary\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: sdnclean.exe

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
URLSearchHook: (No Name) - {811FB681-61C2-4442-9C96-9F164F619ED7} -  No File
SearchScopes: HKLM - DefaultScope {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {072EC374-F780-478A-8D55-EBCEA7A90B41} URL = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
SearchScopes: HKLM - {13F07725-82CA-4627-B736-7E1A8EAB2339} URL = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=TB50TRie7
SearchScopes: HKLM - {51E1E9CA-DADE-4C55-BE2A-E27D78E035C7} URL = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {B8B4364A-35AA-4249-A087-8C3E72A44F31} URL = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {BD3DCF5D-11F2-4D3D-BB8B-F7A9DB25CC3C} URL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {E5DFBAF2-9C84-4EA4-8BBB-B5FA986793FB} URL = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {E6C38C68-7C2F-4F09-BD4C-4D3B3E6854E9} URL = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c
SearchScopes: HKCU - DefaultScope {BD3DCF5D-11F2-4D3D-BB8B-F7A9DB25CC3C} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {072EC374-F780-478A-8D55-EBCEA7A90B41} URL =
SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
SearchScopes: HKCU - {13F07725-82CA-4627-B736-7E1A8EAB2339} URL =
SearchScopes: HKCU - {19F2B849-4ADE-4d4b-85F9-C31C643DBDE9} URL = http://fastbrowsersearch.com/results/results.aspx?q={searchTerms}
SearchScopes: HKCU - {257AC445-D129-4294-BA47-5C2E998A685D} URL = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
SearchScopes: HKCU - {45893659-8D1D-422A-A90E-8E841E2747A1} URL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {51E1E9CA-DADE-4C55-BE2A-E27D78E035C7} URL =
SearchScopes: HKCU - {568C4528-B0E3-4997-8500-14A17CC7C6F0} URL = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {56979524-AC3C-4DC4-9AF8-AB3C53C59847} URL = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {6F75D606-371D-4038-BFFB-23C9D2301546} URL = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {8DED283B-20C9-4710-B344-86FD2CC510FB} URL = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c
SearchScopes: HKCU - {9A0D5515-A39F-4086-B120-3C1603C4047D} URL = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {B8B4364A-35AA-4249-A087-8C3E72A44F31} URL =
SearchScopes: HKCU - {BD3DCF5D-11F2-4D3D-BB8B-F7A9DB25CC3C} URL =
SearchScopes: HKCU - {E5DFBAF2-9C84-4EA4-8BBB-B5FA986793FB} URL =
SearchScopes: HKCU - {E6C38C68-7C2F-4F09-BD4C-4D3B3E6854E9} URL =
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll No File
Toolbar: HKLM - MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM - AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -&Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKCU -Fast Browser Search - {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll No File
Toolbar: HKCU -AIM Toolbar - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
Toolbar: HKCU -No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9BA9AE56-8DFC-4994-AEA9-68BEAD35A6FA} http://www.myfacelol.com/_downloads/cab/v2/MyFaceLOL.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://games.pogo.com/online2/pogo/bejeweled2/popcaploader_v6.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

========================== Services (Whitelisted) =================

R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712 2009-07-09] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 DellAMBrokerService; C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe [76016 2007-10-11] ()
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1838592 2007-12-26] (Google)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [202544 2007-11-15] (SupportSoft, Inc.)
R2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation)
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-27] ()
R2 datunidr; C:\Windows\System32\DRIVERS\datunidr.sys [5376 2007-08-23] (Gteko Ltd.)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2008-10-30] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2008-10-30] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2008-10-30] (HP)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 PTproct; C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys [4736 2006-10-05] (Gteko Ltd.)
S2 MCSTRM; No ImagePath
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-17 10:36 - 2013-07-17 10:36 - 00000000 ____D C:\FRST
2013-07-10 17:07 - 2013-07-10 17:07 - 00011827 _____ C:\WINDOWS\KB2834904.log
2013-07-10 17:07 - 2013-07-10 17:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-07-10 17:05 - 2013-07-10 17:05 - 00009715 _____ C:\WINDOWS\KB2834886.log
2013-07-10 17:05 - 2013-07-10 17:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$
2013-07-10 17:05 - 2013-07-10 17:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-07-10 17:05 - 2013-07-10 17:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-07-10 17:00 - 2013-07-10 17:01 - 00011533 _____ C:\WINDOWS\KB2846071-IE8.log
2013-07-10 08:08 - 2013-07-10 17:05 - 00014801 _____ C:\WINDOWS\KB2850851.log
2013-07-10 08:08 - 2013-07-10 17:05 - 00013892 _____ C:\WINDOWS\KB2845187.log
2013-07-07 11:38 - 2013-07-07 11:38 - 00017988 _____ C:\Documents and Settings\Larry\Desktop\attach.txt
2013-07-07 11:38 - 2013-07-07 11:38 - 00016968 _____ C:\Documents and Settings\Larry\Desktop\dds.txt
2013-06-30 11:52 - 2013-06-30 11:52 - 00039497 _____ C:\WINDOWS\KB2387149.log
2013-06-30 11:52 - 2013-06-30 11:52 - 00036564 _____ C:\WINDOWS\KB2659262.log
2013-06-30 11:52 - 2013-06-30 11:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2712808$
2013-06-30 11:52 - 2013-06-30 11:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2659262$
2013-06-30 11:52 - 2013-06-30 11:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2479943$
2013-06-30 11:52 - 2013-06-30 11:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2387149$
2013-06-30 11:51 - 2013-06-30 11:52 - 00035897 _____ C:\WINDOWS\KB2564958.log
2013-06-30 11:51 - 2013-06-30 11:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2758857$
2013-06-30 11:51 - 2013-06-30 11:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2564958$
2013-06-30 11:51 - 2013-06-30 11:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2544893-v2$
2013-06-30 11:51 - 2013-06-30 11:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2491683$
2013-06-30 11:51 - 2013-06-30 11:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2478971$
2013-06-30 11:50 - 2013-06-30 11:50 - 00037235 _____ C:\WINDOWS\KB2536276-v2.log
2013-06-30 11:50 - 2013-06-30 11:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2631813$
2013-06-30 11:50 - 2013-06-30 11:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2585542$
2013-06-30 11:50 - 2013-06-30 11:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2536276-v2$
2013-06-30 11:50 - 2013-06-30 11:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2345886$
2013-06-30 11:50 - 2013-06-30 11:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2296011$
2013-06-30 11:49 - 2013-06-30 11:50 - 00034256 _____ C:\WINDOWS\KB2296011.log
2013-06-30 11:49 - 2013-06-30 11:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2691442$
2013-06-30 11:49 - 2013-06-30 11:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2115168$
2013-06-30 11:48 - 2013-06-30 11:48 - 00035424 _____ C:\WINDOWS\KB975558.log
2013-06-30 11:48 - 2013-06-30 11:48 - 00034731 _____ C:\WINDOWS\KB2378111.log
2013-06-30 11:48 - 2013-06-30 11:48 - 00032659 _____ C:\WINDOWS\KB2779562.log
2013-06-30 11:48 - 2013-06-30 11:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975558_WM8$
2013-06-30 11:48 - 2013-06-30 11:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2779562$
2013-06-30 11:48 - 2013-06-30 11:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2443105$
2013-06-30 11:48 - 2013-06-30 11:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2378111_WM9$
2013-06-30 11:47 - 2013-06-30 11:47 - 00035838 _____ C:\WINDOWS\KB2229593.log
2013-06-30 11:47 - 2013-06-30 11:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2802968$
2013-06-30 11:47 - 2013-06-30 11:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2655992$
2013-06-30 11:47 - 2013-06-30 11:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2481109$
2013-06-30 11:47 - 2013-06-30 11:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2229593$
2013-06-30 11:46 - 2013-06-30 11:47 - 00035611 _____ C:\WINDOWS\KB2485663.log
2013-06-30 11:46 - 2013-06-30 11:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2485663$
2013-06-30 11:46 - 2013-06-30 11:46 - 00035566 _____ C:\WINDOWS\KB2440591.log
2013-06-30 11:46 - 2013-06-30 11:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2686509$
2013-06-30 11:46 - 2013-06-30 11:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2598479$
2013-06-30 11:46 - 2013-06-30 11:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2440591$
2013-06-30 11:45 - 2013-06-30 11:46 - 00035943 _____ C:\WINDOWS\KB2686509.log
2013-06-30 11:45 - 2013-06-30 11:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB982132$
2013-06-30 11:45 - 2013-06-30 11:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$
2013-06-30 11:45 - 2013-06-30 11:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2507938$
2013-06-30 11:44 - 2013-06-30 11:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979687$
2013-06-30 11:44 - 2013-06-30 11:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2624667$
2013-06-30 11:44 - 2013-06-30 11:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2483185$
2013-06-30 11:44 - 2013-06-30 11:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2347290$
2013-06-30 11:43 - 2013-06-30 11:43 - 00034232 _____ C:\WINDOWS\KB2592799.log
2013-06-30 11:43 - 2013-06-30 11:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2719985$
2013-06-30 11:43 - 2013-06-30 11:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2592799$
2013-06-30 11:42 - 2013-06-30 11:43 - 00034036 _____ C:\WINDOWS\KB2753842-v2.log
2013-06-30 11:42 - 2013-06-30 11:42 - 00034300 _____ C:\WINDOWS\KB2535512.log
2013-06-30 11:42 - 2013-06-30 11:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$
2013-06-30 11:42 - 2013-06-30 11:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2753842-v2$
2013-06-30 11:42 - 2013-06-30 11:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2535512$
2013-06-30 11:41 - 2013-06-30 11:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2839229$
2013-06-30 11:40 - 2013-06-30 11:40 - 00034488 _____ C:\WINDOWS\KB2807986.log
2013-06-30 11:40 - 2013-06-30 11:40 - 00034013 _____ C:\WINDOWS\KB2570947.log
2013-06-30 11:40 - 2013-06-30 11:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$
2013-06-30 11:40 - 2013-06-30 11:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2570947$
2013-06-30 11:36 - 2013-06-30 11:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB981322$
2013-06-30 11:36 - 2013-06-30 11:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$
2013-06-30 11:35 - 2013-06-30 11:35 - 00032858 _____ C:\WINDOWS\KB2603381.log
2013-06-30 11:35 - 2013-06-30 11:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2757638$
2013-06-30 11:35 - 2013-06-30 11:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2603381$
2013-06-30 11:35 - 2013-06-30 11:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2419632$
2013-06-30 11:34 - 2013-06-30 11:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2653956$
2013-06-30 11:34 - 2013-06-30 11:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2508429$
2013-06-30 11:33 - 2013-06-30 11:33 - 00026974 _____ C:\WINDOWS\KB2820197.log
2013-06-30 11:33 - 2013-06-30 11:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820197$
2013-06-30 11:31 - 2013-06-30 11:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2749655$
2013-06-30 11:30 - 2013-06-30 11:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB971029$
2013-06-30 11:29 - 2013-06-30 11:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2506212$
2013-06-30 11:22 - 2013-06-30 11:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2698365$
2013-06-30 11:21 - 2013-06-30 11:22 - 00023812 _____ C:\WINDOWS\KB2698365.log
2013-06-30 11:21 - 2013-06-30 11:21 - 00021661 _____ C:\WINDOWS\KB2723135-v2.log
2013-06-30 11:21 - 2013-06-30 11:21 - 00021105 _____ C:\WINDOWS\KB981997.log
2013-06-30 11:21 - 2013-06-30 11:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB981997$
2013-06-30 11:21 - 2013-06-30 11:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2727528$
2013-06-30 11:21 - 2013-06-30 11:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2723135-v2$
2013-06-30 11:21 - 2013-06-30 11:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2705219-v2$
2013-06-30 11:21 - 2013-06-30 11:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2619339$
2013-06-30 11:20 - 2013-06-30 11:20 - 00020963 _____ C:\WINDOWS\KB2618451.log
2013-06-30 11:20 - 2013-06-30 11:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2661254-v2$
2013-06-30 11:20 - 2013-06-30 11:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2618451$
2013-06-30 11:19 - 2013-06-30 11:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$
2013-06-30 11:19 - 2013-06-30 11:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2676562$
2013-06-30 11:19 - 2013-06-30 11:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2509553$
2013-06-30 11:18 - 2013-06-30 11:18 - 00019605 _____ C:\WINDOWS\KB2838727-IE8.log
2013-06-30 11:18 - 2013-06-30 11:18 - 00015417 _____ C:\WINDOWS\KB2510531-IE8.log
2013-06-30 11:17 - 2013-06-30 11:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB982665$
2013-06-30 11:17 - 2013-06-30 11:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2829361$
2013-06-30 11:17 - 2013-06-30 11:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2478960$
2013-06-30 11:16 - 2013-06-30 11:16 - 00015053 _____ C:\WINDOWS\KB2393802.log
2013-06-30 11:16 - 2013-06-30 11:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2620712$
2013-06-30 11:16 - 2013-06-30 11:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2393802$
2013-06-30 11:15 - 2013-06-30 11:15 - 00012745 _____ C:\WINDOWS\KB2566454.log
2013-06-30 11:15 - 2013-06-30 11:15 - 00012539 _____ C:\WINDOWS\KB2661637.log
2013-06-30 11:15 - 2013-06-30 11:15 - 00012489 _____ C:\WINDOWS\KB2423089.log
2013-06-30 11:15 - 2013-06-30 11:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2661637$
2013-06-30 11:15 - 2013-06-30 11:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2584146$
2013-06-30 11:15 - 2013-06-30 11:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2566454$
2013-06-30 11:15 - 2013-06-30 11:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2423089$
2013-06-30 11:14 - 2013-06-30 11:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2360937$
2013-06-30 11:13 - 2013-06-30 11:15 - 00013232 _____ C:\WINDOWS\KB2360937.log
2013-06-29 05:20 - 2013-06-30 11:52 - 00048688 _____ C:\WINDOWS\KB2712808.log
2013-06-29 05:20 - 2013-06-30 11:52 - 00047946 _____ C:\WINDOWS\KB2479943.log
2013-06-29 05:20 - 2013-06-30 11:51 - 00047458 _____ C:\WINDOWS\KB2478971.log
2013-06-29 05:20 - 2013-06-30 11:51 - 00046762 _____ C:\WINDOWS\KB2758857.log
2013-06-29 05:20 - 2013-06-30 11:51 - 00046389 _____ C:\WINDOWS\KB2345886.log
2013-06-29 05:20 - 2013-06-30 11:51 - 00046352 _____ C:\WINDOWS\KB2491683.log
2013-06-29 05:20 - 2013-06-30 11:51 - 00046199 _____ C:\WINDOWS\KB2544893-v2.log
2013-06-29 05:20 - 2013-06-30 11:50 - 00046395 _____ C:\WINDOWS\KB2585542.log
2013-06-29 05:20 - 2013-06-30 11:50 - 00045173 _____ C:\WINDOWS\KB2631813.log
2013-06-29 05:20 - 2010-09-18 02:53 - 00954368 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mfc40.dll
2013-06-29 05:20 - 2010-09-18 02:53 - 00953856 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mfc40u.dll
2013-06-29 05:20 - 2010-08-23 12:12 - 00617472 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\comctl32.dll
2013-06-29 05:19 - 2013-06-30 11:49 - 00045914 _____ C:\WINDOWS\KB2691442.log
2013-06-29 05:19 - 2013-06-30 11:49 - 00044932 _____ C:\WINDOWS\KB2115168.log
2013-06-29 05:19 - 2013-06-30 11:48 - 00044975 _____ C:\WINDOWS\KB2443105.log
2013-06-29 05:19 - 2013-06-30 11:47 - 00045612 _____ C:\WINDOWS\KB2481109.log
2013-06-29 05:19 - 2013-06-30 11:47 - 00045314 _____ C:\WINDOWS\KB2655992.log
2013-06-29 05:19 - 2013-06-30 11:47 - 00044363 _____ C:\WINDOWS\KB2802968.log
2013-06-29 05:19 - 2013-06-30 11:46 - 00044577 _____ C:\WINDOWS\KB2598479.log
2013-06-29 05:19 - 2010-06-14 10:31 - 00744448 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\helpsvc.exe
2013-06-29 05:18 - 2013-06-30 11:45 - 00043773 _____ C:\WINDOWS\KB2780091.log
2013-06-29 05:18 - 2013-06-30 11:45 - 00043415 _____ C:\WINDOWS\KB2507938.log
2013-06-29 05:18 - 2013-06-30 11:45 - 00043273 _____ C:\WINDOWS\KB982132.log
2013-06-29 05:18 - 2013-06-30 11:44 - 00044175 _____ C:\WINDOWS\KB2483185.log
2013-06-29 05:18 - 2013-06-30 11:44 - 00043967 _____ C:\WINDOWS\KB2624667.log
2013-06-29 05:18 - 2013-06-30 11:44 - 00043566 _____ C:\WINDOWS\KB979687.log
2013-06-29 05:18 - 2013-06-30 11:44 - 00042023 _____ C:\WINDOWS\KB2719985.log
2013-06-29 05:18 - 2010-11-02 11:17 - 00040960 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndproxy.sys
2013-06-29 05:17 - 2013-06-30 11:41 - 00040638 _____ C:\WINDOWS\KB2839229.log
2013-06-29 05:17 - 2013-06-30 11:36 - 00040989 _____ C:\WINDOWS\KB2820917.log
2013-06-29 05:17 - 2013-06-30 11:35 - 00040370 _____ C:\WINDOWS\KB2757638.log
2013-06-29 05:17 - 2013-06-30 11:34 - 00035724 _____ C:\WINDOWS\KB2508429.log
2013-06-29 05:17 - 2013-02-11 20:32 - 00012928 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023x.sys
2013-06-29 05:17 - 2013-02-11 20:32 - 00012928 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023.sys
2013-06-29 05:17 - 2011-04-21 09:37 - 00105472 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mup.sys
2013-06-29 05:16 - 2013-06-30 11:36 - 00041225 _____ C:\WINDOWS\KB981322.log
2013-06-29 05:16 - 2013-06-30 11:35 - 00041592 _____ C:\WINDOWS\KB2419632.log
2013-06-29 05:16 - 2013-06-30 11:34 - 00034895 _____ C:\WINDOWS\KB2653956.log
2013-06-29 05:16 - 2013-06-30 11:31 - 00032744 _____ C:\WINDOWS\KB2749655.log
2013-06-29 05:16 - 2013-06-30 11:30 - 00032245 _____ C:\WINDOWS\KB971029.log
2013-06-29 05:16 - 2013-06-30 11:29 - 00031548 _____ C:\WINDOWS\KB2506212.log
2013-06-29 05:16 - 2012-05-28 14:16 - 00536576 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msado15.dll
2013-06-29 05:15 - 2013-06-30 11:21 - 00029171 _____ C:\WINDOWS\KB2705219-v2.log
2013-06-29 05:15 - 2013-06-30 11:21 - 00028654 _____ C:\WINDOWS\KB2619339.log
2013-06-29 05:15 - 2013-06-30 11:21 - 00027634 _____ C:\WINDOWS\KB2727528.log
2013-06-29 05:15 - 2013-06-30 11:20 - 00028123 _____ C:\WINDOWS\KB2661254-v2.log
2013-06-29 05:15 - 2013-06-30 11:19 - 00028399 _____ C:\WINDOWS\KB2813345.log
2013-06-29 05:15 - 2013-06-30 11:19 - 00027985 _____ C:\WINDOWS\KB2509553.log
2013-06-29 05:15 - 2012-07-04 10:05 - 00139784 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rdpwd.sys
2013-06-29 05:14 - 2013-06-30 11:19 - 00029316 _____ C:\WINDOWS\KB2676562.log
2013-06-29 05:14 - 2013-06-30 11:17 - 00019110 _____ C:\WINDOWS\KB982665.log
2013-06-29 05:14 - 2013-06-30 11:17 - 00018263 _____ C:\WINDOWS\KB2829361.log
2013-06-29 05:14 - 2013-06-30 11:16 - 00018699 _____ C:\WINDOWS\KB2620712.log
2013-06-29 05:14 - 2013-06-07 17:56 - 00522240 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2013-06-29 05:14 - 2011-07-08 10:02 - 00010496 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndistapi.sys
2013-06-29 05:13 - 2012-01-11 15:06 - 00003072 ____N C:\WINDOWS\system32\iacenc.dll
2013-06-29 05:13 - 2012-01-11 15:06 - 00003072 ____N C:\WINDOWS\system32\dllcache\iacenc.dll
2013-06-29 05:11 - 2013-06-30 11:15 - 00018186 _____ C:\WINDOWS\KB2584146.log
2013-06-29 05:11 - 2010-10-11 10:59 - 00045568 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wab.exe
2013-06-28 23:52 - 2013-06-28 23:52 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-28 23:51 - 2013-06-28 23:49 - 00688992 ____R (Swearware) C:\Documents and Settings\Larry\Desktop\dds.com
2013-06-28 23:51 - 2013-06-28 23:48 - 00050477 _____ C:\Documents and Settings\Larry\Desktop\Defogger.exe
2013-06-28 23:51 - 2013-06-28 23:34 - 02237968 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Larry\Desktop\tdsskiller.exe
2013-06-27 18:26 - 2013-06-27 18:26 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum
2013-06-26 13:10 - 2013-06-27 18:26 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2013-06-26 13:10 - 2013-06-27 18:26 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum
2013-06-23 21:16 - 2013-07-17 04:56 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-06-23 21:16 - 2013-06-23 21:16 - 00692104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-06-23 21:16 - 2013-06-23 21:16 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-06-23 12:26 - 2001-08-23 08:00 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\REGEDIT.com
2013-06-23 00:38 - 2013-06-23 13:50 - 00000116 _____ C:\aswBoot.log
2013-06-22 22:49 - 2008-08-01 11:34 - 00262144 _____ (Ask.com) C:\Program Files\Uninstall Ask Toolbar.dll
2013-06-22 22:01 - 2013-07-10 17:22 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2013-06-22 21:58 - 2013-06-22 21:58 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-22 21:58 - 2013-06-22 21:58 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-22 21:58 - 2013-06-22 21:58 - 00000000 ____D C:\Documents and Settings\Larry\Application Data\Malwarebytes
2013-06-22 21:58 - 2013-06-22 21:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-06-22 21:58 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-06-22 21:19 - 2004-08-03 22:58 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sy0
2013-06-22 21:04 - 2013-07-17 10:35 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-06-22 21:04 - 2013-07-16 18:45 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-06-22 21:04 - 2013-06-22 21:04 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-06-22 21:03 - 2013-06-26 12:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2013-06-22 21:03 - 2013-06-22 22:00 - 00065536 _____ C:\WINDOWS\system32\config\Spybot -.evt
2013-06-22 21:03 - 2013-06-22 21:03 - 00001836 _____ C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2013-06-22 21:03 - 2013-06-22 21:03 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-06-22 21:03 - 2009-01-25 13:14 - 00015224 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2013-06-22 19:02 - 2013-07-16 19:02 - 00000362 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-06-22 19:02 - 2013-06-27 18:26 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-06-22 19:02 - 2013-06-27 18:26 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-06-22 19:02 - 2013-06-27 18:26 - 00175176 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-06-22 19:02 - 2013-06-22 19:02 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-06-22 19:02 - 2013-06-22 19:02 - 00000000 ____D C:\Program Files\AVAST Software
2013-06-22 19:02 - 2013-05-09 04:59 - 00066336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-06-22 19:02 - 2013-05-09 04:59 - 00056080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-06-22 19:02 - 2013-05-09 04:59 - 00049760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-06-22 19:02 - 2013-05-09 04:59 - 00049376 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-06-22 19:02 - 2013-05-09 04:59 - 00029816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-06-22 19:02 - 2013-05-09 04:58 - 00229648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-06-22 19:02 - 2013-05-09 04:58 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-06-22 19:00 - 2013-06-22 19:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-06-22 18:32 - 2008-04-13 20:11 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2013-06-22 18:32 - 2008-04-13 20:11 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidserv.dll

==================== One Month Modified Files and Folders =======

2013-07-17 10:36 - 2013-07-17 10:36 - 00000000 ____D C:\FRST
2013-07-17 10:35 - 2013-06-22 21:04 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-07-17 10:35 - 2004-08-10 15:02 - 01301526 _____ C:\WINDOWS\WindowsUpdate.log
2013-07-17 04:56 - 2013-06-23 21:16 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-07-16 19:02 - 2013-06-22 19:02 - 00000362 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-07-16 18:45 - 2013-06-22 21:04 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-07-16 18:45 - 2008-05-21 10:13 - 00000000 ____D C:\MDT
2013-07-10 17:24 - 2004-08-10 14:59 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-07-10 17:24 - 2004-08-10 14:59 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-07-10 17:23 - 2004-08-10 15:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-07-10 17:23 - 2004-08-10 14:57 - 00237552 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-10 17:22 - 2013-06-22 22:01 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2013-07-10 17:22 - 2004-08-10 15:08 - 00032546 _____ C:\WINDOWS\SchedLgU.Txt
2013-07-10 17:07 - 2013-07-10 17:07 - 00011827 _____ C:\WINDOWS\KB2834904.log
2013-07-10 17:07 - 2013-07-10 17:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-07-10 17:07 - 2010-01-13 14:55 - 00210117 _____ C:\WINDOWS\setupapi.log
2013-07-10 17:07 - 2007-12-26 17:50 - 00302862 ____C C:\WINDOWS\updspapi.log
2013-07-10 17:07 - 2004-08-10 14:57 - 01796792 _____ C:\WINDOWS\FaxSetup.log
2013-07-10 17:07 - 2004-08-10 14:57 - 00871015 _____ C:\WINDOWS\ocgen.log
2013-07-10 17:07 - 2004-08-10 14:57 - 00688568 _____ C:\WINDOWS\tsoc.log
2013-07-10 17:07 - 2004-08-10 14:57 - 00593503 _____ C:\WINDOWS\comsetup.log
2013-07-10 17:07 - 2004-08-10 14:57 - 00359595 _____ C:\WINDOWS\ntdtcsetup.log
2013-07-10 17:07 - 2004-08-10 14:57 - 00281498 _____ C:\WINDOWS\iis6.log
2013-07-10 17:07 - 2004-08-10 14:57 - 00097261 _____ C:\WINDOWS\ocmsn.log
2013-07-10 17:07 - 2004-08-10 14:57 - 00089688 _____ C:\WINDOWS\msgsocm.log
2013-07-10 17:07 - 2004-08-10 14:57 - 00001374 _____ C:\WINDOWS\imsins.log
2013-07-10 17:05 - 2013-07-10 17:05 - 00009715 _____ C:\WINDOWS\KB2834886.log
2013-07-10 17:05 - 2013-07-10 17:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$
2013-07-10 17:05 - 2013-07-10 17:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-07-10 17:05 - 2013-07-10 17:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-07-10 17:05 - 2013-07-10 08:08 - 00014801 _____ C:\WINDOWS\KB2850851.log
2013-07-10 17:05 - 2013-07-10 08:08 - 00013892 _____ C:\WINDOWS\KB2845187.log
2013-07-10 17:05 - 2004-08-10 14:57 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-07-10 17:02 - 2008-01-03 17:17 - 75699896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-07-10 17:02 - 2007-12-26 18:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-07-10 17:01 - 2013-07-10 17:00 - 00011533 _____ C:\WINDOWS\KB2846071-IE8.log
2013-07-10 17:01 - 2009-06-08 11:26 - 00000000 ____D C:\WINDOWS\ie8updates
2013-07-10 08:59 - 2008-01-04 00:27 - 00104448 ____C C:\Documents and Settings\Larry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-07 11:38 - 2013-07-07 11:38 - 00017988 _____ C:\Documents and Settings\Larry\Desktop\attach.txt
2013-07-07 11:38 - 2013-07-07 11:38 - 00016968 _____ C:\Documents and Settings\Larry\Desktop\dds.txt
2013-07-07 11:38 - 2008-01-03 16:25 - 00000000 ____D C:\Documents and Settings\Larry\Desktop
2013-06-30 12:11 - 2007-12-26 18:10 - 00063208 ____C C:\WINDOWS\spupdsvc.log
2013-06-30 11:52 - 2013-06-30 11:52 - 00039497 _____ C:\WINDOWS\KB2387149.log
2013-06-30 11:52 - 2013-06-30 11:52 - 00036564 _____ C:\WINDOWS\KB2659262.log
2013-06-30 11:52 - 2013-06-30 11:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2712808$
2013-06-30 11:52 - 2013-06-30 11:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2659262$
2013-06-30 11:52 - 2013-06-30 11:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2479943$
2013-06-30 11:52 - 2013-06-30 11:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2387149$
2013-06-30 11:52 - 2013-06-30 11:51 - 00035897 _____ C:\WINDOWS\KB2564958.log
2013-06-30 11:52 - 2013-06-29 05:20 - 00048688 _____ C:\WINDOWS\KB2712808.log
2013-06-30 11:52 - 2013-06-29 05:20 - 00047946 _____ C:\WINDOWS\KB2479943.log
2013-06-30 11:52 - 2007-12-26 17:50 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2013-06-30 11:51 - 2013-06-30 11:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2758857$
2013-06-30 11:51 - 2013-06-30 11:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2564958$
2013-06-30 11:51 - 2013-06-30 11:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2544893-v2$
2013-06-30 11:51 - 2013-06-30 11:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2491683$
2013-06-30 11:51 - 2013-06-30 11:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2478971$
2013-06-30 11:51 - 2013-06-29 05:20 - 00047458 _____ C:\WINDOWS\KB2478971.log
2013-06-30 11:51 - 2013-06-29 05:20 - 00046762 _____ C:\WINDOWS\KB2758857.log
2013-06-30 11:51 - 2013-06-29 05:20 - 00046389 _____ C:\WINDOWS\KB2345886.log
2013-06-30 11:51 - 2013-06-29 05:20 - 00046352 _____ C:\WINDOWS\KB2491683.log
2013-06-30 11:51 - 2013-06-29 05:20 - 00046199 _____ C:\WINDOWS\KB2544893-v2.log
2013-06-30 11:50 - 2013-06-30 11:50 - 00037235 _____ C:\WINDOWS\KB2536276-v2.log
2013-06-30 11:50 - 2013-06-30 11:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2631813$
2013-06-30 11:50 - 2013-06-30 11:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2585542$
2013-06-30 11:50 - 2013-06-30 11:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2536276-v2$
2013-06-30 11:50 - 2013-06-30 11:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2345886$
2013-06-30 11:50 - 2013-06-30 11:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2296011$
2013-06-30 11:50 - 2013-06-30 11:49 - 00034256 _____ C:\WINDOWS\KB2296011.log
2013-06-30 11:50 - 2013-06-29 05:20 - 00046395 _____ C:\WINDOWS\KB2585542.log
2013-06-30 11:50 - 2013-06-29 05:20 - 00045173 _____ C:\WINDOWS\KB2631813.log
2013-06-30 11:49 - 2013-06-30 11:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2691442$
2013-06-30 11:49 - 2013-06-30 11:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2115168$
2013-06-30 11:49 - 2013-06-29 05:19 - 00045914 _____ C:\WINDOWS\KB2691442.log
2013-06-30 11:49 - 2013-06-29 05:19 - 00044932 _____ C:\WINDOWS\KB2115168.log
2013-06-30 11:48 - 2013-06-30 11:48 - 00035424 _____ C:\WINDOWS\KB975558.log
2013-06-30 11:48 - 2013-06-30 11:48 - 00034731 _____ C:\WINDOWS\KB2378111.log
2013-06-30 11:48 - 2013-06-30 11:48 - 00032659 _____ C:\WINDOWS\KB2779562.log
2013-06-30 11:48 - 2013-06-30 11:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975558_WM8$
2013-06-30 11:48 - 2013-06-30 11:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2779562$
2013-06-30 11:48 - 2013-06-30 11:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2443105$
2013-06-30 11:48 - 2013-06-30 11:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2378111_WM9$
2013-06-30 11:48 - 2013-06-29 05:19 - 00044975 _____ C:\WINDOWS\KB2443105.log
2013-06-30 11:48 - 2007-12-26 17:52 - 00857718 _____ C:\WINDOWS\system32\TZLog.log
2013-06-30 11:48 - 2004-08-10 15:01 - 00094088 ____C C:\WINDOWS\wmsetup.log
2013-06-30 11:47 - 2013-06-30 11:47 - 00035838 _____ C:\WINDOWS\KB2229593.log
2013-06-30 11:47 - 2013-06-30 11:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2802968$
2013-06-30 11:47 - 2013-06-30 11:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2655992$
2013-06-30 11:47 - 2013-06-30 11:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2481109$
2013-06-30 11:47 - 2013-06-30 11:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2229593$
2013-06-30 11:47 - 2013-06-30 11:46 - 00035611 _____ C:\WINDOWS\KB2485663.log
2013-06-30 11:47 - 2013-06-30 11:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2485663$
2013-06-30 11:47 - 2013-06-29 05:19 - 00045612 _____ C:\WINDOWS\KB2481109.log
2013-06-30 11:47 - 2013-06-29 05:19 - 00045314 _____ C:\WINDOWS\KB2655992.log
2013-06-30 11:47 - 2013-06-29 05:19 - 00044363 _____ C:\WINDOWS\KB2802968.log
2013-06-30 11:46 - 2013-06-30 11:46 - 00035566 _____ C:\WINDOWS\KB2440591.log
2013-06-30 11:46 - 2013-06-30 11:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2686509$
2013-06-30 11:46 - 2013-06-30 11:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2598479$
2013-06-30 11:46 - 2013-06-30 11:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2440591$
2013-06-30 11:46 - 2013-06-30 11:45 - 00035943 _____ C:\WINDOWS\KB2686509.log
2013-06-30 11:46 - 2013-06-29 05:19 - 00044577 _____ C:\WINDOWS\KB2598479.log
2013-06-30 11:45 - 2013-06-30 11:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB982132$
2013-06-30 11:45 - 2013-06-30 11:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$
2013-06-30 11:45 - 2013-06-30 11:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2507938$
2013-06-30 11:45 - 2013-06-29 05:18 - 00043773 _____ C:\WINDOWS\KB2780091.log
2013-06-30 11:45 - 2013-06-29 05:18 - 00043415 _____ C:\WINDOWS\KB2507938.log
2013-06-30 11:45 - 2013-06-29 05:18 - 00043273 _____ C:\WINDOWS\KB982132.log
2013-06-30 11:44 - 2013-06-30 11:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979687$
2013-06-30 11:44 - 2013-06-30 11:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2624667$
2013-06-30 11:44 - 2013-06-30 11:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2483185$
2013-06-30 11:44 - 2013-06-30 11:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2347290$
2013-06-30 11:44 - 2013-06-29 05:18 - 00044175 _____ C:\WINDOWS\KB2483185.log
2013-06-30 11:44 - 2013-06-29 05:18 - 00043967 _____ C:\WINDOWS\KB2624667.log
2013-06-30 11:44 - 2013-06-29 05:18 - 00043566 _____ C:\WINDOWS\KB979687.log
2013-06-30 11:44 - 2013-06-29 05:18 - 00042023 _____ C:\WINDOWS\KB2719985.log
2013-06-30 11:43 - 2013-06-30 11:43 - 00034232 _____ C:\WINDOWS\KB2592799.log
2013-06-30 11:43 - 2013-06-30 11:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2719985$
2013-06-30 11:43 - 2013-06-30 11:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2592799$
2013-06-30 11:43 - 2013-06-30 11:42 - 00034036 _____ C:\WINDOWS\KB2753842-v2.log
2013-06-30 11:42 - 2013-06-30 11:42 - 00034300 _____ C:\WINDOWS\KB2535512.log
2013-06-30 11:42 - 2013-06-30 11:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$
2013-06-30 11:42 - 2013-06-30 11:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2753842-v2$
2013-06-30 11:42 - 2013-06-30 11:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2535512$
2013-06-30 11:41 - 2013-06-30 11:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2839229$
2013-06-30 11:41 - 2013-06-29 05:17 - 00040638 _____ C:\WINDOWS\KB2839229.log
2013-06-30 11:40 - 2013-06-30 11:40 - 00034488 _____ C:\WINDOWS\KB2807986.log
2013-06-30 11:40 - 2013-06-30 11:40 - 00034013 _____ C:\WINDOWS\KB2570947.log
2013-06-30 11:40 - 2013-06-30 11:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$
2013-06-30 11:40 - 2013-06-30 11:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2570947$
2013-06-30 11:36 - 2013-06-30 11:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB981322$
2013-06-30 11:36 - 2013-06-30 11:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$
2013-06-30 11:36 - 2013-06-29 05:17 - 00040989 _____ C:\WINDOWS\KB2820917.log
2013-06-30 11:36 - 2013-06-29 05:16 - 00041225 _____ C:\WINDOWS\KB981322.log
2013-06-30 11:35 - 2013-06-30 11:35 - 00032858 _____ C:\WINDOWS\KB2603381.log
2013-06-30 11:35 - 2013-06-30 11:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2757638$
2013-06-30 11:35 - 2013-06-30 11:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2603381$
2013-06-30 11:35 - 2013-06-30 11:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2419632$
2013-06-30 11:35 - 2013-06-29 05:17 - 00040370 _____ C:\WINDOWS\KB2757638.log
2013-06-30 11:35 - 2013-06-29 05:16 - 00041592 _____ C:\WINDOWS\KB2419632.log
2013-06-30 11:34 - 2013-06-30 11:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2653956$
2013-06-30 11:34 - 2013-06-30 11:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2508429$
2013-06-30 11:34 - 2013-06-29 05:17 - 00035724 _____ C:\WINDOWS\KB2508429.log
2013-06-30 11:34 - 2013-06-29 05:16 - 00034895 _____ C:\WINDOWS\KB2653956.log
2013-06-30 11:33 - 2013-06-30 11:33 - 00026974 _____ C:\WINDOWS\KB2820197.log
2013-06-30 11:33 - 2013-06-30 11:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820197$
2013-06-30 11:31 - 2013-06-30 11:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2749655$
2013-06-30 11:31 - 2013-06-29 05:16 - 00032744 _____ C:\WINDOWS\KB2749655.log
2013-06-30 11:30 - 2013-06-30 11:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB971029$
2013-06-30 11:30 - 2013-06-29 05:16 - 00032245 _____ C:\WINDOWS\KB971029.log
2013-06-30 11:29 - 2013-06-30 11:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2506212$
2013-06-30 11:29 - 2013-06-29 05:16 - 00031548 _____ C:\WINDOWS\KB2506212.log
2013-06-30 11:26 - 2004-08-10 14:57 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-30 11:22 - 2013-06-30 11:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2698365$
2013-06-30 11:22 - 2013-06-30 11:21 - 00023812 _____ C:\WINDOWS\KB2698365.log
2013-06-30 11:21 - 2013-06-30 11:21 - 00021661 _____ C:\WINDOWS\KB2723135-v2.log
2013-06-30 11:21 - 2013-06-30 11:21 - 00021105 _____ C:\WINDOWS\KB981997.log
2013-06-30 11:21 - 2013-06-30 11:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB981997$
2013-06-30 11:21 - 2013-06-30 11:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2727528$
2013-06-30 11:21 - 2013-06-30 11:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2723135-v2$
2013-06-30 11:21 - 2013-06-30 11:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2705219-v2$
2013-06-30 11:21 - 2013-06-30 11:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2619339$
2013-06-30 11:21 - 2013-06-29 05:15 - 00029171 _____ C:\WINDOWS\KB2705219-v2.log
2013-06-30 11:21 - 2013-06-29 05:15 - 00028654 _____ C:\WINDOWS\KB2619339.log
2013-06-30 11:21 - 2013-06-29 05:15 - 00027634 _____ C:\WINDOWS\KB2727528.log
2013-06-30 11:21 - 2004-08-10 15:02 - 00000000 ____D C:\Program Files\Movie Maker
2013-06-30 11:20 - 2013-06-30 11:20 - 00020963 _____ C:\WINDOWS\KB2618451.log
2013-06-30 11:20 - 2013-06-30 11:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2661254-v2$
2013-06-30 11:20 - 2013-06-30 11:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2618451$
2013-06-30 11:20 - 2013-06-29 05:15 - 00028123 _____ C:\WINDOWS\KB2661254-v2.log
2013-06-30 11:19 - 2013-06-30 11:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$
2013-06-30 11:19 - 2013-06-30 11:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2676562$
2013-06-30 11:19 - 2013-06-30 11:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2509553$
2013-06-30 11:19 - 2013-06-29 05:15 - 00028399 _____ C:\WINDOWS\KB2813345.log
2013-06-30 11:19 - 2013-06-29 05:15 - 00027985 _____ C:\WINDOWS\KB2509553.log
2013-06-30 11:19 - 2013-06-29 05:14 - 00029316 _____ C:\WINDOWS\KB2676562.log
2013-06-30 11:18 - 2013-06-30 11:18 - 00019605 _____ C:\WINDOWS\KB2838727-IE8.log
2013-06-30 11:18 - 2013-06-30 11:18 - 00015417 _____ C:\WINDOWS\KB2510531-IE8.log
2013-06-30 11:17 - 2013-06-30 11:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB982665$
2013-06-30 11:17 - 2013-06-30 11:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2829361$
2013-06-30 11:17 - 2013-06-30 11:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2478960$
2013-06-30 11:17 - 2013-06-29 05:14 - 00019110 _____ C:\WINDOWS\KB982665.log
2013-06-30 11:17 - 2013-06-29 05:14 - 00018263 _____ C:\WINDOWS\KB2829361.log
2013-06-30 11:16 - 2013-06-30 11:16 - 00015053 _____ C:\WINDOWS\KB2393802.log
2013-06-30 11:16 - 2013-06-30 11:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2620712$
2013-06-30 11:16 - 2013-06-30 11:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2393802$
2013-06-30 11:16 - 2013-06-29 05:14 - 00018699 _____ C:\WINDOWS\KB2620712.log
2013-06-30 11:15 - 2013-06-30 11:15 - 00012745 _____ C:\WINDOWS\KB2566454.log
2013-06-30 11:15 - 2013-06-30 11:15 - 00012539 _____ C:\WINDOWS\KB2661637.log
2013-06-30 11:15 - 2013-06-30 11:15 - 00012489 _____ C:\WINDOWS\KB2423089.log
2013-06-30 11:15 - 2013-06-30 11:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2661637$
2013-06-30 11:15 - 2013-06-30 11:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2584146$
2013-06-30 11:15 - 2013-06-30 11:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2566454$
2013-06-30 11:15 - 2013-06-30 11:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2423089$
2013-06-30 11:15 - 2013-06-30 11:13 - 00013232 _____ C:\WINDOWS\KB2360937.log
2013-06-30 11:15 - 2013-06-29 05:11 - 00018186 _____ C:\WINDOWS\KB2584146.log
2013-06-30 11:15 - 2004-08-10 15:02 - 00000000 ____D C:\Program Files\Outlook Express
2013-06-30 11:14 - 2013-06-30 11:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2360937$
2013-06-29 10:05 - 2008-01-03 16:55 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-06-29 05:03 - 2004-08-10 14:52 - 00000000 ____D C:\WINDOWS\Help
2013-06-29 00:21 - 2004-08-04 00:58 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2013-06-28 23:52 - 2013-06-28 23:52 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-28 23:49 - 2013-06-28 23:51 - 00688992 ____R (Swearware) C:\Documents and Settings\Larry\Desktop\dds.com
2013-06-28 23:48 - 2013-06-28 23:51 - 00050477 _____ C:\Documents and Settings\Larry\Desktop\Defogger.exe
2013-06-28 23:34 - 2013-06-28 23:51 - 02237968 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Larry\Desktop\tdsskiller.exe
2013-06-27 18:26 - 2013-06-27 18:26 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum
2013-06-27 18:26 - 2013-06-26 13:10 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2013-06-27 18:26 - 2013-06-26 13:10 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum
2013-06-27 18:26 - 2013-06-22 19:02 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-06-27 18:26 - 2013-06-22 19:02 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-06-27 18:26 - 2013-06-22 19:02 - 00175176 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-06-27 10:26 - 2008-01-03 17:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB920872$
2013-06-26 12:50 - 2013-06-22 21:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2013-06-26 12:44 - 2008-01-04 00:15 - 00000000 __HDC C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2013-06-26 12:12 - 2008-12-22 19:16 - 00000000 ____D C:\Program Files\Fast Browser SearchP
2013-06-23 21:16 - 2013-06-23 21:16 - 00692104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-06-23 21:16 - 2013-06-23 21:16 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-06-23 13:50 - 2013-06-23 00:38 - 00000116 _____ C:\aswBoot.log
2013-06-22 22:40 - 2004-08-10 14:51 - 00000542 _____ C:\WINDOWS\win.ini
2013-06-22 22:40 - 2004-08-10 14:51 - 00000227 _____ C:\WINDOWS\system.ini
2013-06-22 22:40 - 2004-08-10 14:51 - 00000211 __RSH C:\boot.ini
2013-06-22 22:00 - 2013-06-22 21:03 - 00065536 _____ C:\WINDOWS\system32\config\Spybot -.evt
2013-06-22 21:58 - 2013-06-22 21:58 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-22 21:58 - 2013-06-22 21:58 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-22 21:58 - 2013-06-22 21:58 - 00000000 ____D C:\Documents and Settings\Larry\Application Data\Malwarebytes
2013-06-22 21:58 - 2013-06-22 21:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-06-22 21:58 - 2004-08-10 14:57 - 00000000 ____D C:\Documents and Settings\All Users\Desktop
2013-06-22 21:04 - 2013-06-22 21:04 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-06-22 21:03 - 2013-06-22 21:03 - 00001836 _____ C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2013-06-22 21:03 - 2013-06-22 21:03 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-06-22 19:02 - 2013-06-22 19:02 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-06-22 19:02 - 2013-06-22 19:02 - 00000000 ____D C:\Program Files\AVAST Software
2013-06-22 19:02 - 2013-06-22 19:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-06-22 19:02 - 2004-08-10 15:04 - 00002577 _____ C:\WINDOWS\system32\CONFIG.NT
2013-06-22 18:59 - 2007-12-26 18:06 - 00000000 ____D C:\Program Files\Dell
2013-06-22 18:37 - 2004-08-10 14:57 - 00441626 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-06-22 18:32 - 2007-12-26 17:42 - 00005499 _____ C:\WINDOWS\setupact.log
2013-06-22 18:32 - 2004-08-10 14:51 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl

Files to move or delete:
====================
C:\Documents and Settings\Larry\GoToAssistDownloadHelper.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

Attached Files



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:36 PM

Posted 17 July 2013 - 10:09 AM

Please do the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it on your desktop as fixlist.txt

(if you saved FRST to a different folder and not your desktop originally, then save fixlist.txt to the same location as FRST was saved)


start
HKU\Mary\...\Run: [83342711632460062153888415657714] - C:\Program Files\Antivirus 2009\av2009.exe [x]
HKU\Tina\...\Run: [dbppolym] - C:\Documents and Settings\Tina\Local Settings\Application Data\imxmfltdb\vynsnhmtssd.exe [x]
HKU\Tina\...\Run: [jhvmyjuj] - C:\Documents and Settings\Tina\Local Settings\Application Data\ynelfeuve\vhrqutvtssd.exe [x]
URLSearchHook: (No Name) - {811FB681-61C2-4442-9C96-9F164F619ED7} -  No File
BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll No File
C:\Documents and Settings\Larry\GoToAssistDownloadHelper.exe
end
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now run FRST and press the Fix button just once and wait.
The tool will make a log on your desktop (Fixlog.txt) please attach that log to your reply.

Note: FixList.txt and FRST must be saved to the same location or the fix will not work

Reboot Normally.



NEXT

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 abachran

abachran
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 17 July 2013 - 11:08 AM

ComboFix 13-07-16.01 - Larry 07/17/2013  11:38:49.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1193 [GMT -4:00]
Running from: c:\documents and settings\Larry\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Larry\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Allison\WINDOWS
c:\documents and settings\Larry\Application Data\9DF4AD
c:\documents and settings\Larry\Application Data\alot
c:\documents and settings\Larry\Local Settings\Temp\IadHide5.dll
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\autosearch_plugin.dll
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\FastBrowserURLDownload.exe
c:\program files\Fast Browser Search\IE\FBSPlugin.dll
c:\program files\Fast Browser Search\IE\FbsSearchProtectionInstall.exe
c:\program files\Fast Browser Search\IE\FbsSearchProtectionUnInstall.exe
c:\program files\Fast Browser Search\IE\FBStoolbar.crc
c:\program files\Fast Browser Search\IE\FBStoolbar.inf
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\options.html
c:\program files\Fast Browser Search\IE\searchbutton1.gif
c:\program files\Fast Browser Search\IE\searchbutton2.gif
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\Unreg.dll
c:\program files\Fast Browser Search\IE\version.txt
c:\windows\system32\SETCB.tmp
c:\windows\system32\SETCD.tmp
c:\windows\system32\SETD0.tmp
c:\windows\system32\winsrc.dll.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-17 to 2013-07-17  )))))))))))))))))))))))))))))))
.
.
2013-07-17 15:54 . 2013-07-17 15:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-07-17 14:36 . 2013-07-17 14:36 -------- d-----w- C:\FRST
2013-06-29 09:20 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2013-06-29 09:20 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2013-06-29 09:20 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2013-06-29 09:19 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2013-06-29 09:18 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2013-06-29 09:17 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2013-06-29 09:17 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2013-06-29 09:17 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
2013-06-29 09:16 . 2012-05-28 18:16 536576 ------w- c:\windows\system32\dllcache\msado15.dll
2013-06-29 09:15 . 2012-07-04 14:05 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys
2013-06-29 09:14 . 2013-06-07 21:56 522240 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2013-06-29 09:14 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2013-06-29 09:13 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2013-06-29 09:13 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2013-06-29 09:11 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2013-06-29 03:52 . 2013-06-29 03:52 -------- d-----w- C:\TDSSKiller_Quarantine
2013-06-24 01:16 . 2013-06-24 01:16 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-24 01:16 . 2013-06-24 01:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-23 16:26 . 2001-08-23 12:00 134144 ----a-w- c:\windows\system32\REGEDIT.com
2013-06-23 02:49 . 2008-08-01 15:34 262144 ----a-w- c:\program files\Uninstall Ask Toolbar.dll
2013-06-23 01:58 . 2013-06-23 01:58 -------- d-----w- c:\documents and settings\Larry\Application Data\Malwarebytes
2013-06-23 01:58 . 2013-06-23 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-06-23 01:58 . 2013-06-23 01:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-23 01:58 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-23 01:03 . 2013-06-26 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2013-06-23 01:03 . 2009-01-25 17:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-06-23 01:03 . 2013-06-23 01:03 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-06-22 23:02 . 2013-06-27 22:26 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-22 23:02 . 2013-05-09 08:59 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-06-22 23:02 . 2013-05-09 08:59 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-06-22 23:02 . 2013-05-09 08:59 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-06-22 23:02 . 2013-06-27 22:26 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-22 23:02 . 2013-06-27 22:26 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-22 23:02 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-22 23:02 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-06-22 23:02 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-06-22 23:02 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-06-22 23:02 . 2013-06-22 23:02 -------- d-----w- c:\program files\AVAST Software
2013-06-22 23:00 . 2013-06-22 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2013-06-22 22:32 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-06-22 22:32 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-29 04:21 . 2004-08-04 04:58 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2013-06-08 03:55 . 2004-08-10 18:51 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2004-08-10 18:51 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-10 18:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-10 18:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2004-08-10 18:51 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-10 18:51 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-09 04:28 . 2006-10-19 03:47 1543680 ----a-w- c:\windows\system32\wmvdecod.dll
2013-05-03 01:30 . 2004-08-10 18:51 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2004-08-04 04:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-23 8429568]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"EPSON Stylus CX5400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" [2003-05-27 99840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]
.
c:\documents and settings\Larry\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx [2006-6-2 180224]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-01-04 00:29 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Consumer Input]
2007-09-20 14:47 390488 ----a-w- c:\program files\Consumer Input\ConsumerInput.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Consumer Input Update]
2007-09-20 14:48 152920 ----a-w- c:\program files\Consumer Input\ConsumerInputUa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-12-26 22:06 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-30 23:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [6/22/2013 7:02 PM 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [6/22/2013 7:02 PM 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/22/2013 7:02 PM 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/22/2013 7:02 PM 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/22/2013 7:02 PM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [6/22/2013 7:02 PM 66336]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [6/22/2013 9:03 PM 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [6/22/2013 9:03 PM 1033688]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/12/2008 7:15 PM 24652]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [6/22/2013 9:58 PM 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/22/2013 9:58 PM 701512]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [6/22/2013 9:03 PM 171928]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/22/2013 9:58 PM 22856]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ    HPSLPSVC
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-24 01:16]
.
2013-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
.
2013-07-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-06-22 08:58]
.
2013-07-17 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-06-23 14:58]
.
2013-07-17 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-06-23 14:57]
.
2013-06-23 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-06-23 14:58]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = localhost:21320
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: {9BA9AE56-8DFC-4994-AEA9-68BEAD35A6FA} - hxxp://www.myfacelol.com/_downloads/cab/v2/MyFaceLOL.cab
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-08646168.sys
MSConfigStartUp-FBSearch - c:\program files\Fast Browser SearchP\FastBrowserSearchProtection.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-17 11:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(700)
c:\windows\system32\WININET.dll
c:\docume~1\Larry\LOCALS~1\Temp\IadHide5.dll
c:\program files\Google\Google Desktop Search\GoogleDesktopCommon.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2013-07-17  11:59:07 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-17 15:59
.
Pre-Run: 204,335,751,168 bytes free
Post-Run: 204,706,705,408 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 326D0602F4CC650A6FBE4AFB5C862097
5CB90281D1A59B251F6603134774EEC3
 

 

Attached Files



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:36 PM

Posted 17 July 2013 - 11:33 AM

Please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
NEXT
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 abachran

abachran
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 18 July 2013 - 09:29 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.3 (07.17.2013:1)
OS: Microsoft Windows XP x86
Ran by Larry on Wed 07/17/2013 at 12:55:26.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Successfully stopped: [Service] viewpoint manager service
Successfully deleted: [Service] viewpoint manager service

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\dnu.exe
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\compete
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\compete
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\urlsearchhook.toolbarurlsearchhook
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\urlsearchhook.toolbarurlsearchhook.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\active setup\installed components\{03f998b2-0e00-11d3-a498-00104b6eb52e}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\active setup\installed components\{1b00725b-c455-4de6-bfb6-ad540ad427cd}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{568C4528-B0E3-4997-8500-14A17CC7C6F0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{51E1E9CA-DADE-4C55-BE2A-E27D78E035C7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\viewpoint"
Successfully deleted: [Folder] "C:\Documents and Settings\Larry\Application Data\viewpoint"
Successfully deleted: [Folder] "C:\Program Files\consumer input"
Successfully deleted: [Folder] "C:\Program Files\viewpoint"
Successfully deleted: [Folder] "C:\Program Files\Common Files\software update utility"
Successfully deleted: [Folder] "C:\Program Files\asksbar"

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/17/2013 at 12:59:33.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.17.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Larry :: D8JFGCF1 [administrator]

7/17/2013 1:14:33 PM
mbam-log-2013-07-17 (13-14-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 337527
Time elapsed: 13 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP813\A0118890.dll probably a variant of Win32/Adware.Gamevance.AA application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP822\A0120653.DLL Win32/Toolbar.AskSBar application
C:\TDSSKiller_Quarantine\28.06.2013_23.52.12\rtkt0000\tdlfs0000\tsk0004.dta a variant of Win32/Olmarik.ADZ trojan
 

 

Attached Files



#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:36 PM

Posted 18 July 2013 - 09:40 AM

those items found by ESET are either in old restore points or quarantine, so they are of no concern (the restore points will clean up when we do our final housekeeping routine)

Please run the following:

Visit ADOBE and download the latest version of Acrobat Reader (version XI)
Having the latest updates ensures there are no security vulnerabilities in your system.
Decline any additional installs that may be offered.

NEXT

javaicon.jpg
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 7 and Save it to your Desktop.
  • Scroll down to where it says Java SE 7u25
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u25-windows-i586.exe to install the newest version.
  • Decline any additional installs that may be offered.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are three options in the window to clear the cache - Leave these two Checked

      • Trace and Log Files
        Cached Applications and Applets
      • Click OK on Delete Temporary Files Window
        Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
      • Click OK to leave the Temporary Files Window
      • Click OK to leave the Java Control Panel.
NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:36 PM

Posted 22 July 2013 - 08:17 AM

how are you getting along?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:36 PM

Posted 31 July 2013 - 09:06 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users