Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP infection and some new behaviors


  • This topic is locked This topic is locked
40 replies to this topic

#1 Gordon C

Gordon C

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:09:28 PM

Posted 15 December 2013 - 12:48 PM

Link to prior topic: http://www.bleepingcomputer.com/forums/t/517487/win-xp-media-center-affected-but-infected/

 

New behaviors:

1. Running IE8, it opens but no longer displays the warning about default search engine change. The add-on management window still opens.

2. Now routinely get a warning about XSS and a potentially malicious URL.

3. Prior to each download the system fires up a Office 2000 installer looking for file/files and begging the install CD. I have to cancel that and the download proceeds.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2
Run by boss at 12:30:36 on 2013-12-15
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1230 [GMT -5:00]
.
AV: Norton AntiVirus *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [hpWirelessAssistant] "c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [High Definition Audio Property Page Shortcut] "CHDAudPropShortcut.exe"
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1365967165187
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1 205.171.2.226
TCP: Interfaces\{B359B3BB-9147-4866-8746-F7BBFA7809D6} : DHCPNameServer = 192.168.0.1 205.171.2.226
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-12-13 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-12-13 1369624]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam  ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952]
S1 gariuocj;gariuocj;\??\c:\windows\system32\drivers\gariuocj.sys --> c:\windows\system32\drivers\gariuocj.sys [?]
S2 PEVSystemStart;PEVSystemStart;"c:\combofix\pev.3xe" exec /i "c:\combofix\regt.3xe" /s "c:\combofix\cregb.dat" --> c:\combofix\pev.3XE [?]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-12-13 168384]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-5-15 51416]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2008-12-6 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2008-12-6 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2008-12-6 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2008-12-6 59776]
S4 HitmanPro37CrusaderBoot;HitmanPro 3.7 Crusader (Boot);"g:\hitmanpro.exe" /crusader:boot --> g:\HitmanPro.exe [?]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-3-25 1251720]
.
=============== Created Last 30 ================
.
2013-12-15 16:22:43 -------- d-----w- c:\windows\ERUNT
2013-12-15 16:00:55 -------- d-----w- C:\AdwCleaner
2013-12-15 07:52:41 7772552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0271d312-f55d-4bcb-9b9c-809d5e377812}\mpengine.dll
2013-12-15 02:24:22 -------- d-----w- C:\TDSSKiller_Quarantine
2013-12-13 16:27:36 7772552 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-12-13 15:24:48 -------- d-sha-r- C:\cmdcons
2013-12-13 15:23:17 256000 ----a-w- c:\windows\PEV.exe
2013-12-13 15:23:17 208896 ----a-w- c:\windows\MBR.exe
2013-12-13 15:23:16 98816 ----a-w- c:\windows\sed.exe
2013-12-13 14:32:58 -------- d-----w- c:\documents and settings\boss\local settings\application data\Google
2013-12-13 14:31:11 -------- d-----w- c:\documents and settings\boss\local settings\application data\Deployment
2013-12-13 14:22:44 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-12-12 20:56:12 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2013-12-12 20:56:10 104664 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-12-11 21:34:14 -------- d-sh--w- c:\documents and settings\boss\IECompatCache
.
==================== Find3M  ====================
.
2013-12-12 20:55:20 51416 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-11 21:51:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 21:51:46 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-19 08:33:38 230048 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 12:31:48.78 ===============
 

Attached Files


Edited by Gordon C, 15 December 2013 - 12:56 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 PM

Posted 20 December 2013 - 12:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/517547 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Gordon C

Gordon C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:09:28 PM

Posted 20 December 2013 - 06:16 PM

The user reported another infestation of the fbi/greendot variety which it has had twice before. I have seen no direct evidence of that.

 

As originally reported, IE8 runs but refuses to change default search engines. After IE8 opens the addon management console always opens. (Note: there used to appear a notice that something had tried to tinker with default search engine prior to the console opening. We no longer see that notice.)

 

Attempting to download a browser other than IE ALWAYS resulting in certificate error messages.

 

Now routinely get a warning about XSS and a potentially malicious URL.

 

Prior to each download the system fires up a Office 2000 installer looking for file/files and begging the install CD. I have to cancel that and the download proceeds. The same happens at times when I try to reply here.

 

New DDS log:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2
Run by boss at 17:41:11 on 2013-12-20
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1276 [GMT -5:00]
.
AV: Norton AntiVirus *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [hpWirelessAssistant] "c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [High Definition Audio Property Page Shortcut] "CHDAudPropShortcut.exe"
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1365967165187
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1 205.171.2.226
TCP: Interfaces\{B359B3BB-9147-4866-8746-F7BBFA7809D6} : DHCPNameServer = 192.168.0.1 205.171.2.226
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 214696]
R1 MpKsl5b4f94f2;MpKsl5b4f94f2;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ca409e2e-45ba-49a8-98db-a59ca2c80c30}\MpKsl5b4f94f2.sys [2013-12-20 40392]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-12-13 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-12-13 1369624]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam  ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952]
S1 gariuocj;gariuocj;\??\c:\windows\system32\drivers\gariuocj.sys --> c:\windows\system32\drivers\gariuocj.sys [?]
S2 PEVSystemStart;PEVSystemStart;"c:\combofix\pev.3xe" exec /i "c:\combofix\regt.3xe" /s "c:\combofix\cregb.dat" --> c:\combofix\pev.3XE [?]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-12-13 168384]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-5-15 51416]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2008-12-6 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2008-12-6 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2008-12-6 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2008-12-6 59776]
S4 HitmanPro37CrusaderBoot;HitmanPro 3.7 Crusader (Boot);"g:\hitmanpro.exe" /crusader:boot --> g:\HitmanPro.exe [?]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-3-25 1251720]
.
=============== Created Last 30 ================
.
2013-12-20 22:34:41 40392 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ca409e2e-45ba-49a8-98db-a59ca2c80c30}\MpKsl5b4f94f2.sys
2013-12-18 19:16:10 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ca409e2e-45ba-49a8-98db-a59ca2c80c30}\mpengine.dll
2013-12-16 21:51:47 7760024 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-12-15 21:20:21 -------- d-----w- c:\windows\Temp780AE379-A210-FCB5-8BF8-C43914FD833C-Signatures
2013-12-15 21:03:00 -------- d-----w- c:\windows\system32\MRT
2013-12-15 20:00:55 25088 ------w- c:\windows\system32\dllcache\hidparse.sys
2013-12-15 20:00:55 14976 ------w- c:\windows\system32\dllcache\usbscan.sys
2013-12-15 19:47:49 60160 ------w- c:\windows\system32\dllcache\usbaudio.sys
2013-12-15 19:47:49 46848 ------w- c:\windows\system32\dllcache\irbus.sys
2013-12-15 19:47:49 123008 ------w- c:\windows\system32\dllcache\usbvideo.sys
2013-12-15 19:40:41 5376 ------w- c:\windows\system32\dllcache\usbd.sys
2013-12-15 19:40:41 32384 ------w- c:\windows\system32\dllcache\usbccgp.sys
2013-12-15 19:40:41 30336 ------w- c:\windows\system32\dllcache\usbehci.sys
2013-12-15 19:40:40 144128 ------w- c:\windows\system32\dllcache\usbport.sys
2013-12-15 16:22:43 -------- d-----w- c:\windows\ERUNT
2013-12-15 16:00:55 -------- d-----w- C:\AdwCleaner
2013-12-15 02:24:22 -------- d-----w- C:\TDSSKiller_Quarantine
2013-12-13 15:24:48 -------- d-sha-r- C:\cmdcons
2013-12-13 15:23:17 256000 ----a-w- c:\windows\PEV.exe
2013-12-13 15:23:17 208896 ----a-w- c:\windows\MBR.exe
2013-12-13 15:23:16 98816 ----a-w- c:\windows\sed.exe
2013-12-13 14:32:58 -------- d-----w- c:\documents and settings\boss\local settings\application data\Google
2013-12-13 14:31:11 -------- d-----w- c:\documents and settings\boss\local settings\application data\Deployment
2013-12-13 14:22:44 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-12-12 20:56:12 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2013-12-12 20:56:10 104664 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-12-11 21:34:14 -------- d-sh--w- c:\documents and settings\boss\IECompatCache
.
==================== Find3M  ====================
.
2013-12-12 20:55:20 51416 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-11 21:51:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 21:51:46 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-19 08:33:38 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-09-27 14:53:06 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 17:43:02.83 ===============
 

Attached Files


Edited by Gordon C, 20 December 2013 - 06:32 PM.


#4 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:28 PM

Posted 21 December 2013 - 12:21 AM

Hello Gordon C, and  :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We need to see some information about what is happening in your machine.  Please perform the following scans:

Download Security Check by screen317 from http://screen317.spywareinfoforum.org/SecurityCheck.exe
or http://screen317.changelog.fr/SecurityCheck.exe
.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

==========
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note
: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 


Best Regards,
oneof4.


#5 Gordon C

Gordon C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:09:28 PM

Posted 21 December 2013 - 11:11 AM

I appreciate your attention very much. Am keen to clear this without having to reinstall a wad of stuff.

 

SCANS FOLLOW:

 

 Results of screen317's Security Check version 0.99.77 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
N
o
r
t
o
n
ECHO is off.
A
n
t
i
V
i
r
u
s
ECHO is off.
M
i
c
r
o
s
o
f
t
ECHO is off.
S
e
c
u
r
i
t
y
ECHO is off.
E
s
e
n
t
i
a
l
s
ECHO is off.
 Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File 
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 7 Update 17 
 Java version out of Date!
 Adobe Reader 7 Adobe Reader out of Date!
 Google Chrome 31.0.1650.63 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````
 

FRST.TXT

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2013 02
Ran by boss (administrator) on PC139223223129 on 21-12-2013 10:58:29
Running from C:\Documents and Settings\boss\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
() C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqtgsvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [794713 2006-06-17] (Synaptics, Inc.)
HKLM\...\Run: [NvMediaCenter] - "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] - "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe [458752 2006-05-04] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [49152 2006-02-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [High Definition Audio Property Page Shortcut] - C:\WINDOWS\system32\CHDAudPropShortcut.exe [61952 2006-06-02] (Windows ® Server 2003 DDK provider)
HKLM\...\Run: [Cpqset] - C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe [40960 2006-06-19] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKU\Administrator\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)
HKU\Default User\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)
HKU\Larry Hamm\...\Run: [Google Update] - C:\Documents and Settings\Larry Hamm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [ 2013-09-09] (Google Inc.)
HKU\Larry Hamm\...\Winlogon: [Shell] explorer.exe [ 2008-04-14] (Microsoft Corporation) <==== ATTENTION
HKU\Larry Hamm\...\Command Processor:  <===== ATTENTION!
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Vongo Tray.lnk
ShortcutTarget: Vongo Tray.lnk -> C:\Program Files\Vongo\Tray.exe (Starz)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
ShortcutTarget: HP Photosmart Premier Fast Start.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\David\Start Menu\Programs\Startup\Vongo Tray.lnk
ShortcutTarget: Vongo Tray.lnk -> C:\Program Files\Vongo\Tray.exe (Starz)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Vongo Tray.lnk
ShortcutTarget: Vongo Tray.lnk -> C:\Program Files\Vongo\Tray.exe (Starz)
BootExecute: autocheck autochk * bootdeletesdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {83018929-4490-4CE9-8D31-3CFF66F2A973} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {E8C0DAE2-19FD-473E-B3A5-115EC0D11490} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 04 C:\WINDOWS\system32\pnrpnsp.dll [58880] (Microsoft Corporation)
Winsock: Catalog5 05 C:\WINDOWS\system32\pnrpnsp.dll [58880] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226

Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Extension: (Google Docs) - C:\Documents and Settings\boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Documents and Settings\boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Documents and Settings\boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Documents and Settings\boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Documents and Settings\boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Documents and Settings\boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

========================== Services (Whitelisted) =================

R2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S3 AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [126976 2006-06-12] (Hewlett-Packard Development Company, L.P.)
R2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] ()
S4 dlcc_device; C:\WINDOWS\system32\dlcccoms.exe [538096 2007-02-14] ( )
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 MSMQ; C:\WINDOWS\system32\mqsvc.exe [4608 2009-06-22] (Microsoft Corporation)
R2 MSMQTriggers; C:\WINDOWS\system32\mqtgsvc.exe [117248 2009-06-22] (Microsoft Corporation)
S3 p2pgasvc; C:\Windows\system32\p2pgasvc.dll [105472 2008-04-14] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S4 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1251720 2008-03-08] ()
S3 WMConnectCDS; C:\Program Files\Windows Media Connect 2\wmccds.exe [855552 2005-10-06] (Microsoft Corporation)
S4 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
S4 HitmanPro37CrusaderBoot; "G:\HitmanPro.exe" /crusader:boot [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S2 PEVSystemStart; "C:\ComboFix\pev.3XE" EXEC /i "C:\ComboFix\REGT.3XE" /S "C:\ComboFix\CregB.dat"

==================== Drivers (Whitelisted) ====================

R3 5U870CAP_VID_1262&PID_25FD; C:\Windows\System32\Drivers\5U870CAP.sys [61952 2006-06-06] (Ricoh)
S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [43672 2006-12-31] (Oak Technology Inc.)
R2 ASCTRM; C:\Windows\System32\Drivers\ASCTRM.sys [8552 2006-12-09] (Windows ® 2000 DDK provider)
S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [57320 2006-05-12] (Broadcom Corporation.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [7808 2005-09-19] (Hewlett-Packard Development Company, L.P.)
S3 eabusb; C:\Windows\System32\DRIVERS\eabusb.sys [5760 2005-09-19] (Hewlett-Packard Development Company, L.P.)
R3 HdAudAddService; C:\Windows\System32\drivers\CHDAud.sys [572928 2006-06-02] (Conexant Systems Inc.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2009-08-26] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2009-08-26] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2009-08-26] (HP)
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [208000 2006-04-20] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [995712 2006-04-20] (Conexant Systems, Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [51416 2013-12-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R3 MQAC; C:\WINDOWS\system32\drivers\mqac.sys [91776 2009-06-22] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 PTDUBus; C:\Windows\System32\DRIVERS\PTDUBus.sys [29824 2008-03-11] (DEVGURU Co,LTD.)
S3 PTDUMdm; C:\Windows\System32\DRIVERS\PTDUMdm.sys [41344 2008-03-11] (DEVGURU Co,LTD.)
S3 PTDUVsp; C:\Windows\System32\DRIVERS\PTDUVsp.sys [39936 2008-03-11] (DEVGURU Co,LTD.)
S3 PTDUWWAN; C:\Windows\System32\DRIVERS\PTDUWWAN.sys [59776 2008-03-11] (DEVGURU Co,LTD.)
S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [47744 2006-07-06] ()
R2 symlcbrd; C:\WINDOWS\system32\drivers\symlcbrd.sys [10344 2007-03-25] (Symantec Corporation)
R1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
R3 w39n51; C:\Windows\System32\DRIVERS\w39n51.sys [1429632 2006-04-21] (Intel® Corporation)
S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [x]
S1 gariuocj; \??\C:\WINDOWS\system32\drivers\gariuocj.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]
S3 wanatw; system32\DRIVERS\wanatw4.sys [x]
U3 mbr; \??\C:\DOCUME~1\boss\LOCALS~1\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2013-12-21 10:58 - 2013-12-21 10:58 - 00014288 _____ C:\Documents and Settings\boss\Desktop\FRST.txt
2013-12-21 10:58 - 2013-12-21 10:58 - 00000000 ____D C:\FRST
2013-12-21 10:57 - 2013-12-21 10:57 - 00001396 _____ C:\Documents and Settings\boss\Desktop\checkup.txt
2013-12-21 10:54 - 2013-12-21 10:40 - 01325858 _____ (Farbar) C:\Documents and Settings\boss\Desktop\FRST.exe
2013-12-21 10:53 - 2013-12-21 10:32 - 00891200 _____ C:\Documents and Settings\boss\Desktop\SecurityCheck.exe
2013-12-15 16:30 - 2013-12-20 17:44 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-12-15 16:29 - 2013-12-15 16:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-12-15 16:27 - 2013-12-15 16:27 - 00138323 _____ C:\WINDOWS\KB2834886.log
2013-12-15 16:27 - 2013-12-15 16:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-12-15 16:23 - 2013-12-15 16:23 - 00137017 _____ C:\WINDOWS\KB2900986.log
2013-12-15 16:23 - 2013-12-15 16:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-12-15 16:23 - 2013-12-15 16:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-12-15 16:22 - 2013-12-15 16:23 - 00140390 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-15 16:22 - 2013-12-15 16:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-15 16:21 - 2013-12-15 16:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-12-15 16:20 - 2013-12-15 16:21 - 00132986 _____ C:\WINDOWS\KB2862335.log
2013-12-15 16:20 - 2013-12-15 16:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-12-15 16:20 - 2013-12-15 16:20 - 00000000 ____D C:\WINDOWS\Temp780AE379-A210-FCB5-8BF8-C43914FD833C-Signatures
2013-12-15 16:19 - 2013-12-15 16:19 - 00129347 _____ C:\WINDOWS\KB2904266.log
2013-12-15 16:19 - 2013-12-15 16:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-15 16:19 - 2013-12-15 16:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-12-15 16:18 - 2013-12-15 16:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-12-15 16:16 - 2013-12-15 16:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-12-15 16:15 - 2013-12-15 16:15 - 00006190 _____ C:\WINDOWS\KB2834905-v2.log
2013-12-15 16:15 - 2013-12-15 16:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-12-15 16:15 - 2013-12-15 16:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834905-v2_MCEUR2$
2013-12-15 16:12 - 2013-12-15 16:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-12-15 16:12 - 2013-12-15 16:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-12-15 16:11 - 2013-12-15 16:11 - 00008043 _____ C:\WINDOWS\KB2868038.log
2013-12-15 16:11 - 2013-12-15 16:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-12-15 16:03 - 2013-12-15 16:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-15 16:02 - 2013-12-15 16:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-15 16:02 - 2013-12-15 16:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-15 16:01 - 2013-12-15 16:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-15 16:01 - 2013-12-15 16:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-12-15 15:59 - 2013-12-15 16:00 - 00010807 _____ C:\WINDOWS\KB2833951.log
2013-12-15 15:59 - 2013-12-15 16:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2833951$
2013-12-15 15:14 - 2013-12-15 16:29 - 00146039 _____ C:\WINDOWS\KB2868626.log
2013-12-15 15:05 - 2013-12-15 16:23 - 00143044 _____ C:\WINDOWS\KB2847311.log
2013-12-15 15:02 - 2013-12-15 16:22 - 00137769 _____ C:\WINDOWS\KB2898715.log
2013-12-15 15:00 - 2013-07-02 21:12 - 00025088 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-12-15 15:00 - 2013-07-02 20:59 - 00014976 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys
2013-12-15 14:58 - 2013-12-15 16:20 - 00134623 _____ C:\WINDOWS\KB2845187.log
2013-12-15 14:58 - 2013-12-15 16:19 - 00134933 _____ C:\WINDOWS\KB2876217.log
2013-12-15 14:58 - 2013-12-15 16:19 - 00134434 _____ C:\WINDOWS\KB2864063.log
2013-12-15 14:51 - 2013-12-15 16:16 - 00013692 _____ C:\WINDOWS\KB2862152.log
2013-12-15 14:50 - 2013-12-15 16:15 - 00013166 _____ C:\WINDOWS\KB2850869.log
2013-12-15 14:48 - 2013-12-15 16:12 - 00013141 _____ C:\WINDOWS\KB2859537.log
2013-12-15 14:48 - 2013-12-15 16:12 - 00012327 _____ C:\WINDOWS\KB2876331.log
2013-12-15 14:47 - 2013-07-16 19:58 - 00123008 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-12-15 14:47 - 2013-07-16 19:58 - 00060160 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2013-12-15 14:47 - 2013-07-16 19:58 - 00046848 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2013-12-15 14:42 - 2013-12-15 16:02 - 00012116 _____ C:\WINDOWS\KB2893984.log
2013-12-15 14:42 - 2013-12-15 16:02 - 00011656 _____ C:\WINDOWS\KB2893294.log
2013-12-15 14:42 - 2013-12-15 16:01 - 00010666 _____ C:\WINDOWS\KB2892075.log
2013-12-15 14:40 - 2013-08-08 19:55 - 00144128 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2013-12-15 14:40 - 2013-08-08 19:55 - 00032384 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2013-12-15 14:40 - 2013-08-08 19:55 - 00005376 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2013-12-15 14:40 - 2009-03-18 06:02 - 00030336 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2013-12-15 12:34 - 2013-12-20 17:46 - 00004684 _____ C:\Documents and Settings\boss\Desktop\attach.zip
2013-12-15 12:31 - 2013-12-20 17:43 - 00020089 _____ C:\Documents and Settings\boss\Desktop\attach.txt
2013-12-15 12:31 - 2013-12-20 17:43 - 00012157 _____ C:\Documents and Settings\boss\Desktop\dds.txt
2013-12-15 12:21 - 2013-12-15 12:21 - 00688992 ____R (Swearware) C:\Documents and Settings\boss\Desktop\dds.com
2013-12-15 12:07 - 2013-12-15 15:58 - 00000239 _____ C:\Documents and Settings\boss\Desktop\Forum Link.url
2013-12-15 11:48 - 2013-12-15 12:03 - 00082512 _____ C:\Documents and Settings\boss\Desktop\answer.txt
2013-12-15 11:29 - 2013-12-15 11:29 - 00002252 _____ C:\Documents and Settings\boss\Desktop\FSS.txt
2013-12-15 11:27 - 2013-12-15 11:27 - 00000904 _____ C:\Documents and Settings\boss\Desktop\JRT.txt
2013-12-15 11:22 - 2013-12-15 11:22 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-15 11:00 - 2013-12-15 11:41 - 00000000 ____D C:\AdwCleaner
2013-12-15 10:59 - 2013-12-15 10:59 - 00708597 _____ (Farbar) C:\Documents and Settings\boss\Desktop\FSS.exe
2013-12-15 10:57 - 2013-12-15 10:58 - 01034531 _____ (Thisisu) C:\Documents and Settings\boss\Desktop\JRT.exe
2013-12-15 10:55 - 2013-12-15 10:55 - 01226750 _____ C:\Documents and Settings\boss\Desktop\AdwCleaner.exe
2013-12-14 21:24 - 2013-12-14 21:24 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-12-14 18:34 - 2013-12-14 18:34 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\boss\Desktop\tdsskiller.exe
2013-12-14 15:14 - 2013-12-14 14:44 - 00760937 _____ (Farbar) C:\Documents and Settings\boss\Desktop\MiniToolBox.exe
2013-12-14 11:55 - 2013-12-14 11:55 - 00012300 _____ C:\ComboFix.txt
2013-12-13 16:12 - 2013-12-13 16:12 - 00012978 _____ C:\WINDOWS\KB2829530-IE8.log
2013-12-13 16:08 - 2013-12-13 16:08 - 00006747 _____ C:\WINDOWS\KB2847204-IE8.log
2013-12-13 16:08 - 2013-12-13 16:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2829361$
2013-12-13 16:00 - 2013-12-13 16:00 - 00000747 _____ C:\Documents and Settings\boss\Desktop\Shortcut to iexplore.exe.lnk
2013-12-13 15:57 - 2013-12-13 16:08 - 00012453 _____ C:\WINDOWS\KB2829361.log
2013-12-13 10:24 - 2013-12-13 10:24 - 00000000 _RSHD C:\cmdcons
2013-12-13 10:24 - 2013-04-14 16:14 - 00000209 _____ C:\Boot.bak
2013-12-13 10:24 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-12-13 10:23 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-12-13 10:23 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-12-13 10:23 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-12-13 10:23 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-12-13 10:23 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-12-13 10:23 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-12-13 10:23 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-12-13 10:23 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-12-13 10:23 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-12-13 10:22 - 2013-12-14 11:44 - 00000000 ____D C:\Qoobox
2013-12-13 10:22 - 2013-12-13 10:40 - 00000000 ____D C:\WINDOWS\erdnt
2013-12-13 09:38 - 2013-12-13 09:38 - 00001815 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-12-13 09:38 - 2013-12-13 09:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2013-12-13 09:33 - 2013-12-21 10:43 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-13 09:33 - 2013-12-20 17:34 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-13 09:32 - 2013-12-13 09:38 - 00000000 ____D C:\Program Files\Google
2013-12-13 09:32 - 2013-12-13 09:38 - 00000000 ____D C:\Documents and Settings\boss\Local Settings\Application Data\Google
2013-12-13 09:31 - 2013-12-13 09:32 - 00000000 ____D C:\Documents and Settings\boss\Local Settings\Application Data\Deployment
2013-12-13 09:27 - 2011-06-08 22:13 - 00000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20131213-092748.backup
2013-12-13 09:22 - 2013-12-20 17:34 - 00000620 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-12-13 09:22 - 2013-12-18 08:44 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-12-13 09:22 - 2013-12-13 09:22 - 00001844 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2013-12-13 09:22 - 2013-12-13 09:22 - 00001838 _____ C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2013-12-13 09:22 - 2013-12-13 09:22 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-12-13 09:22 - 2013-12-13 09:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2013-12-13 09:22 - 2009-01-25 12:14 - 00015224 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2013-12-13 08:57 - 2013-12-13 08:59 - 00009238 _____ C:\WINDOWS\KB2618444-IE8.log
2013-12-12 15:56 - 2013-12-12 17:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-12-12 15:56 - 2013-12-12 15:56 - 00104664 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2013-12-11 18:14 - 2013-12-11 18:14 - 00000000 ____D C:\Documents and Settings\boss\Application Data\Netscape
2013-12-11 16:34 - 2013-12-21 06:54 - 00000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{64BC12A4-719C-45B0-A7A6-67F4EB9225D4}.job
2013-12-11 16:34 - 2013-12-11 16:34 - 00000000 __SHD C:\Documents and Settings\boss\IECompatCache
2013-12-04 20:54 - 2013-12-11 09:32 - 00000000 ____D C:\Documents and Settings\Larry Hamm\Local Settings\Application Data\KB4841991

==================== One Month Modified Files and Folders =======

2013-12-21 10:58 - 2013-12-21 10:58 - 00014288 _____ C:\Documents and Settings\boss\Desktop\FRST.txt
2013-12-21 10:58 - 2013-12-21 10:58 - 00000000 ____D C:\FRST
2013-12-21 10:57 - 2013-12-21 10:57 - 00001396 _____ C:\Documents and Settings\boss\Desktop\checkup.txt
2013-12-21 10:54 - 2013-09-09 21:38 - 00000998 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1856645627-3833389002-4087505884-1005UA.job
2013-12-21 10:50 - 2006-09-17 10:26 - 00265513 _____ C:\WINDOWS\setupapi.log
2013-12-21 10:49 - 2012-12-19 18:23 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-21 10:43 - 2013-12-13 09:33 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-21 10:40 - 2013-12-21 10:54 - 01325858 _____ (Farbar) C:\Documents and Settings\boss\Desktop\FRST.exe
2013-12-21 10:32 - 2013-12-21 10:53 - 00891200 _____ C:\Documents and Settings\boss\Desktop\SecurityCheck.exe
2013-12-21 06:54 - 2013-12-11 16:34 - 00000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{64BC12A4-719C-45B0-A7A6-67F4EB9225D4}.job
2013-12-21 00:43 - 2006-06-29 14:18 - 00032626 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-20 18:54 - 2013-09-09 21:38 - 00000946 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1856645627-3833389002-4087505884-1005Core.job
2013-12-20 17:46 - 2013-12-15 12:34 - 00004684 _____ C:\Documents and Settings\boss\Desktop\attach.zip
2013-12-20 17:46 - 2006-06-29 14:18 - 01238529 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-20 17:44 - 2013-12-15 16:30 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-12-20 17:43 - 2013-12-15 12:31 - 00020089 _____ C:\Documents and Settings\boss\Desktop\attach.txt
2013-12-20 17:43 - 2013-12-15 12:31 - 00012157 _____ C:\Documents and Settings\boss\Desktop\dds.txt
2013-12-20 17:34 - 2013-12-13 09:33 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-20 17:34 - 2013-12-13 09:22 - 00000620 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-12-20 17:34 - 2006-09-17 09:20 - 00051048 _____ C:\WINDOWS\system32\nvapps.xml
2013-12-20 17:34 - 2006-06-29 14:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-20 17:34 - 2006-06-29 06:04 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-12-20 17:34 - 2006-06-29 06:04 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-12-20 17:33 - 2006-06-29 14:18 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2013-12-19 12:39 - 2013-05-20 10:41 - 00524288 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2013-12-19 12:38 - 2013-05-20 08:38 - 00000178 ___SH C:\Documents and Settings\boss\ntuser.ini
2013-12-18 08:44 - 2013-12-13 09:22 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-12-15 16:36 - 2011-06-08 22:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-15 16:36 - 2006-06-29 13:18 - 01103600 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-15 16:29 - 2013-12-15 16:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-12-15 16:29 - 2013-12-15 15:14 - 00146039 _____ C:\WINDOWS\KB2868626.log
2013-12-15 16:29 - 2009-09-27 23:56 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-12-15 16:29 - 2006-09-17 09:17 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-12-15 16:29 - 2006-06-29 13:58 - 01310605 _____ C:\WINDOWS\tsoc.log
2013-12-15 16:29 - 2006-06-29 13:58 - 01277904 _____ C:\WINDOWS\iis6.log
2013-12-15 16:29 - 2006-06-29 13:40 - 02806675 _____ C:\WINDOWS\FaxSetup.log
2013-12-15 16:29 - 2006-06-29 13:40 - 01430287 _____ C:\WINDOWS\ocgen.log
2013-12-15 16:29 - 2006-06-29 13:40 - 00799894 _____ C:\WINDOWS\msmqinst.log
2013-12-15 16:29 - 2006-06-29 13:40 - 00789559 _____ C:\WINDOWS\comsetup.log
2013-12-15 16:29 - 2006-06-29 13:40 - 00507785 _____ C:\WINDOWS\netfxocm.log
2013-12-15 16:29 - 2006-06-29 13:40 - 00484333 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-15 16:29 - 2006-06-29 13:40 - 00334909 _____ C:\WINDOWS\plusoc.log
2013-12-15 16:29 - 2006-06-29 13:40 - 00329540 _____ C:\WINDOWS\MedCtrOC.log
2013-12-15 16:29 - 2006-06-29 13:40 - 00158193 _____ C:\WINDOWS\ehOCGen.log
2013-12-15 16:29 - 2006-06-29 13:40 - 00142667 _____ C:\WINDOWS\msgsocm.log
2013-12-15 16:29 - 2006-06-29 13:40 - 00140156 _____ C:\WINDOWS\tabletoc.log
2013-12-15 16:29 - 2006-06-29 13:40 - 00132356 _____ C:\WINDOWS\ocmsn.log
2013-12-15 16:29 - 2006-06-29 13:40 - 00001393 _____ C:\WINDOWS\imsins.log
2013-12-15 16:29 - 2006-06-29 13:39 - 00338487 _____ C:\WINDOWS\updspapi.log
2013-12-15 16:27 - 2013-12-15 16:27 - 00138323 _____ C:\WINDOWS\KB2834886.log
2013-12-15 16:27 - 2013-12-15 16:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-12-15 16:27 - 2006-06-29 13:40 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-12-15 16:26 - 2006-06-29 13:27 - 00516774 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-15 16:23 - 2013-12-15 16:23 - 00137017 _____ C:\WINDOWS\KB2900986.log
2013-12-15 16:23 - 2013-12-15 16:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-12-15 16:23 - 2013-12-15 16:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-12-15 16:23 - 2013-12-15 16:22 - 00140390 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-15 16:23 - 2013-12-15 15:05 - 00143044 _____ C:\WINDOWS\KB2847311.log
2013-12-15 16:22 - 2013-12-15 16:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-15 16:22 - 2013-12-15 15:02 - 00137769 _____ C:\WINDOWS\KB2898715.log
2013-12-15 16:21 - 2013-12-15 16:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-12-15 16:21 - 2013-12-15 16:20 - 00132986 _____ C:\WINDOWS\KB2862335.log
2013-12-15 16:20 - 2013-12-15 16:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-12-15 16:20 - 2013-12-15 16:20 - 00000000 ____D C:\WINDOWS\Temp780AE379-A210-FCB5-8BF8-C43914FD833C-Signatures
2013-12-15 16:20 - 2013-12-15 14:58 - 00134623 _____ C:\WINDOWS\KB2845187.log
2013-12-15 16:20 - 2013-04-14 16:20 - 00001700 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2013-12-15 16:20 - 2013-04-14 16:19 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-12-15 16:20 - 2013-04-14 15:06 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2013-12-15 16:19 - 2013-12-15 16:19 - 00129347 _____ C:\WINDOWS\KB2904266.log
2013-12-15 16:19 - 2013-12-15 16:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-15 16:19 - 2013-12-15 16:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-12-15 16:19 - 2013-12-15 14:58 - 00134933 _____ C:\WINDOWS\KB2876217.log
2013-12-15 16:19 - 2013-12-15 14:58 - 00134434 _____ C:\WINDOWS\KB2864063.log
2013-12-15 16:19 - 2007-03-11 15:59 - 00856492 _____ C:\WINDOWS\system32\TZLog.log
2013-12-15 16:18 - 2013-12-15 16:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-12-15 16:18 - 2011-06-10 06:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2013-12-15 16:16 - 2013-12-15 16:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-12-15 16:16 - 2013-12-15 14:51 - 00013692 _____ C:\WINDOWS\KB2862152.log
2013-12-15 16:15 - 2013-12-15 16:15 - 00006190 _____ C:\WINDOWS\KB2834905-v2.log
2013-12-15 16:15 - 2013-12-15 16:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-12-15 16:15 - 2013-12-15 16:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834905-v2_MCEUR2$
2013-12-15 16:15 - 2013-12-15 14:50 - 00013166 _____ C:\WINDOWS\KB2850869.log
2013-12-15 16:12 - 2013-12-15 16:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-12-15 16:12 - 2013-12-15 16:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-12-15 16:12 - 2013-12-15 14:48 - 00013141 _____ C:\WINDOWS\KB2859537.log
2013-12-15 16:12 - 2013-12-15 14:48 - 00012327 _____ C:\WINDOWS\KB2876331.log
2013-12-15 16:11 - 2013-12-15 16:11 - 00008043 _____ C:\WINDOWS\KB2868038.log
2013-12-15 16:11 - 2013-12-15 16:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-12-15 16:11 - 2013-12-15 16:03 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-15 16:02 - 2013-12-15 16:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-15 16:02 - 2013-12-15 16:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-15 16:02 - 2013-12-15 14:42 - 00012116 _____ C:\WINDOWS\KB2893984.log
2013-12-15 16:02 - 2013-12-15 14:42 - 00011656 _____ C:\WINDOWS\KB2893294.log
2013-12-15 16:01 - 2013-12-15 16:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-15 16:01 - 2013-12-15 16:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-12-15 16:01 - 2013-12-15 14:42 - 00010666 _____ C:\WINDOWS\KB2892075.log
2013-12-15 16:00 - 2013-12-15 15:59 - 00010807 _____ C:\WINDOWS\KB2833951.log
2013-12-15 16:00 - 2013-12-15 15:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2833951$
2013-12-15 15:58 - 2013-12-15 12:07 - 00000239 _____ C:\Documents and Settings\boss\Desktop\Forum Link.url
2013-12-15 15:55 - 2009-09-19 21:41 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2013-12-15 12:21 - 2013-12-15 12:21 - 00688992 ____R (Swearware) C:\Documents and Settings\boss\Desktop\dds.com
2013-12-15 12:03 - 2013-12-15 11:48 - 00082512 _____ C:\Documents and Settings\boss\Desktop\answer.txt
2013-12-15 11:41 - 2013-12-15 11:00 - 00000000 ____D C:\AdwCleaner
2013-12-15 11:29 - 2013-12-15 11:29 - 00002252 _____ C:\Documents and Settings\boss\Desktop\FSS.txt
2013-12-15 11:27 - 2013-12-15 11:27 - 00000904 _____ C:\Documents and Settings\boss\Desktop\JRT.txt
2013-12-15 11:22 - 2013-12-15 11:22 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-15 10:59 - 2013-12-15 10:59 - 00708597 _____ (Farbar) C:\Documents and Settings\boss\Desktop\FSS.exe
2013-12-15 10:58 - 2013-12-15 10:57 - 01034531 _____ (Thisisu) C:\Documents and Settings\boss\Desktop\JRT.exe
2013-12-15 10:55 - 2013-12-15 10:55 - 01226750 _____ C:\Documents and Settings\boss\Desktop\AdwCleaner.exe
2013-12-14 21:24 - 2013-12-14 21:24 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-12-14 18:34 - 2013-12-14 18:34 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\boss\Desktop\tdsskiller.exe
2013-12-14 14:44 - 2013-12-14 15:14 - 00760937 _____ (Farbar) C:\Documents and Settings\boss\Desktop\MiniToolBox.exe
2013-12-14 12:00 - 2013-04-13 18:18 - 00000000 __SHD C:\WINDOWS\CSC
2013-12-14 12:00 - 2006-09-17 10:21 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-12-14 12:00 - 2006-09-17 10:21 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-12-14 11:55 - 2013-12-14 11:55 - 00012300 _____ C:\ComboFix.txt
2013-12-14 11:53 - 2006-06-29 06:00 - 00000246 _____ C:\WINDOWS\system.ini
2013-12-14 11:44 - 2013-12-13 10:22 - 00000000 ____D C:\Qoobox
2013-12-13 18:00 - 2006-12-09 05:20 - 00000178 ___SH C:\Documents and Settings\Larry Hamm\ntuser.ini
2013-12-13 16:12 - 2013-12-13 16:12 - 00012978 _____ C:\WINDOWS\KB2829530-IE8.log
2013-12-13 16:08 - 2013-12-13 16:08 - 00006747 _____ C:\WINDOWS\KB2847204-IE8.log
2013-12-13 16:08 - 2013-12-13 16:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2829361$
2013-12-13 16:08 - 2013-12-13 15:57 - 00012453 _____ C:\WINDOWS\KB2829361.log
2013-12-13 16:00 - 2013-12-13 16:00 - 00000747 _____ C:\Documents and Settings\boss\Desktop\Shortcut to iexplore.exe.lnk
2013-12-13 10:40 - 2013-12-13 10:22 - 00000000 ____D C:\WINDOWS\erdnt
2013-12-13 10:24 - 2013-12-13 10:24 - 00000000 _RSHD C:\cmdcons
2013-12-13 10:24 - 2006-06-29 13:06 - 00000325 __RSH C:\boot.ini
2013-12-13 09:38 - 2013-12-13 09:38 - 00001815 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-12-13 09:38 - 2013-12-13 09:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2013-12-13 09:38 - 2013-12-13 09:32 - 00000000 ____D C:\Program Files\Google
2013-12-13 09:38 - 2013-12-13 09:32 - 00000000 ____D C:\Documents and Settings\boss\Local Settings\Application Data\Google
2013-12-13 09:32 - 2013-12-13 09:31 - 00000000 ____D C:\Documents and Settings\boss\Local Settings\Application Data\Deployment
2013-12-13 09:22 - 2013-12-13 09:22 - 00001844 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2013-12-13 09:22 - 2013-12-13 09:22 - 00001838 _____ C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2013-12-13 09:22 - 2013-12-13 09:22 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-12-13 09:22 - 2013-12-13 09:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2013-12-13 09:22 - 2013-05-20 10:41 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-12-13 08:59 - 2013-12-13 08:57 - 00009238 _____ C:\WINDOWS\KB2618444-IE8.log
2013-12-13 08:58 - 2009-09-03 22:03 - 00000000 ____D C:\WINDOWS\ie8updates
2013-12-13 08:58 - 2006-09-17 09:17 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2013-12-13 08:55 - 2006-09-17 10:56 - 00002461 _____ C:\hpqp.ini
2013-12-13 08:55 - 2006-09-17 10:56 - 00000039 _____ C:\XP_TV.ini
2013-12-13 08:55 - 2006-09-17 10:22 - 00096597 _____ C:\WINDOWS\spupdsvc.log
2013-12-13 08:52 - 2009-09-03 21:30 - 00491636 _____ C:\WINDOWS\ie8_main.log
2013-12-13 08:47 - 2009-09-03 22:00 - 00196696 _____ C:\WINDOWS\ie8.log
2013-12-12 17:43 - 2013-12-12 15:56 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-12-12 15:56 - 2013-12-12 15:56 - 00104664 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2013-12-12 15:55 - 2013-05-15 12:03 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-12-12 15:36 - 2013-09-09 21:40 - 00002325 _____ C:\Documents and Settings\Larry Hamm\Desktop\Google Chrome.lnk
2013-12-11 18:14 - 2013-12-11 18:14 - 00000000 ____D C:\Documents and Settings\boss\Application Data\Netscape
2013-12-11 17:34 - 2006-12-09 12:37 - 00000000 ____D C:\Program Files\Common Files\AOL
2013-12-11 17:33 - 2006-09-17 09:17 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2013-12-11 17:32 - 2006-12-09 12:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AOL
2013-12-11 16:57 - 2013-05-20 10:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2013-12-11 16:51 - 2012-12-19 18:23 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-11 16:51 - 2011-12-11 15:19 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-11 16:44 - 2009-09-04 12:51 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2013-12-11 16:34 - 2013-12-11 16:34 - 00000000 __SHD C:\Documents and Settings\boss\IECompatCache
2013-12-11 16:34 - 2013-05-20 08:38 - 00000000 ____D C:\Documents and Settings\boss
2013-12-11 09:32 - 2013-12-04 20:54 - 00000000 ____D C:\Documents and Settings\Larry Hamm\Local Settings\Application Data\KB4841991
2013-12-01 14:42 - 2009-09-03 21:37 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Some content of TEMP:
====================
C:\Documents and Settings\boss\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Larry Hamm\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\Larry Hamm\Local Settings\Temp\uninst.dll
C:\Documents and Settings\Larry Hamm\Local Settings\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NAV_4922.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

FRST.ADDITION.TXT

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2013 02
Ran by boss (administrator) on PC139223223129 on 21-12-2013 10:58:29
Running from C:\Documents and Settings\boss\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
() C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqtgsvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [794713 2006-06-17] (Synaptics, Inc.)
HKLM\...\Run: [NvMediaCenter] - "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] - "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe [458752 2006-05-04] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [49152 2006-02-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [High Definition Audio Property Page Shortcut] - C:\WINDOWS\system32\CHDAudPropShortcut.exe [61952 2006-06-02] (Windows ® Server 2003 DDK provider)
HKLM\...\Run: [Cpqset] - C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe [40960 2006-06-19] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKU\Administrator\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)
HKU\Default User\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)
HKU\Larry Hamm\...\Run: [Google Update] - C:\Documents and Settings\Larry Hamm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [ 2013-09-09] (Google Inc.)
HKU\Larry Hamm\...\Winlogon: [Shell] explorer.exe [ 2008-04-14] (Microsoft Corporation) <==== ATTENTION
HKU\Larry Hamm\...\Command Processor:  <===== ATTENTION!
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Vongo Tray.lnk
ShortcutTarget: Vongo Tray.lnk -> C:\Program Files\Vongo\Tray.exe (Starz)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
ShortcutTarget: HP Photosmart Premier Fast Start.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\David\Start Menu\Programs\Startup\Vongo Tray.lnk
ShortcutTarget: Vongo Tray.lnk -> C:\Program Files\Vongo\Tray.exe (Starz)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Vongo Tray.lnk
ShortcutTarget: Vongo Tray.lnk -> C:\Program Files\Vongo\Tray.exe (Starz)
BootExecute: autocheck autochk * bootdeletesdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {83018929-4490-4CE9-8D31-3CFF66F2A973} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {E8C0DAE2-19FD-473E-B3A5-115EC0D11490} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 04 C:\WINDOWS\system32\pnrpnsp.dll [58880] (Microsoft Corporation)
Winsock: Catalog5 05 C:\WINDOWS\system32\pnrpnsp.dll [58880] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226

Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Extension: (Google Docs) - C:\Documents and Settings\boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Documents and Settings\boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Documents and Settings\boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Documents and Settings\boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Documents and Settings\boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Documents and Settings\boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

========================== Services (Whitelisted) =================

R2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S3 AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [126976 2006-06-12] (Hewlett-Packard Development Company, L.P.)
R2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] ()
S4 dlcc_device; C:\WINDOWS\system32\dlcccoms.exe [538096 2007-02-14] ( )
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 MSMQ; C:\WINDOWS\system32\mqsvc.exe [4608 2009-06-22] (Microsoft Corporation)
R2 MSMQTriggers; C:\WINDOWS\system32\mqtgsvc.exe [117248 2009-06-22] (Microsoft Corporation)
S3 p2pgasvc; C:\Windows\system32\p2pgasvc.dll [105472 2008-04-14] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S4 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1251720 2008-03-08] ()
S3 WMConnectCDS; C:\Program Files\Windows Media Connect 2\wmccds.exe [855552 2005-10-06] (Microsoft Corporation)
S4 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
S4 HitmanPro37CrusaderBoot; "G:\HitmanPro.exe" /crusader:boot [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S2 PEVSystemStart; "C:\ComboFix\pev.3XE" EXEC /i "C:\ComboFix\REGT.3XE" /S "C:\ComboFix\CregB.dat"

==================== Drivers (Whitelisted) ====================

R3 5U870CAP_VID_1262&PID_25FD; C:\Windows\System32\Drivers\5U870CAP.sys [61952 2006-06-06] (Ricoh)
S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [43672 2006-12-31] (Oak Technology Inc.)
R2 ASCTRM; C:\Windows\System32\Drivers\ASCTRM.sys [8552 2006-12-09] (Windows ® 2000 DDK provider)
S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [57320 2006-05-12] (Broadcom Corporation.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [7808 2005-09-19] (Hewlett-Packard Development Company, L.P.)
S3 eabusb; C:\Windows\System32\DRIVERS\eabusb.sys [5760 2005-09-19] (Hewlett-Packard Development Company, L.P.)
R3 HdAudAddService; C:\Windows\System32\drivers\CHDAud.sys [572928 2006-06-02] (Conexant Systems Inc.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2009-08-26] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2009-08-26] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2009-08-26] (HP)
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [208000 2006-04-20] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [995712 2006-04-20] (Conexant Systems, Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [51416 2013-12-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R3 MQAC; C:\WINDOWS\system32\drivers\mqac.sys [91776 2009-06-22] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 PTDUBus; C:\Windows\System32\DRIVERS\PTDUBus.sys [29824 2008-03-11] (DEVGURU Co,LTD.)
S3 PTDUMdm; C:\Windows\System32\DRIVERS\PTDUMdm.sys [41344 2008-03-11] (DEVGURU Co,LTD.)
S3 PTDUVsp; C:\Windows\System32\DRIVERS\PTDUVsp.sys [39936 2008-03-11] (DEVGURU Co,LTD.)
S3 PTDUWWAN; C:\Windows\System32\DRIVERS\PTDUWWAN.sys [59776 2008-03-11] (DEVGURU Co,LTD.)
S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [47744 2006-07-06] ()
R2 symlcbrd; C:\WINDOWS\system32\drivers\symlcbrd.sys [10344 2007-03-25] (Symantec Corporation)
R1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
R3 w39n51; C:\Windows\System32\DRIVERS\w39n51.sys [1429632 2006-04-21] (Intel® Corporation)
S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [x]
S1 gariuocj; \??\C:\WINDOWS\system32\drivers\gariuocj.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]
S3 wanatw; system32\DRIVERS\wanatw4.sys [x]
U3 mbr; \??\C:\DOCUME~1\boss\LOCALS~1\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2013-12-21 10:58 - 2013-12-21 10:58 - 00014288 _____ C:\Documents and Settings\boss\Desktop\FRST.txt
2013-12-21 10:58 - 2013-12-21 10:58 - 00000000 ____D C:\FRST
2013-12-21 10:57 - 2013-12-21 10:57 - 00001396 _____ C:\Documents and Settings\boss\Desktop\checkup.txt
2013-12-21 10:54 - 2013-12-21 10:40 - 01325858 _____ (Farbar) C:\Documents and Settings\boss\Desktop\FRST.exe
2013-12-21 10:53 - 2013-12-21 10:32 - 00891200 _____ C:\Documents and Settings\boss\Desktop\SecurityCheck.exe
2013-12-15 16:30 - 2013-12-20 17:44 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-12-15 16:29 - 2013-12-15 16:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-12-15 16:27 - 2013-12-15 16:27 - 00138323 _____ C:\WINDOWS\KB2834886.log
2013-12-15 16:27 - 2013-12-15 16:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-12-15 16:23 - 2013-12-15 16:23 - 00137017 _____ C:\WINDOWS\KB2900986.log
2013-12-15 16:23 - 2013-12-15 16:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-12-15 16:23 - 2013-12-15 16:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-12-15 16:22 - 2013-12-15 16:23 - 00140390 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-15 16:22 - 2013-12-15 16:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-15 16:21 - 2013-12-15 16:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-12-15 16:20 - 2013-12-15 16:21 - 00132986 _____ C:\WINDOWS\KB2862335.log
2013-12-15 16:20 - 2013-12-15 16:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-12-15 16:20 - 2013-12-15 16:20 - 00000000 ____D C:\WINDOWS\Temp780AE379-A210-FCB5-8BF8-C43914FD833C-Signatures
2013-12-15 16:19 - 2013-12-15 16:19 - 00129347 _____ C:\WINDOWS\KB2904266.log
2013-12-15 16:19 - 2013-12-15 16:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-15 16:19 - 2013-12-15 16:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-12-15 16:18 - 2013-12-15 16:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-12-15 16:16 - 2013-12-15 16:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-12-15 16:15 - 2013-12-15 16:15 - 00006190 _____ C:\WINDOWS\KB2834905-v2.log
2013-12-15 16:15 - 2013-12-15 16:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-12-15 16:15 - 2013-12-15 16:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834905-v2_MCEUR2$
2013-12-15 16:12 - 2013-12-15 16:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-12-15 16:12 - 2013-12-15 16:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-12-15 16:11 - 2013-12-15 16:11 - 00008043 _____ C:\WINDOWS\KB2868038.log
2013-12-15 16:11 - 2013-12-15 16:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-12-15 16:03 - 2013-12-15 16:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-15 16:02 - 2013-12-15 16:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-15 16:02 - 2013-12-15 16:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-15 16:01 - 2013-12-15 16:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-15 16:01 - 2013-12-15 16:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-12-15 15:59 - 2013-12-15 16:00 - 00010807 _____ C:\WINDOWS\KB2833951.log
2013-12-15 15:59 - 2013-12-15 16:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2833951$
2013-12-15 15:14 - 2013-12-15 16:29 - 00146039 _____ C:\WINDOWS\KB2868626.log
2013-12-15 15:05 - 2013-12-15 16:23 - 00143044 _____ C:\WINDOWS\KB2847311.log
2013-12-15 15:02 - 2013-12-15 16:22 - 00137769 _____ C:\WINDOWS\KB2898715.log
2013-12-15 15:00 - 2013-07-02 21:12 - 00025088 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-12-15 15:00 - 2013-07-02 20:59 - 00014976 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys
2013-12-15 14:58 - 2013-12-15 16:20 - 00134623 _____ C:\WINDOWS\KB2845187.log
2013-12-15 14:58 - 2013-12-15 16:19 - 00134933 _____ C:\WINDOWS\KB2876217.log
2013-12-15 14:58 - 2013-12-15 16:19 - 00134434 _____ C:\WINDOWS\KB2864063.log
2013-12-15 14:51 - 2013-12-15 16:16 - 00013692 _____ C:\WINDOWS\KB2862152.log
2013-12-15 14:50 - 2013-12-15 16:15 - 00013166 _____ C:\WINDOWS\KB2850869.log
2013-12-15 14:48 - 2013-12-15 16:12 - 00013141 _____ C:\WINDOWS\KB2859537.log
2013-12-15 14:48 - 2013-12-15 16:12 - 00012327 _____ C:\WINDOWS\KB2876331.log
2013-12-15 14:47 - 2013-07-16 19:58 - 00123008 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-12-15 14:47 - 2013-07-16 19:58 - 00060160 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2013-12-15 14:47 - 2013-07-16 19:58 - 00046848 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2013-12-15 14:42 - 2013-12-15 16:02 - 00012116 _____ C:\WINDOWS\KB2893984.log
2013-12-15 14:42 - 2013-12-15 16:02 - 00011656 _____ C:\WINDOWS\KB2893294.log
2013-12-15 14:42 - 2013-12-15 16:01 - 00010666 _____ C:\WINDOWS\KB2892075.log
2013-12-15 14:40 - 2013-08-08 19:55 - 00144128 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2013-12-15 14:40 - 2013-08-08 19:55 - 00032384 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2013-12-15 14:40 - 2013-08-08 19:55 - 00005376 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2013-12-15 14:40 - 2009-03-18 06:02 - 00030336 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2013-12-15 12:34 - 2013-12-20 17:46 - 00004684 _____ C:\Documents and Settings\boss\Desktop\attach.zip
2013-12-15 12:31 - 2013-12-20 17:43 - 00020089 _____ C:\Documents and Settings\boss\Desktop\attach.txt
2013-12-15 12:31 - 2013-12-20 17:43 - 00012157 _____ C:\Documents and Settings\boss\Desktop\dds.txt
2013-12-15 12:21 - 2013-12-15 12:21 - 00688992 ____R (Swearware) C:\Documents and Settings\boss\Desktop\dds.com
2013-12-15 12:07 - 2013-12-15 15:58 - 00000239 _____ C:\Documents and Settings\boss\Desktop\Forum Link.url
2013-12-15 11:48 - 2013-12-15 12:03 - 00082512 _____ C:\Documents and Settings\boss\Desktop\answer.txt
2013-12-15 11:29 - 2013-12-15 11:29 - 00002252 _____ C:\Documents and Settings\boss\Desktop\FSS.txt
2013-12-15 11:27 - 2013-12-15 11:27 - 00000904 _____ C:\Documents and Settings\boss\Desktop\JRT.txt
2013-12-15 11:22 - 2013-12-15 11:22 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-15 11:00 - 2013-12-15 11:41 - 00000000 ____D C:\AdwCleaner
2013-12-15 10:59 - 2013-12-15 10:59 - 00708597 _____ (Farbar) C:\Documents and Settings\boss\Desktop\FSS.exe
2013-12-15 10:57 - 2013-12-15 10:58 - 01034531 _____ (Thisisu) C:\Documents and Settings\boss\Desktop\JRT.exe
2013-12-15 10:55 - 2013-12-15 10:55 - 01226750 _____ C:\Documents and Settings\boss\Desktop\AdwCleaner.exe
2013-12-14 21:24 - 2013-12-14 21:24 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-12-14 18:34 - 2013-12-14 18:34 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\boss\Desktop\tdsskiller.exe
2013-12-14 15:14 - 2013-12-14 14:44 - 00760937 _____ (Farbar) C:\Documents and Settings\boss\Desktop\MiniToolBox.exe
2013-12-14 11:55 - 2013-12-14 11:55 - 00012300 _____ C:\ComboFix.txt
2013-12-13 16:12 - 2013-12-13 16:12 - 00012978 _____ C:\WINDOWS\KB2829530-IE8.log
2013-12-13 16:08 - 2013-12-13 16:08 - 00006747 _____ C:\WINDOWS\KB2847204-IE8.log
2013-12-13 16:08 - 2013-12-13 16:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2829361$
2013-12-13 16:00 - 2013-12-13 16:00 - 00000747 _____ C:\Documents and Settings\boss\Desktop\Shortcut to iexplore.exe.lnk
2013-12-13 15:57 - 2013-12-13 16:08 - 00012453 _____ C:\WINDOWS\KB2829361.log
2013-12-13 10:24 - 2013-12-13 10:24 - 00000000 _RSHD C:\cmdcons
2013-12-13 10:24 - 2013-04-14 16:14 - 00000209 _____ C:\Boot.bak
2013-12-13 10:24 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-12-13 10:23 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-12-13 10:23 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-12-13 10:23 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-12-13 10:23 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-12-13 10:23 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-12-13 10:23 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-12-13 10:23 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-12-13 10:23 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-12-13 10:23 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-12-13 10:22 - 2013-12-14 11:44 - 00000000 ____D C:\Qoobox
2013-12-13 10:22 - 2013-12-13 10:40 - 00000000 ____D C:\WINDOWS\erdnt
2013-12-13 09:38 - 2013-12-13 09:38 - 00001815 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-12-13 09:38 - 2013-12-13 09:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2013-12-13 09:33 - 2013-12-21 10:43 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-13 09:33 - 2013-12-20 17:34 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-13 09:32 - 2013-12-13 09:38 - 00000000 ____D C:\Program Files\Google
2013-12-13 09:32 - 2013-12-13 09:38 - 00000000 ____D C:\Documents and Settings\boss\Local Settings\Application Data\Google
2013-12-13 09:31 - 2013-12-13 09:32 - 00000000 ____D C:\Documents and Settings\boss\Local Settings\Application Data\Deployment
2013-12-13 09:27 - 2011-06-08 22:13 - 00000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20131213-092748.backup
2013-12-13 09:22 - 2013-12-20 17:34 - 00000620 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-12-13 09:22 - 2013-12-18 08:44 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-12-13 09:22 - 2013-12-13 09:22 - 00001844 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2013-12-13 09:22 - 2013-12-13 09:22 - 00001838 _____ C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2013-12-13 09:22 - 2013-12-13 09:22 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-12-13 09:22 - 2013-12-13 09:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2013-12-13 09:22 - 2009-01-25 12:14 - 00015224 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2013-12-13 08:57 - 2013-12-13 08:59 - 00009238 _____ C:\WINDOWS\KB2618444-IE8.log
2013-12-12 15:56 - 2013-12-12 17:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-12-12 15:56 - 2013-12-12 15:56 - 00104664 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2013-12-11 18:14 - 2013-12-11 18:14 - 00000000 ____D C:\Documents and Settings\boss\Application Data\Netscape
2013-12-11 16:34 - 2013-12-21 06:54 - 00000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{64BC12A4-719C-45B0-A7A6-67F4EB9225D4}.job
2013-12-11 16:34 - 2013-12-11 16:34 - 00000000 __SHD C:\Documents and Settings\boss\IECompatCache
2013-12-04 20:54 - 2013-12-11 09:32 - 00000000 ____D C:\Documents and Settings\Larry Hamm\Local Settings\Application Data\KB4841991

==================== One Month Modified Files and Folders =======

2013-12-21 10:58 - 2013-12-21 10:58 - 00014288 _____ C:\Documents and Settings\boss\Desktop\FRST.txt
2013-12-21 10:58 - 2013-12-21 10:58 - 00000000 ____D C:\FRST
2013-12-21 10:57 - 2013-12-21 10:57 - 00001396 _____ C:\Documents and Settings\boss\Desktop\checkup.txt
2013-12-21 10:54 - 2013-09-09 21:38 - 00000998 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1856645627-3833389002-4087505884-1005UA.job
2013-12-21 10:50 - 2006-09-17 10:26 - 00265513 _____ C:\WINDOWS\setupapi.log
2013-12-21 10:49 - 2012-12-19 18:23 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-21 10:43 - 2013-12-13 09:33 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-21 10:40 - 2013-12-21 10:54 - 01325858 _____ (Farbar) C:\Documents and Settings\boss\Desktop\FRST.exe
2013-12-21 10:32 - 2013-12-21 10:53 - 00891200 _____ C:\Documents and Settings\boss\Desktop\SecurityCheck.exe
2013-12-21 06:54 - 2013-12-11 16:34 - 00000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{64BC12A4-719C-45B0-A7A6-67F4EB9225D4}.job
2013-12-21 00:43 - 2006-06-29 14:18 - 00032626 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-20 18:54 - 2013-09-09 21:38 - 00000946 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1856645627-3833389002-4087505884-1005Core.job
2013-12-20 17:46 - 2013-12-15 12:34 - 00004684 _____ C:\Documents and Settings\boss\Desktop\attach.zip
2013-12-20 17:46 - 2006-06-29 14:18 - 01238529 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-20 17:44 - 2013-12-15 16:30 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-12-20 17:43 - 2013-12-15 12:31 - 00020089 _____ C:\Documents and Settings\boss\Desktop\attach.txt
2013-12-20 17:43 - 2013-12-15 12:31 - 00012157 _____ C:\Documents and Settings\boss\Desktop\dds.txt
2013-12-20 17:34 - 2013-12-13 09:33 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-20 17:34 - 2013-12-13 09:22 - 00000620 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-12-20 17:34 - 2006-09-17 09:20 - 00051048 _____ C:\WINDOWS\system32\nvapps.xml
2013-12-20 17:34 - 2006-06-29 14:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-20 17:34 - 2006-06-29 06:04 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-12-20 17:34 - 2006-06-29 06:04 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-12-20 17:33 - 2006-06-29 14:18 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2013-12-19 12:39 - 2013-05-20 10:41 - 00524288 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2013-12-19 12:38 - 2013-05-20 08:38 - 00000178 ___SH C:\Documents and Settings\boss\ntuser.ini
2013-12-18 08:44 - 2013-12-13 09:22 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-12-15 16:36 - 2011-06-08 22:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-15 16:36 - 2006-06-29 13:18 - 01103600 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-15 16:29 - 2013-12-15 16:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-12-15 16:29 - 2013-12-15 15:14 - 00146039 _____ C:\WINDOWS\KB2868626.log
2013-12-15 16:29 - 2009-09-27 23:56 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-12-15 16:29 - 2006-09-17 09:17 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-12-15 16:29 - 2006-06-29 13:58 - 01310605 _____ C:\WINDOWS\tsoc.log
2013-12-15 16:29 - 2006-06-29 13:58 - 01277904 _____ C:\WINDOWS\iis6.log
2013-12-15 16:29 - 2006-06-29 13:40 - 02806675 _____ C:\WINDOWS\FaxSetup.log
2013-12-15 16:29 - 2006-06-29 13:40 - 01430287 _____ C:\WINDOWS\ocgen.log
2013-12-15 16:29 - 2006-06-29 13:40 - 00799894 _____ C:\WINDOWS\msmqinst.log
2013-12-15 16:29 - 2006-06-29 13:40 - 00789559 _____ C:\WINDOWS\comsetup.log
2013-12-15 16:29 - 2006-06-29 13:40 - 00507785 _____ C:\WINDOWS\netfxocm.log
2013-12-15 16:29 - 2006-06-29 13:40 - 00484333 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-15 16:29 - 2006-06-29 13:40 - 00334909 _____ C:\WINDOWS\plusoc.log
2013-12-15 16:29 - 2006-06-29 13:40 - 00329540 _____ C:\WINDOWS\MedCtrOC.log
2013-12-15 16:29 - 2006-06-29 13:40 - 00158193 _____ C:\WINDOWS\ehOCGen.log
2013-12-15 16:29 - 2006-06-29 13:40 - 00142667 _____ C:\WINDOWS\msgsocm.log
2013-12-15 16:29 - 2006-06-29 13:40 - 00140156 _____ C:\WINDOWS\tabletoc.log
2013-12-15 16:29 - 2006-06-29 13:40 - 00132356 _____ C:\WINDOWS\ocmsn.log
2013-12-15 16:29 - 2006-06-29 13:40 - 00001393 _____ C:\WINDOWS\imsins.log
2013-12-15 16:29 - 2006-06-29 13:39 - 00338487 _____ C:\WINDOWS\updspapi.log
2013-12-15 16:27 - 2013-12-15 16:27 - 00138323 _____ C:\WINDOWS\KB2834886.log
2013-12-15 16:27 - 2013-12-15 16:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-12-15 16:27 - 2006-06-29 13:40 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-12-15 16:26 - 2006-06-29 13:27 - 00516774 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-15 16:23 - 2013-12-15 16:23 - 00137017 _____ C:\WINDOWS\KB2900986.log
2013-12-15 16:23 - 2013-12-15 16:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-12-15 16:23 - 2013-12-15 16:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-12-15 16:23 - 2013-12-15 16:22 - 00140390 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-15 16:23 - 2013-12-15 15:05 - 00143044 _____ C:\WINDOWS\KB2847311.log
2013-12-15 16:22 - 2013-12-15 16:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-15 16:22 - 2013-12-15 15:02 - 00137769 _____ C:\WINDOWS\KB2898715.log
2013-12-15 16:21 - 2013-12-15 16:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-12-15 16:21 - 2013-12-15 16:20 - 00132986 _____ C:\WINDOWS\KB2862335.log
2013-12-15 16:20 - 2013-12-15 16:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-12-15 16:20 - 2013-12-15 16:20 - 00000000 ____D C:\WINDOWS\Temp780AE379-A210-FCB5-8BF8-C43914FD833C-Signatures
2013-12-15 16:20 - 2013-12-15 14:58 - 00134623 _____ C:\WINDOWS\KB2845187.log
2013-12-15 16:20 - 2013-04-14 16:20 - 00001700 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2013-12-15 16:20 - 2013-04-14 16:19 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-12-15 16:20 - 2013-04-14 15:06 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2013-12-15 16:19 - 2013-12-15 16:19 - 00129347 _____ C:\WINDOWS\KB2904266.log
2013-12-15 16:19 - 2013-12-15 16:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-15 16:19 - 2013-12-15 16:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-12-15 16:19 - 2013-12-15 14:58 - 00134933 _____ C:\WINDOWS\KB2876217.log
2013-12-15 16:19 - 2013-12-15 14:58 - 00134434 _____ C:\WINDOWS\KB2864063.log
2013-12-15 16:19 - 2007-03-11 15:59 - 00856492 _____ C:\WINDOWS\system32\TZLog.log
2013-12-15 16:18 - 2013-12-15 16:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-12-15 16:18 - 2011-06-10 06:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2013-12-15 16:16 - 2013-12-15 16:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-12-15 16:16 - 2013-12-15 14:51 - 00013692 _____ C:\WINDOWS\KB2862152.log
2013-12-15 16:15 - 2013-12-15 16:15 - 00006190 _____ C:\WINDOWS\KB2834905-v2.log
2013-12-15 16:15 - 2013-12-15 16:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-12-15 16:15 - 2013-12-15 16:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834905-v2_MCEUR2$
2013-12-15 16:15 - 2013-12-15 14:50 - 00013166 _____ C:\WINDOWS\KB2850869.log
2013-12-15 16:12 - 2013-12-15 16:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-12-15 16:12 - 2013-12-15 16:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-12-15 16:12 - 2013-12-15 14:48 - 00013141 _____ C:\WINDOWS\KB2859537.log
2013-12-15 16:12 - 2013-12-15 14:48 - 00012327 _____ C:\WINDOWS\KB2876331.log
2013-12-15 16:11 - 2013-12-15 16:11 - 00008043 _____ C:\WINDOWS\KB2868038.log
2013-12-15 16:11 - 2013-12-15 16:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-12-15 16:11 - 2013-12-15 16:03 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-15 16:02 - 2013-12-15 16:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-15 16:02 - 2013-12-15 16:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-15 16:02 - 2013-12-15 14:42 - 00012116 _____ C:\WINDOWS\KB2893984.log
2013-12-15 16:02 - 2013-12-15 14:42 - 00011656 _____ C:\WINDOWS\KB2893294.log
2013-12-15 16:01 - 2013-12-15 16:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-15 16:01 - 2013-12-15 16:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-12-15 16:01 - 2013-12-15 14:42 - 00010666 _____ C:\WINDOWS\KB2892075.log
2013-12-15 16:00 - 2013-12-15 15:59 - 00010807 _____ C:\WINDOWS\KB2833951.log
2013-12-15 16:00 - 2013-12-15 15:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2833951$
2013-12-15 15:58 - 2013-12-15 12:07 - 00000239 _____ C:\Documents and Settings\boss\Desktop\Forum Link.url
2013-12-15 15:55 - 2009-09-19 21:41 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2013-12-15 12:21 - 2013-12-15 12:21 - 00688992 ____R (Swearware) C:\Documents and Settings\boss\Desktop\dds.com
2013-12-15 12:03 - 2013-12-15 11:48 - 00082512 _____ C:\Documents and Settings\boss\Desktop\answer.txt
2013-12-15 11:41 - 2013-12-15 11:00 - 00000000 ____D C:\AdwCleaner
2013-12-15 11:29 - 2013-12-15 11:29 - 00002252 _____ C:\Documents and Settings\boss\Desktop\FSS.txt
2013-12-15 11:27 - 2013-12-15 11:27 - 00000904 _____ C:\Documents and Settings\boss\Desktop\JRT.txt
2013-12-15 11:22 - 2013-12-15 11:22 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-15 10:59 - 2013-12-15 10:59 - 00708597 _____ (Farbar) C:\Documents and Settings\boss\Desktop\FSS.exe
2013-12-15 10:58 - 2013-12-15 10:57 - 01034531 _____ (Thisisu) C:\Documents and Settings\boss\Desktop\JRT.exe
2013-12-15 10:55 - 2013-12-15 10:55 - 01226750 _____ C:\Documents and Settings\boss\Desktop\AdwCleaner.exe
2013-12-14 21:24 - 2013-12-14 21:24 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-12-14 18:34 - 2013-12-14 18:34 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\boss\Desktop\tdsskiller.exe
2013-12-14 14:44 - 2013-12-14 15:14 - 00760937 _____ (Farbar) C:\Documents and Settings\boss\Desktop\MiniToolBox.exe
2013-12-14 12:00 - 2013-04-13 18:18 - 00000000 __SHD C:\WINDOWS\CSC
2013-12-14 12:00 - 2006-09-17 10:21 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-12-14 12:00 - 2006-09-17 10:21 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-12-14 11:55 - 2013-12-14 11:55 - 00012300 _____ C:\ComboFix.txt
2013-12-14 11:53 - 2006-06-29 06:00 - 00000246 _____ C:\WINDOWS\system.ini
2013-12-14 11:44 - 2013-12-13 10:22 - 00000000 ____D C:\Qoobox
2013-12-13 18:00 - 2006-12-09 05:20 - 00000178 ___SH C:\Documents and Settings\Larry Hamm\ntuser.ini
2013-12-13 16:12 - 2013-12-13 16:12 - 00012978 _____ C:\WINDOWS\KB2829530-IE8.log
2013-12-13 16:08 - 2013-12-13 16:08 - 00006747 _____ C:\WINDOWS\KB2847204-IE8.log
2013-12-13 16:08 - 2013-12-13 16:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2829361$
2013-12-13 16:08 - 2013-12-13 15:57 - 00012453 _____ C:\WINDOWS\KB2829361.log
2013-12-13 16:00 - 2013-12-13 16:00 - 00000747 _____ C:\Documents and Settings\boss\Desktop\Shortcut to iexplore.exe.lnk
2013-12-13 10:40 - 2013-12-13 10:22 - 00000000 ____D C:\WINDOWS\erdnt
2013-12-13 10:24 - 2013-12-13 10:24 - 00000000 _RSHD C:\cmdcons
2013-12-13 10:24 - 2006-06-29 13:06 - 00000325 __RSH C:\boot.ini
2013-12-13 09:38 - 2013-12-13 09:38 - 00001815 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-12-13 09:38 - 2013-12-13 09:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2013-12-13 09:38 - 2013-12-13 09:32 - 00000000 ____D C:\Program Files\Google
2013-12-13 09:38 - 2013-12-13 09:32 - 00000000 ____D C:\Documents and Settings\boss\Local Settings\Application Data\Google
2013-12-13 09:32 - 2013-12-13 09:31 - 00000000 ____D C:\Documents and Settings\boss\Local Settings\Application Data\Deployment
2013-12-13 09:22 - 2013-12-13 09:22 - 00001844 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2013-12-13 09:22 - 2013-12-13 09:22 - 00001838 _____ C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2013-12-13 09:22 - 2013-12-13 09:22 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-12-13 09:22 - 2013-12-13 09:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2013-12-13 09:22 - 2013-05-20 10:41 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-12-13 08:59 - 2013-12-13 08:57 - 00009238 _____ C:\WINDOWS\KB2618444-IE8.log
2013-12-13 08:58 - 2009-09-03 22:03 - 00000000 ____D C:\WINDOWS\ie8updates
2013-12-13 08:58 - 2006-09-17 09:17 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2013-12-13 08:55 - 2006-09-17 10:56 - 00002461 _____ C:\hpqp.ini
2013-12-13 08:55 - 2006-09-17 10:56 - 00000039 _____ C:\XP_TV.ini
2013-12-13 08:55 - 2006-09-17 10:22 - 00096597 _____ C:\WINDOWS\spupdsvc.log
2013-12-13 08:52 - 2009-09-03 21:30 - 00491636 _____ C:\WINDOWS\ie8_main.log
2013-12-13 08:47 - 2009-09-03 22:00 - 00196696 _____ C:\WINDOWS\ie8.log
2013-12-12 17:43 - 2013-12-12 15:56 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-12-12 15:56 - 2013-12-12 15:56 - 00104664 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2013-12-12 15:55 - 2013-05-15 12:03 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-12-12 15:36 - 2013-09-09 21:40 - 00002325 _____ C:\Documents and Settings\Larry Hamm\Desktop\Google Chrome.lnk
2013-12-11 18:14 - 2013-12-11 18:14 - 00000000 ____D C:\Documents and Settings\boss\Application Data\Netscape
2013-12-11 17:34 - 2006-12-09 12:37 - 00000000 ____D C:\Program Files\Common Files\AOL
2013-12-11 17:33 - 2006-09-17 09:17 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2013-12-11 17:32 - 2006-12-09 12:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AOL
2013-12-11 16:57 - 2013-05-20 10:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2013-12-11 16:51 - 2012-12-19 18:23 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-11 16:51 - 2011-12-11 15:19 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-11 16:44 - 2009-09-04 12:51 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2013-12-11 16:34 - 2013-12-11 16:34 - 00000000 __SHD C:\Documents and Settings\boss\IECompatCache
2013-12-11 16:34 - 2013-05-20 08:38 - 00000000 ____D C:\Documents and Settings\boss
2013-12-11 09:32 - 2013-12-04 20:54 - 00000000 ____D C:\Documents and Settings\Larry Hamm\Local Settings\Application Data\KB4841991
2013-12-01 14:42 - 2009-09-03 21:37 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Some content of TEMP:
====================
C:\Documents and Settings\boss\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Larry Hamm\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\Larry Hamm\Local Settings\Temp\uninst.dll
C:\Documents and Settings\Larry Hamm\Local Settings\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NAV_4922.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================



#6 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:28 PM

Posted 21 December 2013 - 11:58 AM

Looks like you posted FRST.txt twice.  I need to see the Addition.txt please.


Best Regards,
oneof4.


#7 Gordon C

Gordon C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:09:28 PM

Posted 21 December 2013 - 05:22 PM

ooopsie...  addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-12-2013 02
Ran by boss at 2013-12-21 10:59:52
Running from C:\Documents and Settings\boss\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton AntiVirus (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Help Center 2.1 (Version: 2.1)
Adobe Photoshop Album 2.0 Starter Edition (Version: 2.00.000)
Adobe Photoshop Elements 5.0 (Version: 5.0)
Adobe Reader 7.0.5 (Version: 7.0.5)
AiO_Scan_CDA (Version: 70.0.231.000)
AiOSoftwareNPI (Version: 70.0.231.000)
AOL You've Got Pictures Screensaver
AutoUpdate (Version: 1.0)
BufferChm (Version: 70.0.170.000)
C3100 (Version: 70.0.231.000)
c3100_Help (Version: 70.0.231.000)
Conexant HD Audio
CP_AtenaShokunin1Config (Version: 60.0.155.000)
CP_CalendarTemplates1 (Version: 60.0.155.000)
cp_LightScribeConfig (Version: 60.0.155.000)
cp_OnlineProjectsConfig (Version: 60.0.155.000)
CP_Package_Basic1 (Version: 60.0.155.000)
CP_Package_Variety1 (Version: 60.0.155.000)
CP_Package_Variety2 (Version: 60.0.155.000)
CP_Package_Variety3 (Version: 60.0.155.000)
CP_Panorama1Config (Version: 60.0.155.000)
cp_PosterPrintConfig (Version: 60.0.155.000)
cp_UpdateProjectsConfig (Version: 60.0.155.000)
CueTour (Version: 60.0.155.000)
Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680)
CustomerResearchQFolder (Version: 1.00.0000)
Destinations (Version: 70.0.170.000)
DeviceFunctionQFolder (Version: 1.00.0000)
DeviceManagementQFolder (Version: 1.00.0000)
DivX (Version: 5.2.1)
DocProc (Version: 7.0.0.0)
DocProcQFolder (Version: 1.00.0000)
EA Download Manager (Version: 7.0.0.59)
Easy Internet Sign-up (Version: FE UI-4.1.0.1680)
ESPNMotion (Version: 2.1.6.0011)
Fax_CDA (Version: 70.0.231.000)
FullDPAppQFolder (Version: 1.00.0000)
GemMaster Mystic
Google Chrome (Version: 31.0.1650.63)
Google Update Helper (Version: 1.3.22.3)
HP Customer Participation Program 7.0 (Version: 7.0)
HP Deskjet 3900 series (Version: 5.0)
HP Help and Support (Version: 4.2.0013)
HP Imaging Device Functions 7.0 (Version: 7.0)
HP Pavilion Webcam Demo (Version: 2.00.0000)
HP Photosmart Essential (Version: 1.9.1.3)
HP Photosmart Premier Software 6.0 (Version: 6.0)
HP Photosmart, Officejet and Deskjet 7.0.A
HP Quick Launch Buttons 6.10 A2 (Version: 6.10 A2)
HP QuickPlay 2.3
HP Rhapsody
HP Solution Center 7.0 (Version: 7.0)
HP Update (Version: 4.000.000.004)
HP User Guides 0036 (Version: 1.02.0000)
HP Wireless Assistant 2.00 G2 (Version: 2.00 G2)
HPDeskjet3900Series (Version: 1.00.0000)
HPPhotoSmartExpress (Version: 70.0.170.000)
HPProductAssistant (Version: 70.0.170.000)
HpSdpAppCoreApp (Version: 3.00.0000)
InstantShareDevices (Version: 60.0.155.000)
InstantShareDevicesMFC (Version: 70.0.170.000)
Intel® PRO Network Connections Drivers
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
LightScribe  1.4.97.1 (Version: 1.4.97.1)
Macromedia Shockwave Player (Version: 10.1.1.016)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 70.0.170.000)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.0 Security Update (KB2833951)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Money 2006 (Version: 15)
Microsoft Office 2000 Professional (Version: 9.00.2720)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Web Publishing Wizard 1.52
Microsoft Works (Version: 08.04.0623)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
muvee autoProducer 5.0 (Version: 5.00.050)
My HP Games (Version: HPLAP0202)
Netscape Browser (remove only)
NetWaiting (Version: 2.5.33)
NewCopy_CDA (Version: 70.0.231.000)
NVIDIA Drivers
OCR Software by I.R.I.S 7.0 (Version: 7.0)
Office 2003 Trial Assistant (Version: 1.0.0)
OptionalContentQFolder (Version: 1.00.0000)
Otto
PanoStandAlone (Version: 70.0.170.000)
PANTECH UM175 Driver (Version: 3.0.14.517)
PhotoGallery (Version: 60.0.155.000)
ProductContextNPI (Version: 70.0.231.000)
Quicken 2006 (Version: 15.1.4.5)
QuickTime
RandMap (Version: 60.0.155.000)
Readme (Version: 70.0.231.000)
RealPlayer Basic
Scan (Version: 7.0.0.0)
ScannerCopy (Version: 7.0.0.0)
SkinsHP1 (Version: 60.0.155.000)
Soft Data Fax Modem with SmartCP
SolutionCenter (Version: 70.0.170.000)
Sonic Audio Module (Version: 2.0.4)
Sonic Copy Module (Version: 2.0.4)
Sonic Data Module (Version: 2.0.4)
Sonic Express Labeler (Version: 2.0.0)
Sonic MyDVD Plus (Version: 6.2.0)
Sonic Update Manager (Version: 3.0.0)
Sonic_PrimoSDK (Version: 60.0.155.000)
SonicAC3Encoder (Version: 1.00.0000)
SonicMPEGEncoder (Version: 1.00.0000)
Spybot - Search & Destroy (Version: 2.0.12)
Status (Version: 70.0.170.000)
Symantec KB-DocID:2003093015493306 (Version: 1.0.0.1)
Synaptics Pointing Device Driver (Version: 8.3.8.0)
TermPlus (Version: 1.0.0)
The Print Shop 22 (Version: 22.00.0000)
Toolbox (Version: 70.0.170.000)
TrayApp (Version: 70.0.170.000)
Unload (Version: 7.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
Vongo (Version: 1.31.02)
VZAccess Manager (Version: 6.8.1)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 70.0.170.000)
WildTangent Web Driver
Windows Genuine Advantage Validation Tool
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Connect
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB915381
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
Wireless Home Network Setup (Version: 1.1.154.1)

==================== Restore Points  =========================

23-09-2013 15:29:04 System Checkpoint
24-09-2013 17:09:52 System Checkpoint
26-09-2013 14:32:16 System Checkpoint
27-09-2013 17:35:41 System Checkpoint
29-09-2013 17:26:09 System Checkpoint
01-10-2013 03:41:03 System Checkpoint
02-10-2013 11:06:01 System Checkpoint
04-10-2013 12:02:11 System Checkpoint
07-10-2013 13:44:54 System Checkpoint
08-10-2013 15:37:45 System Checkpoint
09-10-2013 16:08:39 System Checkpoint
10-10-2013 19:38:51 System Checkpoint
11-10-2013 20:43:55 System Checkpoint
13-10-2013 14:35:16 System Checkpoint
14-10-2013 16:09:47 System Checkpoint
15-10-2013 19:50:38 System Checkpoint
21-10-2013 14:16:57 System Checkpoint
22-10-2013 15:15:20 System Checkpoint
23-10-2013 21:30:09 System Checkpoint
25-10-2013 13:49:36 System Checkpoint
27-10-2013 09:01:14 System Checkpoint
28-10-2013 11:36:56 System Checkpoint
29-10-2013 12:21:28 System Checkpoint
30-10-2013 12:46:47 System Checkpoint
01-11-2013 05:23:41 System Checkpoint
03-11-2013 19:47:04 System Checkpoint
04-11-2013 20:58:35 System Checkpoint
07-11-2013 12:42:28 System Checkpoint
08-11-2013 12:45:58 System Checkpoint
12-11-2013 08:19:47 System Checkpoint
19-11-2013 16:46:42 System Checkpoint
20-11-2013 16:57:05 System Checkpoint
21-11-2013 17:58:33 System Checkpoint
22-11-2013 19:52:44 System Checkpoint
25-11-2013 14:19:13 System Checkpoint
27-11-2013 20:24:43 System Checkpoint
03-12-2013 02:27:34 System Checkpoint
04-12-2013 03:11:15 System Checkpoint
11-12-2013 17:30:25 System Checkpoint
11-12-2013 21:44:29 Removed TourSetup
12-12-2013 23:03:23 System Checkpoint
13-12-2013 13:47:16 Installed Windows Internet Explorer 8.
13-12-2013 13:58:49 Installed Windows XP KB2618444.
13-12-2013 21:07:48 Software Distribution Service 3.0
14-12-2013 21:44:02 System Checkpoint
15-12-2013 07:52:38 Software Distribution Service 3.0
15-12-2013 20:54:06 Software Distribution Service 3.0
16-12-2013 21:42:41 System Checkpoint
16-12-2013 21:50:59 Software Distribution Service 3.0
17-12-2013 23:00:06 System Checkpoint
18-12-2013 19:16:09 Software Distribution Service 3.0
20-12-2013 22:45:08 Software Distribution Service 3.0

==================== Hosts content: ==========================

2006-03-15 23:00 - 2013-12-13 09:27 - 00450543 ___RA C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1856645627-3833389002-4087505884-1005Core.job => C:\Documents and Settings\Larry Hamm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1856645627-3833389002-4087505884-1005UA.job => C:\Documents and Settings\Larry Hamm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{64BC12A4-719C-45B0-A7A6-67F4EB9225D4}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2013-12-13 09:22 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2013-12-13 09:22 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-12-13 09:22 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-12-13 09:22 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-12-13 09:22 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2006-07-20 00:58 - 2006-07-20 00:58 - 00466944 _____ () C:\WINDOWS\system32\nvshell.dll
2013-12-15 16:29 - 2013-12-15 16:29 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_2eb82c79\mscorlib.dll
2013-12-15 16:29 - 2013-12-15 16:29 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_5c9f5cf4\system.windows.forms.dll
2013-12-15 16:29 - 2013-12-15 16:29 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_0ec8e3cd\system.drawing.dll
2013-12-15 16:28 - 2013-12-15 16:28 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_622684af\system.dll
2013-12-15 16:29 - 2013-12-15 16:29 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_12e82c52\system.xml.dll
2013-12-13 09:22 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2005-05-13 00:40 - 2005-05-13 00:40 - 00065536 ____R () C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
2005-05-13 00:40 - 2005-05-13 00:40 - 00077824 ____R () C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/15/2013 04:45:24 PM) (Source: Application Error) (User: )
Description: Faulting application hpqste08.exe, version 70.0.170.0, faulting module unknown, version 0.0.0.0, fault address 0x00a95fac.
Processing media-specific event for [hpqste08.exe!ws!]

Error: (12/15/2013 02:32:15 PM) (Source: Application Error) (User: )
Description: Faulting application hpqste08.exe, version 70.0.170.0, faulting module unknown, version 0.0.0.0, fault address 0x00aa39e4.
Processing media-specific event for [hpqste08.exe!ws!]

Error: (12/15/2013 02:22:00 PM) (Source: MsiInstaller) (User: PC139223223129)
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional.  The Windows installer cannot continue.

Error: (12/15/2013 02:21:47 PM) (Source: MsiInstaller) (User: PC139223223129)
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional.  The Windows installer cannot continue.

Error: (12/15/2013 00:21:19 PM) (Source: MsiInstaller) (User: PC139223223129)
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional.  The Windows installer cannot continue.

Error: (12/15/2013 00:21:02 PM) (Source: MsiInstaller) (User: PC139223223129)
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional.  The Windows installer cannot continue.

Error: (12/15/2013 00:20:39 PM) (Source: MsiInstaller) (User: PC139223223129)
Description: Product: Microsoft Office 2000 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 Professional.  The Windows installer cannot continue.

Error: (12/15/2013 11:44:29 AM) (Source: Application Error) (User: )
Description: Faulting application hpqste08.exe, version 70.0.170.0, faulting module unknown, version 0.0.0.0, fault address 0x00aa75b1.
Processing media-specific event for [hpqste08.exe!ws!]

Error: (12/15/2013 11:21:07 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/15/2013 11:11:47 AM) (Source: Application Error) (User: )
Description: Faulting application hpqste08.exe, version 70.0.170.0, faulting module unknown, version 0.0.0.0, fault address 0x00aa2553.
Processing media-specific event for [hpqste08.exe!ws!]

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 2045.98 MB
Available physical RAM: 1264.58 MB
Total Pagefile: 3937.34 MB
Available Pagefile: 3300.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.66 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:61.82 GB) (Free:31.57 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Data) (Fixed) (Total:74.53 GB) (Free:74.25 GB) NTFS
Drive e: (HP_RECOVERY) (Fixed) (Total:11.67 GB) (Free:1.33 GB) FAT32 ==>[Drive with boot components (Windows XP)]
Drive g: (USB20FD) (Removable) (Total:7.52 GB) (Free:6.33 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 75 GB) (Disk ID: 282D282D)
Partition 1: (Active) - (Size=62 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=0C)
Partition 3: (Not Active) - (Size=1 GB) - (Type=D7)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 2A01FB17)
Partition 1: (Not Active) - (Size=75 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=8 GB) - (Type=0C)

==================== End Of Log ============================



#8 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:28 PM

Posted 21 December 2013 - 08:13 PM

Hey :)

 

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Also, update me on how your system is performing after running the fix.

Attached Files


Best Regards,
oneof4.


#9 Gordon C

Gordon C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:09:28 PM

Posted 22 December 2013 - 08:19 AM

Point of clarification: I should run the 64 bit version of FRST on 32 bit platform?



#10 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:28 PM

Posted 22 December 2013 - 08:37 AM

No, you would run FRST.exe for your platform.  I don't think FRST64 will even run on XP, neither will FRST run on Win7 or 8.


Best Regards,
oneof4.


#11 Gordon C

Gordon C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:09:28 PM

Posted 22 December 2013 - 10:01 AM

Right... extra  geeky me saw FRST/FRST64 as a folder heirarchy rather than a choice.... lol

 

When I open IE8 we get a notification that someone/something has tried to change the default search engine and then the add-on management console opens. Still can't change the default browser.

 

Still get the warning about XSS and potentially malicious url.

 

Do NOT get the Office 2K installer wizard anymore.

 

FIXLOG.TXT FOLLOWS

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-12-2013 02
Ran by boss at 2013-12-22 09:34:26 Run:1
Running from C:\Documents and Settings\boss\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\Larry Hamm\...\Winlogon: [Shell] explorer.exe [ 2008-04-14] (Microsoft Corporation) <==== ATTENTION
HKU\Larry Hamm\...\Command Processor:  <===== ATTENTION!
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {83018929-4490-4CE9-8D31-3CFF66F2A973} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {E8C0DAE2-19FD-473E-B3A5-115EC0D11490} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
C:\Documents and Settings\boss\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Larry Hamm\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\Larry Hamm\Local Settings\Temp\uninst.dll
C:\Documents and Settings\Larry Hamm\Local Settings\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NAV_4922.exe

*****************

HKU\Larry Hamm\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Larry Hamm\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{83018929-4490-4CE9-8D31-3CFF66F2A973} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{83018929-4490-4CE9-8D31-3CFF66F2A973} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E8C0DAE2-19FD-473E-B3A5-115EC0D11490} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E8C0DAE2-19FD-473E-B3A5-115EC0D11490} => Key not found.
C:\Documents and Settings\boss\Local Settings\Temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\Larry Hamm\Local Settings\Temp\AskSLib.dll => Moved successfully.
C:\Documents and Settings\Larry Hamm\Local Settings\Temp\uninst.dll => Moved successfully.
C:\Documents and Settings\Larry Hamm\Local Settings\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NAV_4922.exe => Moved successfully.

==== End of Fixlog ====



#12 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:28 PM

Posted 22 December 2013 - 11:59 PM

Hey Gordon C, :)
 
I notice that in your initial help thread, the helper had you run TDSSKiller and it actually discovered the TDSS file system on your computer.  Let's re-run that scan, but this time we'll let TDSSKiller perform the removal procedure:
 
===================================================

Running TDSSKiller with Changed Parameters

--------------------

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now

2012081514h0118.png

  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • If threats are detected select Cure for all of them if it's available, if it's not then choose Delete.
  • Click Continue

tds6.jpg

  • Click Reboot computer
  • Please Copy and Paste in your reply the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

Best Regards,
oneof4.


#13 Gordon C

Gordon C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:09:28 PM

Posted 23 December 2013 - 02:05 PM

Tried to copy/paste the log file but resulted in error "post too long" so the file is attached.

Attached Files



#14 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:28 PM

Posted 23 December 2013 - 02:56 PM

How is the system behaving now?


Best Regards,
oneof4.


#15 Gordon C

Gordon C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:09:28 PM

Posted 23 December 2013 - 11:45 PM

Our biggest benefit so far is the cessation of the Office 2K installer every time we turn around. Browser behavior is unchanged. Every time we open IE we get the notice that something has tried to tinker with our default search engine and then opens the add-on management console so we can fix it, but you can't fix anything in that console. Default search can't be changed.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users